Sun Java System Calendar Server 6 2005Q4 Administration Guide

LDAP Attributes and Property Names

The following tables describe the LDAP attributes and property names that apply to the csdomain utility. These attributes are part of the icsCalendarDomain object class. When you add or delete a value, you must use the property name and not the attribute name.

If you add or update domain LDAP attributes using csdomain, restart Calendar Server for the new values to take effect.

icsAllowRights Attribute: csdomain Utility

LDAP Attributes and Property Names describes the icsAllowRights attribute and properties that you can set with the csdomain utility. This attribute is a 32-bit numeric string, with each bit in the string corresponding to a specific user right. (In the current release, some bits are not used and are set to zero by default.) If a bit corresponding to a specific right is set (value=1), the right is not allowed. If the bit is not set (value=0), the right is allowed.

Each property in the icsAllowRights attribute has a corresponding ics.conf parameter. If a property is not set (value = 0) or is not present (service.virtualdomain.support = “no”), Calendar Server uses the corresponding ics.conf parameter as the default value.

The value for icsAllowRights is a numeric string and not an integer. To use icsAllowRights programmatically in bitwise operations, you must first convert its string value to an integer.

Table D–15 icsAllowRights LDAP Directory Attribute and Properties

Bit  

Property Name  

Description  

allowCalendarCreation 

If set (bit 0=1), do not allow calendars to be created. 

Corresponding ics.conf parameter: 

service.wcap.allowcreatecalendars 

allowCalendarDeletion 

If set (bit 1=1), do not allow calendars to be deleted. 

Corresponding ics.conf parameter: 

service.wcap.allowdeletecalendars 

allowPublicWritableCalendars  

If set (bit 2=1), do not allow public writable calendars. 

Corresponding ics.conf parameter: 

service.wcap.allowpublicwriteablecalendars 

 

Not used in the current release. 

allowModifyUserPreferences 

If set (bit 4=1), do not allow domain administrators to get or set user preferences using WCAP commands. 

Corresponding ics.conf parameter: 

service.admin.calmaster.wcap.allowgetmodifyuserprefs 

allowModifyPassword 

If set (bit 5=1), do not allow user to change password via this server. 

Corresponding ics.conf parameter: 

service.wcap.allowchangepassword 

 

Not used in the current release. 

 

Not used in the current release. 

allowUserDoubleBook 

If set (bit 8=1), do not allow double booking for user’s calendars. 

Corresponding ics.conf parameter: 

user.allow.doublebook

allowResourceDoubleBook 

If set (bit 9=1), do not allow double booking for resource calendars. 

Corresponding ics.conf parameter: 

resource.allow.doublebook 

10 

allowSetCn 

If set (bit 10=1), do not allow user to set the common name (cn) attribute using the WCAP set_userprefs command. 

Corresponding ics.conf parameter: 

service.wcap.allowsetprefs.cn 

11 

allowSetGivenName 

If set (bit 11=1), do not allow user to set the givenName attribute using the WCAP set_userprefs command. 

Corresponding ics.conf parameter: 

service.wcap.allowsetprefs.givenname

12 

allowSetGivenMail 

If set (bit 12=1), do not allow user to set the mail attribute using the WCAP set_userprefs command. 

Corresponding ics.conf parameter: 

service.wcap.allowsetprefs.mail

13 

allowSetPrefLang 

If set (bit 13=1), do not allow user to set the preferredLanguage attribute using the WCAP set_userprefs command. 

Corresponding ics.conf parameter: 

service.wcap.allowsetprefs.preferredlanguage 

14 

allowSetSn 

If set (bit 14=1), do not allow user to set the surname (sn) attribute using the WCAP set_userprefs command. 

Corresponding ics.conf parameter: 

service.wcap.allowsetprefs.sn 

15–31 

 

Not used in the current release. 

icsExtendedDomainPrefs Attribute: csdomain Utility

The following table describes the icsExtendedDomainPrefs attribute and properties that you can set with the csdomain utility. Each property has a corresponding ics.conf parameter. If a property is not set (value = 0, service.virtualdomain.support=“no”), or is not present, Calendar Server uses the corresponding ics.conf parameter as the default value.

Table D–16 icsExtendedDomainPrefs LDAP Directory Attribute

Property Name  

Description  

allowProxyLogin 

Specifies "yes" or "no" whether to allow proxy logins. 

Corresponding ics.conf parameter: 

service.http.allowadminproxy (default = "no") 

calmasterAccessOverride 

Specifies "yes" or "no" whether the Calendar Server administrator can override access control. 

Corresponding ics.conf parameter: 

service.admin.calmaster.overrides.accesscontrol (default = "no") 

calmasterCred 

Specifies an ASCII string that is the password of the user ID specified as the Calendar Server domain administrator. 

Corresponding ics.conf parameter: 

service.admin.calmaster.cred (no default) 

calmasterUid 

Specifies an ASCII string that is the user ID of the person designated as the Calendar Server domain administrator. 

Corresponding ics.conf parameter: 

service.admin.calmaster.userid (no default) 

createLowercase 

Specifies "yes" or "no" whether Calendar Server should convert a calendar ID (calid) to lowercase when creating a new calendar or when searching for a calendar 

Corresponding ics.conf parameter: 

calstore.calendar.create.lowercase (default = "no") 

domainAccess 

Specifies an access control list (ACL) for the domain. For information about ACLs, see Access Control Lists (ACLs).

This ACL is used for cross domain searches. For more information, see Cross Domain Searches.

fbIncludeDefCal 

Specifies "yes" or "no" whether a user’s default calendar is included in user’s free/busy calendar list. 

Corresponding ics.conf parameter: 

calstore.freebusy.include.defaultcalendar (default = "yes") 

filterPrivateEvents 

Specifies "yes" or "no" whether Calendar Server filters (recognizes) Private and Time and Date Only (confidential) events and tasks. If "no", Calendar Server treats them the same as Public events and tasks.

Corresponding ics.conf parameter: 

calstore.filterprivateevents (default = "yes") 

groupMaxSize 

Specifies the maximum number of attendees allowed in an LDAP group when expanding an event. 

Corresponding ics.conf parameter: 

calstore.group.attendee.maxsize (default is "0" – expand the group entirely) 

language 

Specifies the language for a domain. 

Corresponding ics.conf parameter: 

local.domain.language 

resourceDefaultAcl 

Specifies an access control list (ACL) that is the default access control permissions used when a resource calendar is created. 

Corresponding ics.conf parameter: 

resource.default.acl (default is  

"@@o^a^r^g;@@o^c^wdeic^g;
@^a^rsf^g"

setPublicRead 

Specifies whether user default calendars are initially set to public read/private write ("yes") or private read/private write ("no"). 

Corresponding ics.conf parameter: 

service.wcap.login.calendar.publicread (default = "no") 

searchFilter 

Specifies a search filter for finding a user. 

Corresponding ics.conf parameter: 

local.userSearchFilter 

ssoCookieDomain 

Specifies that the browser should send a cookie only to servers in the specified domain. The value must begin with a period (.). For example: ".sesta.com" 

Corresponding ics.conf parameter: 

sso.cookiedomain (default is the current domain) 

ssoUserDomain 

Specifies the domain used as part of the user’s SSO authentication. 

Corresponding ics.conf parameter: 

sso.userdomain (no default) 

subIncludeDefCal 

Specifies "yes" or "no" whether a user’s default calendar is included in the user’s subscribed calendar list. 

Corresponding ics.conf parameter: 

calstore.subscribed.include.defaultcalendar (default = "yes") 

uiAllowAnyone 

Specifies "yes" or "no" whether the user interface should show and use the "Everybody" access control list (ACL). 

Corresponding ics.conf parameter: 

ui.allow.anyone (default = "yes")

uiAllowDomain 

Specifies "yes" or "no" whether the user interface should show and use the access control list (ACL) for this domain. 

Corresponding ics.conf parameter: 

ui.allow.domain (default = "no")

uiBaseUrl 

Specifies a URL for the base server address. For example: "https://proxyserver".

Corresponding ics.conf parameter: 

ui.base.url (no default)

uiConfigFile 

Specifies an optional xml based configuration file that Calendar Server can read at startup that allows parts of the user interface to be hidden.

Corresponding ics.conf parameter: 

ui.config.file (no default)

uiProxyURL 

Specifies a URL for the proxy server address to prepend in an HTML UI JavaScript file. For example: "https://web_portal.sesta.com/"

Corresponding ics.conf parameter: 

ui.proxyaddress.url (no default)

Other LDAP Directory Attributes: csdomain Utility

The following table describes other LDAP attributes and properties that you can set with the csdomain utility.

Table D–17 Other LDAP Directory Attributes for the csdomain Utility

LDAP Attribute  

Property Name 

Description  

icsAllowedServiceAccess 

allowedAccessProtocols 

Specifies whether access to Calendar Server is allowed. If set to “http”, access is denied. If set to any other value, access is allowed. 

Calendar Server uses this attribute only if the icsStatus attribute is not set. 

icsDefaultAccess 

userDefaultAcl 

Specifies the ACL for a newly created user calendar. 

Corresponding ics.conf parameter: 

calstore.calendar.default.acl 

icsDomainNames 

searchDomainNames 

Specifies the external domains that this domain can search when looking for calendars or users. 

Corresponding ics.conf parameter: none 

icsDWPBackEndHosts 

(undefined) 

Specifies the default back-end host (DNS name) for a user if a host name is not explicitly provided. This attribute is used when Calendar Server is in LDAP CLD mode. 

icsStatus 

statusCalendarDomain 

Specifies that status of Calendar Server: 

  • active–Calendar Server is accessible.

  • inactive–Calendar Server is inaccessible. Calendars remain in the database and Calendar Server LDAP attributes remain unchanged.

  • deleted–Calendar Server is inaccessible. because the person is marked as deleted.

  • removed–Calendars have been removed from the calendar database.

    If icsStatus is set, its value overrides the icsAllowedServiceAccess attribute.

    If icsStatus is not set, Calendar Server uses the icsAllowedServiceAccess attribute.

icsTimezone 

timezone 

Specifies the default time-zone ID. For example, America/New_York or Asia/Tokyo. 

For the supported time zones, refer to the timezones.ics file.