Chapter 3 Messaging Server and Calendar Server Attributes
This chapter describes attributes required or allowed by LDAP object classes for Calendar Server and Messaging Server. The attributes are listed alphabetically.
Note –
Objects and attributes used exclusively by Access Manager are covered in Chapter 4, Access Manager Classes and Attributes.
Objects and attributes used exclusively by iPlanet Delegated Administrator for Messaging are covered in Chapter 6, iPlanet Delegated Administrator Classes and Attributes (Schema 1).
Objects and attributes used by Communications Express are covered in Chapter 7, Communications Express Classes and Attributes
This chapter describes the following attributes:
aclGroupAddr
Origin
Messaging Server 6.0, Calendar Server 6
Syntax
cis
Object Classes
Definition
Adds a user to a dynamic group specified as an identifier in an ACL entry. Members of the group share the particular access rights defined in the ACL entry. The group is represented by a dynamic mailing list with a filter on the aclGroupAddr attribute.
Example
aclGroupAddr: lee-staff@siroe.com
OID
1.3.6.1.4.1.42.2.27.9.1.686
adminRole
Origin
Messaging Server 5.0
Syntax
cis
Object Classes
Definition
Specifies the administrator role for this administrator entry.
Example
None provided.
OID
2.16.840.1.113730.3.1.601
aliasedObjectName
Origin
Messaging Server 5.0
Syntax
dn
Object Classes
Definition
Used only in Schema 1 or in Schema 2 compatibility mode (with a DC Tree), not in Schema 2 native mode (no DC Tree).
Used by the Messaging Server to identify alias entries in the directory. Contains the distinguished name of the entry for which it is an alias. The domain attribute values are taken only from the referenced domain. So that routing will be identical between these domains.
Example
aliasedObjectName: cn=jdoe,o=sesta.com
OID
2.5.4.1
businessCategory
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
groupOfUniqueNames, organization, organizationalUnit
Definition
Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level.
Example
businessCategory:Engineering
OID
2.5.4.15
calCalURI
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Contains URI to user’s entire default calendar. For details see RFC 2739.
Example
Varies according to the version of calendar server implemented. For details see RFC 2739.
OID
1.2.840.113556.1.4.478
calFBURL
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
URL to the user’s default busy time data. For details see RFC 2739.
Example
Varies according to the version of calendar server implemented. For details see RFC 2739.
OID
1.2.840.113556.1.4.479
cn
Origin
Calendar Server
Syntax
cis, single-valued
Object Classes
icsCalendarResource, icsCalendarUser, inetResource
Definition
For users, full name of person. For resources, a unique identifier. In either case, it may contain spaces and special characters. Abbreviation for commonName.
Example
For a user: cn: John Doe.
For a resource: cn: Conference Room #3
or
commonName: John Doe
commonName: Conference Room #3
OID
2.5.4.3
co
Origin
LDAP
Syntax
cis
Object Classes
Definition
Contains the name of a country, using a two character code. Abbreviation for countryName.
The attribute friendlyCountryName is used to spell out the actual country name.
Example
co:IE
or
countryName:IE
friendlyCountryName:Ireland
OID
2.5.4.4
commonName (see cn)
Spells out the name of the attribute, but is the same as cn.
countryName (see co)
Spells out the name of the attribute, but is the same as co.
dataSource
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Text field to store a tag or identifier. Value has no operational impact.
Example
dataSource:1.0
OID
2.16.840.1.113730.3.1.779
dateOfBirth
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Date of birth of the pabPerson. Format is: YYYYMMDD.
Example
dateOfBirth: 19740404(date of birth on April 6, 1974.)
OID
2.16.840.1.113730.3.1.779
dc
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
The domain component of the domain alias entry.
Example
dc=sesta
For example a domain alias entry DN might be:dn: dc=sesta, dc=fr, o=internet.
OID
0.9.2342.19200300.100.1.25
description
Origin
LDAP
Syntax
cis, multi-valued
Object Classes
icsCalendarDWPHost, icsCalendarResource, groupOfUniqueNames, inetOrgPerson, organization, organizationalUnit, pab, pabGroup, sunServiceComponent
Definition
Provides a human readable description of the object. For people and organizations, this often includes their role or work assignment.
Example
description: Quality control inspector.
OID
2.5.4.13
domainUidSeparator
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute is used only for LDAP Schema 1.
This attribute is used by the messaging server to override the default mailbox (MB) home. When present, this attribute specifies that compound user identifications (UID's) are used in this domain and this attribute specifies the separator. For instance, if + is the separator, the mailbox names in this domain are obtained by replacing the right most occurrence of + in the uid with @. To map an internal mailbox name to the UID, the right most occurrence of @ is replaced with a + in the mailbox name.
While substitution of an @ for the UID separator is sufficient to generate a mailbox name, this may not be the same as any of the user’s actual email addresses.
Note –
Format of internal mailbox names is uid@domain, where “domain” is DNS domain mapping to the namespace. The only exception to this rule is mailbox names for users in default domain where only the uid is used to construct internal mailbox names. See inetCanonicalDomainName on how the default value of domain name used can be overridden in specific cases.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_UID_SEPARATOR.
Example
domainUIDSeparator: #
OID
2.16.840.1.113730.3.1.702
domOrgMaxUsers
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute is used only for LDAP Schema 1.
Maximum number of user entries in a domain organization.
Example
domOrgMaxUser: 500
OID
2.16.840.1.113730.3.1.697
domOrgNumUsers
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Number of current user entries in a domain organization.
Example
domOrgNumUsers: 345
OID
2.16.840.1.113730.3.1.698
facsimileTelephoneNumber
Origin
Calendar Server
Syntax
tel, single-valued
Object Classes
icsCalendarResource, inetResource, organization, organizationalUnit
Definition
Fax telephone number for resources.
Example
facsimileTelephoneNumber 1-800-555-1212
OID
2.5.4.23
givenName
Origin
LDAP
Syntax
cis
Object Classes
Definition
Identifies the entry’s given name, usually a person’s first name.
Example
givenName: John
OID
2.5.4.42
groupid
Origin
Calendar Server 6
Syntax
cis, single-valued
Object Classes
Definition
Identifies the unique name used to create the group calendar. The groupid must be unique among all uid and groupid attributes in its relative namespace. All valid Calendar group entries must have a groupid attribute.
Example
groupid:calendar1
OID
1.3.6.1.4.1.42.2.27.9.1.784
icsAdminRole
Origin
Calendar Server
Syntax
cis
Object Classes
Definition
Administrative calendar role that can be assigned to a group.
Example
No example given.
OID
2.16.840.1.113730.3.1.724
icsAlias
Origin
Calendar Server
Syntax
cis, UTF 8 encoded
Object Classes
Definition
Alias associated with a resource. An alias can make a resource name easier for the end user to work with.
Example
The resource named “halleyscomet” can be aliased as “Halley’s Comet”.
icsAlias: Halley’s Comet
OID
2.16.840.1.113730.3.1.725
icsAllowedServiceAccess
Origin
Calendar Server 6.0
Syntax
cis, single-valued
Object Classes
icsCalendarDomain, icsCalendarUser
Definition
This attribute is used only if the icsStatus attribute is not set, or in other words, if icsStatus is set, this attribute is ignored.
Use this attribute to disallow calendar services to a user. As a default all users are allowed access with http, but if you specify this attribute as shown in the example, it disallows the user from receiving calendar access (user is disabled):
Any other setting, or absence of the attribute entirely, results in the user having access to http services (user is enabled).
Example
icsAllowedServiceAccess:http
OID
2.16.840.1.113730.3.1.726
icsAllowRights
Origin
Calendar Server
Syntax
integer, single-valued
Object Classes
Definition
A numeric string used to hold bit fields, each corresponding to a set of rights. Each bit corresponds to a setting in the ics.conf file. After you have figured out the bit string settings you want, convert the bits to an integer.
If the property is set (1), the right is allowed. If the bit is not set (0), the right is not allowed.
If this attribute does not exist, the corresponding ics.conf default settings are used.
icsAllowRights defines the meaning of each bit position for bits 0-15:
Table 3–1 Bit Definitions and ics.conf Settings|
Property Name and ics.conf Setting Name |
Bit |
Allows (1) or Disallows (0) |
|---|---|---|
|
allowCalendarCreation service.wcap.allowcreatecalendars |
0 |
Creation of calendars |
|
allowCalendarDeletion service.wcap.allowdeletecalendars |
1 |
Deletion of calendars |
|
allowPublicWritableCalendars service.wcap.allowpublicwriteablecalendars |
2 |
Publicly writable calendars for users |
|
none |
3 |
Reserved. Defaults to 0 |
|
allowModifyUserPreferences service.admin.calmaster.wcap.allowgetmodifyuserprefs |
4 |
Domain Administrator allowed to change user preferences |
|
allowModifyPassword service.wcap.allowchangepassword |
5 |
Users allowed to change their password |
|
none |
6 |
Reserved. Defaults to 0 |
|
none |
7 |
Reserved. Defaults to 0 |
|
allowUserDoubleBook user.allow.doublebook |
8 |
Double booking of user calendars |
|
allowResourceDoubleBook resource.allow.doublebook |
9 |
Double booking of resource calendars |
|
allowSetCn service.wcap.allowsetprefs.cn |
10 |
User preference cn modified by set_userprefs command |
|
allowSetGivenName service.wcap.allowsetprefs.givenname |
11 |
User preference givenname modified by set_userprefs command |
|
allowSetGivenMail service.wcap.allowsetprefs.mail |
12 |
User preference mail modified by set_userprefs command |
|
allowSetPrefLang service.wcap.allowsetprefs.preferredlanguage |
13 |
User preference preferredlanguage modified by set_userprefs command |
|
allowSetSn service.wcap.allowsetprefs.sn |
14 |
User preference sn modified by set_userprefs command |
|
allowGroupDoubleBook group.allow.doublebook |
15 |
Double booking of group calendars |
|
none |
16-31 |
Reserved. Defaults to all 0 |
Example
If you decide that you want to disallow the following bits:
-
publicly writable user calendars (bit 2),
-
double booking of resources (bit 9),
-
and modifying the given name (bit 11),
then your bit pattern would look like this:
”00000000000000000000101000000100’
which you would convert into the integer 2564 so that:
icsAllowRights: 2564
OID
2.16.840.1.113730.3.1.727
icsAnonymousAllowWrite
Origin
Calendar Server
Syntax
boolean (yes, no)
Object Classes
Definition
Specifies if anonymous users can write events in public calendars. The value comes from the ics.conf setting service.wcap.anonymousallowpubliccalendarwrite.
Example
icsAnonymousAllowWrite: yes
OID
2.16.840.1.113730.3.1.728
icsAnonymousCalendar
Origin
Calendar Server
Syntax
ces
Object Classes
Definition
Calendar ID for anonymous users. The value is taken from the ics.conf setting calstore.anonymous.calid.
Example
icsAnonymousCalendar: guest1
OID
2.16.840.1.113730.3.1.729
icsAnonymousDefaultSet
Origin
Not implemented.
Syntax
ces, UTF 8 encoded
Object Classes
Definition
Default calendar set for anonymous users.
Example
No example given.
OID
2.16.840.1.113730.3.1.730
icsAnonymousLogin
Origin
Calendar Server
Syntax
boolean (yes, no)
Object Classes
Definition
Specifies if anonymous login is allowed. Value is taken from the ics.conf file setting service.http.allowanonymousLogin.
Example
icsAnonymousLogin: yes
OID
2.16.840.1.113730.3.1.798
icsAnonymousSet
Origin
Not implemented.
Syntax
ces, UTF 8 encoded
Object Classes
Definition
Reserved. Not implemented.
Default calendar set for anonymous users.
Example
No example given.
OID
2.16.840.1.113730.3.1.732
icsAutoaccept
Origin
Calendar Server 6
Syntax
cis, single-valued
Object Classes
icsCalendarGroup, icsCalendarResource
Definition
When a group receives an invitation, this attribute indicates whether the invitation is marked automatically as accepted. When enabled, the attribute causes the scheduled event to be marked as busy on the group calendar without any member taking any action.
For a Calendar resource, this attribute allows the resource to accept invitations automatically.
The icsAutoaccept attribute can have a value of 1, which allows automatic acceptance of invitations, or 0, which prohibits automatic acceptance.
For a group calendar, the default value is 0 (prohibit automatic acceptance of events). For a Calendar resource, the default value is 1 (allow automatic acceptance of events).
Example
icsAutoaccept:0
icsAutoaccept:1
OID
1.3.6.1.4.1.42.2.27.9.1.788
icsCalendar
Origin
Calendar Server
Syntax
ces, single-valued
Object Classes
icsCalendarResource, icsCalendarGroup, icsCalendarUser
Definition
The calendar ID (calid) of the default calendar for a user, group, or resource. Required attribute. It is a policy of Calendar Server to construct calids based on the user's uid or the group's groupid, since it is guaranteed to be unique.
Example
icsCalendar: jdoe
OID
2.16.840.1.113730.3.1.731
icsCalendarOwned
Origin
Calendar Server
Syntax
ces, multi-valued
Object Classes
Definition
Calendars owned by this user. At least one instance of this attribute must exist for each user and must be set with the user's default calendar value. Multiple instances of this attribute can be used to specify other calendars the user owns.
Example
icsCalendarOwned:jdoe@sesta.com:Project
icsCalendarOwned:jdoe@sesta.com:icsCalendarOwned
icsCalendarOwned:jdoe@sesta.com:BaseballSchedule
icsCalendarOwned:jdoe@sesta.com:Holidays
OID
1.3.6.1.4.1.42.2.27.9.1.6
icsCapacity
Origin
Not implemented.
Syntax
integer, single-valued
Object Classes
Not currently defined.
Definition
Reserved, not implemented.
Example
No example given.
OID
2.16.840.1.113730.3.1.800
icsContact
Origin
Not implemented.
Syntax
cis, UTF 8 encoded
Object Classes
Definition
Reserved, not implemented.
Resource contact name.
Example
icsContact: John Doe jdoe@sesta.com
OID
2.16.840.1.113730.3.1.733
icsDefaultAccess
Origin
Calendar Server
Syntax
cis, single-valued
Object Classes
Definition
Default access control string applied to the user’s default calendar. For more information about access control, see “Access Control Entries” in the Sun Java System Calendar Server Programmer’s Manual. If this attribute is not present, the value is taken from the ics.conf file setting calstore.calendar.default.acl.
Example
Granting the user both free-busy and scheduling permission for calendar components.
icsDefaultAccess:@sesta.com^c^sf^g
OID
2.16.840.1.113730.3.1.734
icsDefaultacl
Origin
Calendar Server 6
Syntax
cis, single-valued
Object Classes
icsCalendarGroup, icsCalendarResource
Definition
Default access control string (ACL) applied to a group calendar or calendar resource. For more information about access control, see “Access Control Entries” in the Sun Java System Calendar Server Developer’s Guide. If this attribute is not present, the value is taken from the ics.conf file settings group.default.acl for groups or resource.default.acl for resources.
Example
Granting the group calendar both free-busy and scheduling permission for calendar components.
icsDefaultacl:@sesta.com^c^sf^g
OID
1.3.6.1.4.1.42.2.27.9.1.786
icsDefaultSet
Origin
Calendar Server
Syntax
ces, single-valued
Object Classes
Definition
User preference for what calendars to display at login. User’s can specify any of their calendar sets (groups they have created) to be displayed at login instead of a single calendar.
Example
icsDefaultSet: MyCalendarGroup
OID
2.16.840.1.113730.3.1.735
icsDomainAllowed
Origin
Not implemented.
Syntax
cis, single-valued (see mgrpAllowedDomain)
Object Classes
Definition
What domains are allowed. The value has the following format:
service-list:client-list
where service-list is a blank- or comma-separated list of one or more service names or wild cards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wild cards.
The following are the explicit wild cards recognized by the system:
|
ALL |
Always matches |
|
LOCAL |
Matches any host whose name does not contain a dot character. |
|
UNKNOWN |
Matches any host whose name or address are unknown. Use this with care. |
|
KNOWN |
Matches any host whose name and address are known. Use with care. |
|
DNSSPOOFER |
Matches any host whose name does not match its address. |
There is one operator that can be used in the service-list and the client-list:
|
EXCEPT |
Matches anything that matches list 1 unless it matches anything in list 2. The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated. |
You can use patterns to distinguish clients by the network address that they can connect to. For example: service@host_pattern:client-list.
The default value comes from service.http.domainallowed in the ics.conf file.
Example
Allow local access to anyone in the sesta.com domain.
icsDomainAllowed: ALL:sesta.com
OID
2.16.840.1.113730.3.1.736
icsDomainNames
Origin
Calendar Server
Syntax
cis, multi-valued, ASCII
Object Classes
Definition
For cross-domain searching, each external domain to be searched must be listed using this attribute.
Example
icsDomainNames: sesta.com
icsDomainNames: siroe.com
OID
1.3.6.1.4.1.42.2.27.9.1.3
icsDomainNotAllowed
Origin
Calendar Server
Syntax
cis, single-valued (see mgrpDisallowedDomain)
Object Classes
Definition
What domains are not allowed. The value has the following format:
service-list:client-list
where service-list is a blank- or comma-separated list of one or more service names or wild cards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wild cards.
The following are the explicit wild cards recognized by the system:
|
ALL |
Always matches |
|
LOCAL |
Matches any host whose name does not contain a dot character. |
|
UNKNOWN |
Matches any host whose name or address are unknown. Use this with care. |
|
KNOWN |
Matches host whose name and address are known. Use with care. |
|
DNSSPOOFER |
Matches any host whose name does not match its address. |
There is one operator that can be used in the service-list and the client-list:
|
EXCEPT |
Matches anything that matches list 1 unless it matches anything in list 2. The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated. |
The value comes from ics.conf setting service.http.domainnotallowed.
Example 1
If you want to allow access to all but a selected few hosts, you can explicitly deny access as in the following example:
Deny access to anyone at the company22.com domain.
icsDomainNotAllowed: ALL:company22.com
In this instance, you would not need to have any specific icsDomainAllowed attributes.
Example 2
If you want to implement a no-access default, a single instance of this attribute will do it. This denies all service to all hosts, unless they are specifically permitted access by icsDomainAllowed attributes.
icsDomainNotAllowed: ALL:ALL
Example 3
The following example shows how to deny access to any unknown users.
icsDomainNotAllowed: ALL:UNKNOWN@ALL
OID
2.16.840.1.113730.3.1.737
icsDoublebooking
Origin
Calendar Server 6
Syntax
cis, single-valued
Object Classes
icsCalendarGroup, icsCalendarResource
Definition
Indicates whether a group allows double-booking of events in the group's calendar. When enabled, double-booking allows two events to be scheduled and displayed on the calendar at the same time.
For a Calendar resource, this attribute allows the resource to be booked for two events at the same time.
The icsDoublebooking attribute can have a value of 1, which allows double-booking, or 0, which prohibits double-booking.
For a group calendar, the default value is 1 (allow double-booking). For a Calendar resource, the default value is 0 (prohibit double-booking).
Example
icsDoublebooking:1
icsDoublebooking:0
OID
1.3.6.1.4.1.42.2.27.9.1.787
icsDWPBackEndHosts
Origin
Calendar Server 5.1.1
Syntax
cis, multi-valued
Object Classes
Definition
The list of all possible back end hosts used for calendars found in this domain. This attribute is required if the calendar installation is using the Database Wire Protocol (DWP).
Example
icsDWPBackEndHosts: machine1
icsDWPBackEndHosts: machine2
OID
1.3.6.1.4.1.42.2.27.9.1.5
icsDWPHost
Origin
Calendar Server.1
Syntax
cis, single-valued, ASCII
Object Classes
icsCalendarDWPHost, icsCalendarGroup, icsCalendarResource, icsCalendarUser
Definition
Stores a DWP host name so that the calendar ID can be resolved to the Database Wire Protocol (DWP) server that stores the calendar and its data. When the calendar database is distributed across several back end servers, the attribute value is the DNS name of the back-end server hosting the user, group, or resource. Each user’s, group's, or resource's entire calendar will be on a single back—end server. Required if using the Calendar Lookup Database (CLD).
This attribute is required if the Calendar installation is using DWP to distribute calendar data across back end calendar data servers. If DWP is not being used, every user’s calendar will be found on the same host as the calendar server. If an installation initially does not use DWP, but later switches to it, the calendar server will fill in this value based on the default DWP host name found in the domain entry. If there is no value or such entry (calendar server is not in hosted domain mode) then the value will be picked up from the ics.conf configuration file.
Example
icsDWPHost:calserv1
OID
1.3.6.1.4.1.42.2.27.9.1.1
icsExtended
Origin
Calendar Server 5.1.1
Syntax
cis, multi-valued
Object Classes
Definition
Extensions for calendar. Reserved.
Example
No example given.
OID
2.16.840.1.113730.3.1.738
icsExtendedDomainPrefs
Origin
Calendar Server
Syntax
cis, multi- valued
Object Classes
Definition
Preferences for calendar domains can be set using the properties found in icsExtendedDomainPrefs. Each attribute value is a property-value pair.
The format is
icsExtendedDomainPrefs:property=value
The icsExtendedDomainPrefs attribute is multi-valued, but each attribute:property pair can be used only once. For example, use icsExtendedDomainPrefs:domainAccess=value only once.
The default settings for these properties are found in the domain server’s ics.conf file. In the absence of this attribute, the ics.conf settings will be used.
Table 3–2 Domain Preferences
Example
icsExtendedDomainPrefs: createLowerCase=yes
icsExtendedDomainPrefs: domainAccess=@@d^a^slfrwd^g;anonymous^a^r^g;@^a^s^g
In this example, any external domain matching the access rights shown above can search this domain.
OID
2.16.840.1.113730.3.1.739
icsExtendedGroupPrefs
Origin
Calendar Server
Syntax
cis
Object Classes
Definition
Extensions for calendar group preferences. Reserved.
Example
No example given.
OID
2.16.840.1.113730.3.1.740
icsExtendedResourcePrefs
Origin
Not implemented.
Syntax
cis
Object Classes
Not yet assigned.
Definition
Reserved, not implemented.
Example
No example given.
OID
2.16.840.1.113730.3.1.741
icsExtendedUserPrefs
Origin
Calendar Server
Syntax
cis, multi-valued
Object Classes
Definition
Extensions for calendar user preferences. The attribute value is a property-value pair. The following are the properties and their values
Table 3–3 Extended User Preferences|
Properties |
Values |
Description |
|---|---|---|
|
ceAllCalendarTZIDS |
a standard time zone |
Time zone TZID for this calendar. |
|
ceClock |
12, 24 |
Defines whether a 12 or 24 hour clock is used. |
|
ceColorSet |
pref_group1 pref_group2 pref_group3 pref_group4 pref_group7 |
Defines which of the five UI color schemes to use. |
|
ceDateOrder |
M/D/Y D/M/Y Y/M/D |
Determines the display order of the three date elements: month (M), day (D), and year (Y) . |
|
ceDateSeparator |
Any single printable character. For example: / or - |
The single character used to delimit displayed date elements. For example, a date can be delimited with a /, such as 12/22/2002, or with a -, such as 12–22–2002. |
|
ceDayHead |
0–23 |
Start time hour (expressed as one of 24 hours in a day) for displaying calendar information. |
|
ceDayTail |
0–23 |
End time hour (expressed as one of 24 hours in a day) for displaying calendar information. |
|
ceDefaultAgenda |
unused |
Not currently implemented. |
|
ceDefaultAlarmEmail |
email addresses separated by white space |
Email Addresses event alarms sent to. |
|
ceDefaultAlarmStart |
P[unit count][unit type] |
Amount of time before the event an alarm should be sent. Where unit count is any numeric value, and unit type is either M (minutes), H (hours), or D (days). For example: P10M |
|
ceDefaultTZID |
one of standard time zones For a list of time zones, see Standard Time Zones. |
Time zone to use when a calendar does not have one assigned to it. |
|
ceDefaultView |
dayview weekview monthview yearview groupview |
View to be presented at log in. If this parameter is not present, overview is used as the default. |
|
ceExludeSatSun |
boolean (0, 1) |
Calendars don’t display if the value is set to 1. Default is the value set to 0. |
|
ceFontFace |
One of these values: 1) Times New Roman, Times, serif 2) Courier New, Courier, noon 3) PrimaSans BT, Verdana, sans-serif |
Three choices of font face to be used in the user interface. |
|
ceFontSizeDelta |
pref_font_size_group_2 (normal) pref_font_size_group_1 (larger) pref_font_size_group_3 (smaller) |
Defines three font sizes for the user interface. In the interface they are defined as:normal, larger, smaller. |
|
ceGroupInviteAll |
boolean (0, 1) |
When creating an invitation while viewing a group, invite all calendars in the group when the value is set to 1; default is 1. |
|
ceInterval |
PT0H15M PT0H30M PT1H0M PT2H0M PT4H0M |
Defines the time interval to be used when displaying calendar information. Intervals are: 15 min., 30 min., 1 hour, 2 hours, 4 hours. |
|
ceNotifyEmail |
any valid RFC 822 email address |
Email address notifications are mailed to when the calendar receives an invitation to an event. |
|
ceNotifyEnable |
0, 1 |
Enables/disables email notifications being sent when the calendar receives an invitation to an event.0 = do not sent notifications1 = send notifications |
|
ceSingleCalendarTZID |
any valid time zone For a list of valid time zones, see Standard Time Zones. |
Lists the time zone assigned to this calendar. If the parameter is not sent, the default time zone is used. For example: America/Los_Angeles |
|
ceToolImage |
0, 1 |
Toggle for the user interface display of icon images on the toolbar. 0 = do not display icons,1 = display icons (default) |
|
ceToolText |
0, 1 |
Toggle for the user interface display of icon text on the toolbar.0 = do not display text with the icon1 = display text with the icon (default) |
Note –
Regarding ceToolImage and ceToolText: the user interface only allows three possibilities for the toolbar: icons and text (attributes values 1, 1), icons only (attributes values 1, 0), and text only (attributes values 0, 1). It does not allow the user to turn off both icons and text (attributes values 0, 0).
Example
icsextendeduserprefs: ceClock=12 icsextendeduserprefs: ceColorSet=pref_group_1 icsextendeduserprefs: ceDateOrder=D/M/Y icsextendeduserprefs: ceDateSeparator=/ icsextendeduserprefs: ceDayHead=10 icsextendeduserprefs: ceDayTail=17 icsextendeduserprefs: ceDefaultAlarmEmail=jdoe@sesta.com icsextendeduserprefs: ceDefaultAlarmStart=P30H icsextendeduserprefs: ceDefaultTZID=America/New_York icsextendeduserprefs: ceDefaultView=groupview icsextendeduserprefs: ceFontFace=PrimaSans BT,Verdana,sans-serif icsextendeduserprefs: ceFontSizeDelta=pref_font_size_group_3 icsextendeduserprefs: ceInterval=PT2H0M icsextendeduserprefs: ceNotifyEmail=jdoe@sesta.com icsextendeduserprefs: ceNotifyEnable=0 icsextendeduserprefs: ceSingleCalendarTZID=America/Los_Angeles icsextendeduserprefs: ceToolText=1 icsextendeduserprefs: ceToolImage=1
OID
2.16.840.1.113730.3.1.742
icsFirstDay
Origin
Calendar Server
Syntax
cis, single-valued
Object Classes
Definition
First day of the week to be displayed on user’s calendar.
Range of values: 1–7, with the values assigned as follows:
1 = Sunday
2 = Monday
3= Tuesday
4 = Wednesday
5 = Thursday
6 = Friday
7 = Saturday
Example
icsFirstDay: 1
OID
2.16.840.1.113730.3.1.743
icsFreeBusy
Origin
Not implemented.
Syntax
ces, single-valued
Object Classes
Not yet assigned.
Definition
Reserved, not implemented.
Example
No example given.
OID
2.16.840.1.113730.3.1.744
icsGeo
Origin
Not implemented.
Syntax
cis single-valued
Latitude; longitude
Object Classes
Not yet identified.
Definition
Reserved, not implemented.
Geographical location of user or resource.
Example
This class exists only for compliance with the RFC spec and is not used.
OID
2.16.840.1.113730.3.1.745
icsMandatorySubscribed
Origin
Calendar Server
Syntax
ces
Object Classes
Definition
The valid calendar ID's for mandatory subscribed calendars for all users in a domain.
Example
icsMandatorySubscribed: ConfRm1@sesta.com:meetings
OID
2.16.840.1.113730.3.1.746
icsMandatoryView
Origin
Calendar Server
Syntax
cis
Object Classes
Definition
The mandatory default view for all calendars in a domain. Views are: overview, day, week, month, year, comparison.
Example
icsMandatoryView: overview
OID
2.16.840.1.113730.3.1.747
icsPartition
Origin
Not implemented.
Syntax
cis, single-valued, ASCII
Object Classes
icsCalendarResource, icsCalendarUser
Definition
Reserved. not implemented.
The name of the partition that holds a calendar database. There is no default value.
Example
icsPartition: partition1
OID
1.3.6.1.4.1.42.2.27.9.1.4
icsPreferredHost
Origin
Not implemented.
Syntax
cis, single-valued
Object Classes
Not yet defined.
Definition
Reserved, not implemented.
Specifies the preferred host for this calendar. This attribute is used by clients to retrieve the front-end-host server name.
Example
No example given.
OID
2.16.840.1.113730.3.1.749
icsQuota
Origin
Not implemented.
Syntax
integer, single-valued
Object Classes
Not yet specified.
Definition
Reserved, not implemented.
Example
No example given.
OID
2.16.840.1.113730.3.1.748
icsRecurrenceBound
Origin
Calendar Server
Syntax
integer, single-valued
Object Classes
Definition
Maximum number of instances created for events and todos with infinite recurrence. The value is taken from the ics.conf setting calstore.recurrence.bound.
Example
icsRecurrenceBound: 60
OID
2.16.840.1.113730.3.1.750
icsRecurrenceDate
Origin
Calendar Server
Syntax
cis, single-valued
Object Classes
Definition
An ISO 8601 date/time string specifying the maximum date for events and todos with infinite recurrence.
Example
icsRecurrenceDate: 20300365T115959Z
OID
2.16.840.1.113730.3.1.751
icsRegularExpressions
Origin
Calendar Server.1
Syntax
ces, multi-valued, UTF 8
Object Classes
Definition
Stores regular expressions used to divide the LDAP database between servers.
Example
icsRegularExpressions: A–F,G–L,M–T,U–Z
A–F, G–L, M–T, U–Z are possible values for instances of this attribute and describe a database divided alphabetically between four servers.
OID
1.3.6.1.4.1.42.2.27.9.1.2
icsSecondaryowners
Origin
Calendar Server 6
Syntax
dn, multivalued
Object Classes
icsCalendarGroup, icsCalendarResource
Definition
Identifies the distinguished names (DNs) of co-owners of a group Calendar or Calendar resource. Like the primary owner, the users identified with icsSecondaryowners have administrative privileges over the Calendar group or Calendar resource entry.
The co-owners must be Calendar users in the same domain as the group or resource. That is, Calendar service must be assigned to the co-owners as well as to the Calendar group or resource.
Example
icsSecondaryowners:cn=John Smith,o=Sesta,c=US
OID
1.3.6.1.4.1.42.2.27.9.1.785
icsSessionTimeout
Origin
Calendar Server
Syntax
integer, single-valued
Object Classes
Definition
Number of seconds of inactivity before a user session is timed out. Read from ics.conf setting service.http.idletimeout.
Example
icsSessionTimeout: 600
OID
2.16.840.1.113730.3.1.752
icsSet
Origin
Calendar Server
Syntax
cis, multi-valued
Object Classes
icsAnonymousSet, icsCalendarUser,icsDefaultAnonymousSet
Definition
Defines one group of calendars. End users create these groups for various tasks. Each group is represented by one icsSet attribute, that is, for every group the user creates there will be one icsSet attribute. For example, if the user has three groups defined, there will be three icsSet attributes.
The value for this attribute is a six-part string, with each part separated by a dollar sign ($).
The following table shows the six parts of this attribute’s value:
Table 3–4 Six Parts of the Attribute Value|
Part |
Required? |
Description |
|---|---|---|
|
name |
Required |
The display name of this group. |
|
calendars |
Required |
A semi-colon-separated list of calendar ID's (calid) that comprise this group. |
|
tzmode |
Required |
Three possible values: default, inherit, specify. The value that tells where the time zone for this group comes from. default– take user’s default time zoneinherit– take the time zone of the first calendar in the groupspecify– take the time zone from the tz value that follows. |
|
tz |
Not Required, unless zmode = specify |
A valid time zone for this group. For a list of acceptable values, see Standard Time Zones. Value is optional unless tzmode = specify, then it is required. |
|
mergeInDayView |
Required |
A boolean (TRUE/FALSE). The value tells whether to display this group in the Day view (TRUE) or the Comparison view (FALSE) |
|
description |
Not Required |
Character string. Optional description of the calendar. |
Example
The value of this attribute should all be on one line or if you wish to break a line, start the next line with a single space or tab.
icsSet: name=GroupName$calendars=calid1;calid2;calid3$ tzmode=specify$tz=America/Los_Angeles$mergeInDayView=FALSE$ description=Example group of calendars.
OID
2.16.840.1.113730.3.1.753
icsSourceHtml
Origin
Calendar Server
Syntax
ces, single-valued
Object Classes
Definition
The alternate location of all client HTML files. A directory path that is relative to the installed client HTML files. The default value comes from the ics.conf setting service.http.uidir.path.
icsSourceHtml lists the values for this attribute.
Table 3–5 Alternate Locations for Client HTML files.|
Parameters |
Value |
Definition |
|---|---|---|
|
sourceUrl |
directory |
Directory relative to executable, where all URL references to files are stored. |
|
uiDirPath |
directory |
Directory containing the default client. If only WCAP access is allowed, value is ““. |
|
calHostname |
hostname |
HTTP host for retrieving HTML documents. |
Example
icsSourceHtml: calHostname=calhost1
OID
2.16.840.1.113730.3.1.754
icsStatus
Origin
Calendar Server
Syntax
cis, single-valued
Object Classes
icsCalendarDomain, icsCalendarDWPHost, icsCalendarGroup, icsCalendarResource, icsCalendarUser
Definition
If this attribute is used with icsCalendarDomain, the attribute must be set when assigning calendar services to a domain. The attribute describes the status of this domain’s calendar service with one of the values specified in icsStatus.
If the attribute is set for a user (icsCalendarUser), group (icsCalendarGroup), or resource (icsCalendarResource), the value of icsStatus affects the availability of the calendar for that individual entry.
See Table 3–6, below, for definitions of the attribute's values.
If this attribute is not set, the icsAllowedServiceAccess attribute is checked. If present and the value of that attribute is http, then calendar services are disabled for the user or group (the user or group status is inactive). If icsAllowedServiceAccess has any other value, or if both attributes are missing, then the default user or group status is active.
Calendar services evaluate the following status attributes in order:inetDomainStatus, icsStatus (for icsCalendarDomain), either inetResourceStatus or inetUserStatus, and icsStatus (for icsCalendarResource, icsCalendarUser, or icsCalendarGroup).
The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
When this attribute is set for a domain, the following status values apply to all users, groups, and resources in the domain.
When this attribute is set for a user, group, or resource, the following status values apply only to that individual entry.
Table 3–6 Calendar Status Values|
Status |
Definition |
|---|---|
|
active |
The user, group, or resource, or all users, groups, and resources in this domain, have access to calendar services. |
|
inactive |
Calendar services are blocked for this user, group, or resource, or for any users, groups, or resources in this domain, until the status is changed to active again. Calendars remain in the database and the LDAP entry remains. |
|
deleted |
This user, group, or resource entry is marked for deletion. Calendar service is blocked for the user, group, or resource, or for any users, groups, or resources in this domain. It is marked for deletion. Calendars will be removed from the database and the LDAP attributes that control the calendar’s service will be removed. Specifically, the entry is a candidate for cleanup by the csclean utility. After csclean removes the calendar, it sets the value of icsStatus to removed. All the entries remain in the directory, but object classes having to do only with calendars for these users, resources and domains will be removed. For example, icsCalendarUser, icsCalendarResource, icsCalendarDomain will be removed. In addition all attributes with the ics prefix will be removed. For resources, it means that the resources associated with this object are to be removed from the calendar system, but the entry remains in the directory. For domains, all calendars associated with all the users and resources within that domain are to be removed. |
|
removed |
Indicates that the resource (calendar) associated with this entry has been removed. In addition, the entry itself is marked to be purged from the LDAP directory. If icsStatus is set at the domain level, all entries with calendar service in the domain are set to be removed. All calendar service is blocked for the entry (or entries). This setting allows the Delegated Administrator commadmin domain purge command to remove the entry (or entries) from the LDAP directory. |
Example
icsStatus: active
OID
2.16.840.1.113730.3.1.755
icsSubscribed
Origin
Calendar Server
Syntax
ces, multi-valued
Object Classes
Definition
List of calendars to which this user is subscribed. This includes all the calendars that the user owns, as well as any calendars owned by others to which the owner subscribes.
The value of this attribute is the calendar ID and optionally, the calendar name, with a dollar sign ($) between them, when present.
Example
icsSubscribed: jdoe$MyHomeCalendaricsSubscribed: jsmith
OID
2.16.840.1.113730.3.1.756
icsTimezone
Origin
Calendar Server
Syntax
cis
Object Classes
icsCalendarResource, icsCalendarGroup, icsCalendarUser
Definition
The default time zone for this user, group, or resource calendar. Specifically, a valid time zone from the list found in Standard Time Zones. The value is taken from the ics.conf setting calstore.default.timezoneID.
For a user, a time zone can be assigned explicitly through the user preferences attribute (see icsExtendedUserPrefs), which overrides the domain-level default.
Example
icsTimezone: America/Chicago
OID
2.16.840.1.113730.3.1.757
inetCanonicalDomainName
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
For Messaging Server, this attribute specifies the canonical domain name used to map a user entry to the correct organization entry when more than one organization entry exists.
The mail processes use information stored in the organization entry to locate a user's mailbox in the message store. If a user has multiple identities in different domains (associated with the different organization entries), the mail processes need to determine which organization entry to use to find the correct mailbox. The inetCanonicalDomainName attribute points to this canonical organization. If inetCanonicalDomainName were not used, a user with multiple user IDs (in multiple domains) would have a different mailbox for each domain.
Typically, the value of inetCanonicalDomainName is a fully qualified domain name, although this is not an absolute requirement.
The inetCanonicalDomainName attribute is used in LDAP Schema 2 and LDAP Schema 1. For an explanation of Schema 1 and Schema 2 LDAP structures, see the Sun Java Communications Suite Deployment Planning Guide and Sun Java Communications Suite Schema Migration Guide.
Schema 2
In Schema 2, the directory can have two types of organization nodes: base and index. Base nodes appear at the root of the directory tree and contain the organization's data (users and groups).
Typically, index nodes for the organization are created if a deployment involves more than one logical grouping of the same physical data. An index node can appear anywhere in the directory.
Moreover, some LDAP administrators need to create a directory structure in which one organization node is placed above another, and the user data exists below both organization nodes. (You might have to do this to maintain the structure of a legacy user directory or to merge an existing user domain with a recently acquired domain.)
If the directory contains multiple index nodes for the organization or nested organization nodes, a user entry can “belong” logically to more than one organization node. An application such as Messaging Server must determine which organization is the canonical one in order to resolve a domain search and correctly identify the user's mailbox.
In this situation, you must decorate all the non-canonical organization entries with the inetCanonicalDomainName attribute, which specifies the domain name of the organization's base node. Its value must be the same as that of the sunPreferredDomain attribute in the organization's base node.
If the inetCanonicalDomainName attribute is missing and there are multiple organization nodes referring to the organization's base node, the mail processes could possibly use the wrong domain name when trying to open users’ mailboxes.
Note that it serves no purpose to decorate the canonical domain entry itself with the inetCanonicalDomainName attribute. If you do, it must have the same value as sunPreferredDomain.
If you want multiple domains to have the same attribute settings, you should not create multiple organization nodes. Instead, add associatedDomain to the organization's base node to specify the DNS domain name aliases. (Add one instance of associatedDomain for each domain name alias.) If the organization's base node is not the canonical domain, then it must contain the sunPreferredDomain attribute.
Schema 1
In Schema 1, the inetCanonicalDomainName attribute is used for the same purpose as in Schema 2, but it is used with DC nodes in the DC tree.
This attribute is used when more than one DC node in a DC tree refers to the same base node of a user/group tree for a particular domain in the Organization tree. (There can be only one canonical domain name for a domain's user/group base node in the Organization tree, but there can be many DC nodes referring to the same user/group base node.)
In Schema 1, this attribute is not necessary if there is only one DC node referring to a domain's user/group base node. If the attribute is missing, the DC node entry is taken for the canonical domain name.
If this attribute is missing and there are multiple DC nodes referring to the same user/group base node, the mail processes could possibly use the wrong domain name when trying to open users’ mailboxes.
Using multiple domain nodes to point to the same user/group base node allows you to have different attribute settings (for example, to achieve different routing) for each one. If you want to be sure the two domains have the same attribute settings (for example, to ensure that they are routed identically), use aliasedObjectName on the duplicate node instead.
Examples
Example 1 — Schema 2
Suppose the directory contains a base node, o=sesta, to store a corporation's user data. In addition, there is an index node, o=sesta2, which points to an overlapping subset of users. In this example, sesta.com is the canonical domain name.
To identify the actual organization node, you must decorate the non-canonical organization entry (the index node) with the value of the canonical organization node, inetCanonicalDomainName:sesta.com:
dn:o=sesta,o=rootsuffix sunPreferredDomain:sesta.com
dn:o=sesta2,o=sesta,o=rootsuffix inetDomainBaseDN:o=sesta,o=rootsuffix inetCanonicalDomainName:sesta.com
Example 2 — User Login with inetCanonicalDomainName
Assume the two organization nodes, o=sesta and o=sesta2, are decorated as shown in Example 1. The user jdoe logs in to Messaging Server with the following user ID:
jdoe@sesta2.com
In this example, there can be only one LDAP entry for the user jdoe.
In this case, Messaging Server performs one or more lookups to determine jdoe's canonical user ID, which consists of the user's uid followed by @ and the user's canonical domain name.
Messaging Server looks up the value of the inetCanonicalDomainName attribute in the sesta2 organization entry. It then replaces the original domain name in the login ID, sesta2, with the canonical domain name, sesta.
Using the canonical user ID, Messaging Server opens jdoe's correct mailbox, which displays all of jdoe's messages, including messages sent to jdoe@sesta2.com, to jdoe@sesta.com, and to any other domain or alias domain associated with jdoe.
Example 3 — User Login without inetCanonicalDomainName
Assume the same directory tree layout as is shown in Example 1, but now inetCanonicalDomainName is not used. The user jdoe logs in to Messaging Server with the following user ID:
jdoe@sesta2.com
As in Example 2 (shown above), there can be only one LDAP entry for the user jdoe.
In this case, Messaging Server performs the same lookups it performs in Example 2.
However, because the sesta2 organization entry does not contain the inetCanonicalDomainName attribute, Messaging Server uses the user ID <uid>@sesta2.com to determine which mailbox to open. A second mailbox associated with the sesta2 domain is created (or, if it already exists, opened).
In this mailbox, the user jdoe sees only messages sent to the sesta2 domain; jdoe has no access to any other messages. All other messages are contained in the mailbox associated with the canonical domain.
Example 4 — Schema 1
In a Schema 1 scenario, if two DC Tree nodes exist, dc=sesta and dc=sesta2, both referring to the user/group base node o=sesta, then you must specify the canonical domain name as follows:
dn:dc=sesta,dc=com,o=internet inetDomainBaseDN:o=sesta.com
dn:dc=sesta2,dc=com,o=internet inetDomainBaseDN: o=sesta.com inetCanonicalDomainName:sesta.com
OID
2.16.840.1.113730.3.1.701
inetCoS
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
(Organization tree domain) Specifies the name of the Class of Service (CoS) template supplying values for attributes in the user entry. The RDN of the CoS template is the value of this attribute. Attribute values provided by the template and any override rules are specified in the CoS definition. CoS definitions are created by using the object class cosDefinition. The value of attribute cosSpecifier in CoS definition entry is set to inetCoS. Create CoS definitions and templates in the container ou=CoS in the subtree for that domain.
Example
inetCoS: HallofFame
OID
2.16.840.1.113730.3.1.706
inetDomainBaseDN
Origin
Messaging Server 5.0
Syntax
dn, single-valued
Object Classes
inetDomain, sunManagedOrganization
Definition
In Schema 2, this attribute decorates index nodes configured to support multiple logical groupings that point to the same physical data. In Schema 1, the attribute decorates domain nodes on the DC Tree when in compatibility mode.
Schema 2
When your deployment comprises multiple logical groupings pointing to the same physical data, the directory may be configured to contain index nodes. Each index node must include the attribute inetDomainBaseDN; the attribute's value must point to the physical node under which the physical data is contained. The physical node must be decorated with the sunManagedOrganization object class.
Schema 1
The two domains, the alias and the referenced domain, can have different attribute values, such that routing will differ between the two. If you want to ensure routing is the same, the attribute values of both domains must be identical.
DN of the organization’s subtree where all user/group entries are stored. This attribute points to a valid Organization subtree DN. Messaging Server components using the RFC 2247 search (compatibility mode) must resolve this DN in order to search for user and group entries that correspond to the hosted organization.
Example
inetDomainBaseDN: o=sesta.com,o=siroe-isp.com
OID
2.16.840.1.113730.3.1.690
inetDomainCertMap
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Reserved.
Example
No example given.
OID
2.16.840.1.113730.3.1.700
inetDomainSearchFilter
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
LDAP search filter to use in search templates when performing a native mode search. The compatibility mode RFC 2247 algorithm search requires this attribute, but ignores its value.
Used during authentication to map login name in that domain to an LDAP entry.
The following variables can be used in constructing the filter:
-
%U–Name part of the login name (that is, everything before the login separator stored in the servers configuration)
-
%V–Domain part of the login string
-
%o–Original login ID entered by the user
If this attribute is missing, it is equivalent to:
(&(objectclass=inetOrgPerson)(uid=%U))
Namespaces where users are provisioned with compound uids, such as uid=john_siroe.com, where john is the userID and siroe.com is the domain, would use a search filter of uid=%U_%V. This maps a login string of john@siroe.com (where @ is the login separator for the service) into a search request by the service for an entry’s namespace of siroe.com, where uid=john_siroe.com.
An alternate example of using this attribute would be for sites wanting to log people in based on their employee identification. Assuming the attribute empID in user entries stores employee identifications, the search filter would be:
(&(objectclass=inetOrgPerson)(empID=%U)).
This attribute must return a unique match for valid users within the inetDomainBaseDN subtree.
Example
inetDomainSearchFilter: uid=%U
OID
2.16.840.1.113730.3.1.699
inetDomainStatus
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Applications using a DC Tree as their entry point (RFC 2247 compliant compatibility mode LDAP data model) may choose to respect application specific status attributes, but must consume and respect this attribute on the affiliated physical node (Organization Tree). In other words, for compatibility mode, both the DC Tree and the Organization Tree contain this attribute and if the two attribute’s values differ, the one on the Organization Tree will take precedence.
Specifies the global status of a domain for all services. The intent of this attribute is to allow the administrator to temporarily suspend and then reactivate access, or to permanently remove access, by the domain and all its users to all the services enabled for that domain.
This attribute takes one of three values. Supported values are:
Table 3–7 Status Attribute Values|
Value |
Description |
|---|---|
|
active |
Domain is active and users in the domain may use services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service. |
|
inactive |
Domain is inactive. The account may not use any services granted by service-specific object classes. This state overrides individual service status set using the service’s status attributes. |
|
deleted |
Domain is marked as deleted. The account may remain in this state within the directory for some time (pending purging of deleted users). Service requests for all users in a domain marked as deleted will return permanent failures. |
A missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Similarly, this attribute is used for calendar services when evaluating status. The status attributes used are: inetDomainStatus, icsStatus (of icsCalendarDomain), either inetResourceStatus or inetUserStatus, and icsStatus (of either icsCalendarResource or icsCalendarUser).
In addition, in compatibility mode, when this attribute decorates both the DC Tree and the Organization Tree, both attributes should agree. Administrators are responsible for keeping the two synchronized. If the two attributes do not have the same value, Messaging Server will use the value found in the Organization Tree, while some other legacy application might be using the DC Tree attribute only. This could cause unpredictable results.
For more information on native and compatibility mode LDAP schemes, see the Sun Java Enterprise System Installation Guide.
Example
inetDomainStatus: active
OID
2.16.840.1.113730.3.1.691
inetMailGroupStatus
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Current status of a mail group.
The following table lists the possible status values and gives a description of each:
|
active |
Messages are delivered to the members of the mailing list. |
|
inactive |
Messages sent to the mailing list result in a transient failure. |
|
disabled |
Mailing list is disabled. Messages sent to the mailing list result in a permanent failure returned to the sending MTA with text specified by the ERROR_TEXT_DISABLED_GROUP MTA option. If option is not set, the message "group disabled; cannot receive new mail" will be used. |
|
deleted |
Mailing list can be purged from the directory. Messages sent to the group return a permanent failure. |
A missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that interact with each other: inetDomainStatus, mailDomainStatus, inetGroupStatus, and inetMailGroupStatus. These are considered in the order just given. The first one with a status of active takes precedence over the setting of all the others.
The MTA option LDAP_GROUP_STATUS can be used to specify a different attribute to be used for group status.
Example
inetMailGroupStatus:active
OID
2.16.840.1.113730.3.1.786
inetResourceStatus
Origin
Calendar Server
Syntax
cis, single-valued
Object Classes
Definition
This is a global status for resources. It holds the current status of the resource: active, inactive, or deleted for all services. It is used by Access Manager to manage resources. Status changes can be made to a resource’s status using the commcli interface, or by directly changing the LDAP entry for the group.
The following table lists the attribute’s values and their meanings:
Table 3–8 Status Attribute Values|
Value |
Description |
|---|---|
|
active |
The resource is active and it may be used in services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service. |
|
inactive |
Resource is inactive. The resource may not be used in any services granted by service-specific object classes. This state overrides individual service status set using the service’s status attributes. |
|
deleted |
Resource is marked as deleted. The resource may remain in this state within the directory for some time (pending purging of deleted resources). Service requests for all resources marked as deleted will return permanent failures. |
There are several status attributes that are evaluated to determine status. They are evaluated in this order: inetDomainStatus, icsStatus (for icsCalendarDomain), inetResourceStatus, icsStatus (for icsCalendarResource). These are considered in the order just given. The first one with a status of active takes precedence over the setting of all the others.
Example
inetResourceStatus: active
OID
2.16.840.1.113730.3.1.758
inetSubscriberAccountId
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
A unique account ID used for billing purposes.
Example
inetSubscriberAccountId: A3560B0
OID
2.16.840.1.113730.3.1.694
inetSubscriberChallenge
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Attribute for storing the challenge phrase used to identify the subscriber. Used in conjunction with the inetSubscriberResponse.
Example
inetSubscriberChallenge=Mother’s Maiden Name
OID
2.16.840.1.113730.3.1.695
inetSubscriberResponse
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Attribute for storing the response to the challenge phrase.
Example
inetSubscriberResponse=Mamasita
OID
2.16.840.1.113730.3.1.696
inetUserHttpURL
Origin
Messaging Server 5.0, deprecated in Messaging Server 6.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute is deprecated for the user class inetUser starting in Messaging Server 6.0 and is likely to be removed from the object class in future versions of the schema.
User’s primary URL for publishing Web content. This is an informational attribute and may be used in phonebook-type applications. It is not intended to have any operational impact.
Example
inetUserHttpURL: http://www.siroe.com/theotis
OID
2.16.840.1.113730.3.1.693
inetUserStatus
Origin
Messaging Server 5.0, Calendar Server 5.1.1
Syntax
cis, single-valued
Object Classes
Definition
Specifies the status of a user’s account with regard to global server access. This attribute enables the administrator to temporarily suspend, reactivate, or permanently remove access to all services for a user account.
The following table lists the values for this attribute:
Table 3–9 Status Attribute Values
A missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
For calendar services, the attributes evaluated are: inetDomainStatus, icsStatus (for icsCalendarDomain), inetUserStatus, icsStatus (for icsCalendarUser).
When this attribute applies to a static group, defined using the inetUser object class, inactivating (disabling) the group only applies to the group itself and not the users in the group.
To disable the users of a group, create a dynamic group by assigning roles to the users, and then disable the role (which disables all users assigned to that role). For more information about roles, see the Sun Java System Directory Server Administrator’s Guide.
The MTA option LDAP_USER_STATUS can be used to specify a different attribute to be used for user status.
Example
inetUserStatus=inactive
OID
2.16.840.1.113730.3.1.692
Origin
Messaging Server 5.0, Calendar Server
Syntax
cis, single-valued (RFC 822 address)
Object Classes
inetLocalMailRecipient, icsCalendarResource, icsCalendarUser, icsCalendarGroup
Definition
Identifies the primary email address for a user, Calendar group, or Calendar resource. This is the email address retrieved and displayed by white-pages lookup applications.
This attribute and mailAlternateAddress, are the default attributes used for reverse searches.
Example
mail=jdoe@sesta.com
OID
0.9.2342.19200300.100.1.3
mailAccessProxyPreAuth
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Attribute tells the MMP if the users in this domain have to be preauthenticated. Permitted values are yes or no.
Example
mailAccessProxyPreAuth=yes
OID
2.16.840.1.113730.3.1.769
mailAccessProxyReplay
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute tells the Messaging Multiplexor how to reconstruct the login string when replaying the login sequence with the back-end mail server. A missing attribute implies that the message access proxies construct the replay string based on the login name used by the client, the domain of the client, and the login separator used for this service. The mailAccessProxyReplay attribute overrides this default behavior when the message access proxy has a different back-end server than Communications Suite.
The syntax is that of a login string, with the following substitutions:
-
%U: Login name. That is, the name part of the login string, if it is a {name, domain} compound.
-
%V: Domain part of the login string.
-
%[attr]: The value of the LDAP user attribute.
Examples
-
If the client logs in as hugo and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay=%U@%V, the replayed login string is hugo@yoyo.com.
-
If the client logs in as hugo, and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay=%[surname]@%V, the replayed login string is the value of the surname attribute of the client.
-
If the client logs in as hugo+yoyo.com, and the login separator for the service used is +, and mailAccessProxyReplay=%U@%V, the replayed login string is hugo@yoyo.com.
-
If the client logs in as hugo, and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay is not defined, and the login separator for the service used is +, the replayed login string is hugo+yoyo.com.
OID
2.16.840.1.113730.3.1.763
mailAdminRole
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Specifies the administrative role assigned to the members of the group. The only legal value for this attribute is storeAdmin. The object class that contains this attribute inetMailAdministrator is overlaid on a group entry to grant members of a group administrative privileges over part of the mail server. Currently the only privilege group members inherit are rights to perform proxy authentication for any user in the domain. These rights extend over users in the same domain as where the group is defined. To grant such privileges the attribute mailAdminRole must be set to the value storeAdmin.
Example
mailAdminRole: storeAdmin
OID
2.16.840.1.113730.3.1.780
mailAllowedServiceAccess
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Stores access filters (rules). If no rules are specified, then user is allowed access to all services from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:
-
Access is granted if the client information matches an allow filter for that service.
-
Access is denied if the client information matches a deny filter for that service.
-
If no match is made with any allow or deny filters, access is granted, except in the case where there are allow filters but no deny filters. In this case, a lack of match means access is denied.
Note the effect of the preceding rule:
-
If no rule is specified for mailAllowedServiceAccess, users are allowed access to all services from all clients.
-
If an allow filter is explicitly specified for any service, users are denied access to all other services that are not specified.
For example, suppose you want to enable S/MIME for a domain. If you do not specify any allow filters or deny filters for mailAllowedServiceAccess, S/MIME is enabled.
Now suppose you specify an allow filter for the pop service. In this case, S/MIME is disabled until you also specify an allow filter for the smime service.
For a full explanation of access filters and an alternate way to control access through the administration console or the config utility, see “Configuring Client Access to POP, IMAP, and HTTP Services” in the Sun Java System Messaging Server 6.3 Administration Guide.
Rule Syntax
"+" or "-"service_list":"client_list
+ (allow filter) means the services in the service list are being granted to the client list.
- (deny filter) means the services are being denied to the client list.
service_list is a comma separated list of services to which access is being granted or denied.
Legal service names are: imap, imaps, pop, pops, smtp, smtps, http, and smime. Note that the MMP supports imap, imaps, pop, pops, and smtp, and smime. The back-end supports imap, pop, smtp, http, and smime.
client_list is a comma separated list of clients (domains) to which access is being granted or denied.
Wild cards can be substituted for the client list (domains). The following table shows the legal wild cards and gives a description of each:
Table 3–10 Wild cards|
Wild cards |
Description |
|---|---|
|
ALL, * |
The universal wild card. Matches all names. |
|
DNSSPOOFER |
Matches any host whose DNS name does not match its own IP address. |
|
KNOWN |
Matches any host whose name and address are known. Use with care. |
|
LOCAL |
Matches any local host (one whose name does not contain a dot character). If your installation uses only canonical names, even local host names will contain dots and thus will not match this wild card. |
|
UNKNOWN |
Matches any host whose name or address are unknown. Use this with care. |
The following wild cards can be used for the service list: *, ALL.
Except Operator
The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule’s service list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.
The EXCEPT format is:
list1 EXCEPT list2
where list1 is a comma separated list of services and list2 is a comma separated lists of clients.
Example
This example shows a single rule with multiple services and a single wild card for the client list.
mailAllowedServiceAccess: +imap,pop,http:*
This example shows multiple rules, but each rule is simplified to have only one service name and uses wild cards for the client list. (This is the most commonly used method of specifying access control in LDIF files.)
mailAllowedServiceAccess: +imap:ALL$+pop:ALL$+http:ALL
An example of how to disallow all services for a user is:
mailAllowedServiceAccess: -imap:*$-pop:*$-http:*
An example of a rule with an EXCEPT operator is:
mailAllowedServiceAccess: -ALL:ALL EXCEPT server1.sesta.com
This example denies access to all services for all clients except those on the host machine server1.sesta.com.
The following example shows how to restrict user access to SSL-encrypted POP and IMAP access only:
mailAllowedServiceAccess: +imaps,pops:*$+imap,pop:MMP IP address
In the preceding example, note that the back-end servers do not recognize the pops and imaps service names, so it is necessary to grant the MMP IP address(es) pop and imap service access. Otherwise, connections for that user between the MMP and the back-end servers will be rejected.
OID
2.16.840.1.113730.3.1.777
mailAlternateAddress
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
inetLocalMailRecipient, pabPerson
Definition
Alternate RFC 822 email address of this recipient. If the MTA receives mail with a “to” header with this email address, it rewrites the header with the value of the mail attribute and routes the email to that inbox. The reverse-pointing addresses are rewritten from the value of any of a user's mailAlternateAddress attributes to the value of the user's mail attribute. (That is, the MTA will rewrite the following headers, if they match this attribute, to the value of the user's mail attribute.)
The mailEquivalentAddress attribute works similarly to route the email, but does not rewrite the header.
The local part of the address may be omitted to designate a user/group as the catchall address. A catchall domain address is an address that will receive mail to a specified domain if the MTA does not find an exact user address match with that domain.
This attribute, along with mail, are the default attributes used for reverse searches.
Example
mailAlternateAddress: jdoe@sesta.com
To specify a mail catchall address:
mailAlternateAddress: @sesta.com
OID
2.16.840.1.113730.3.1.13
mailAntiUBEService
Origin
Messaging Server 5.2
Syntax
cis, multi-valued
Object Classes
Definition
The string values given by this and other opt in attributes are collected and passed to the filtering agent being used (for instance, Brightmail).
For Brightmail spam and virus checking, the interpretation of these strings is specified in the Brightmail configuration file. Brightmail uses the information from this attribute for its processing.
There are two Brightmail values:
-
spam– When a spam message is found by the anti-UBE service, take the action specified in a system wide configuration option.
-
virus - When a virus in a message is detected by the anti-UBE service, take the action specified in a system wide configuration option.
SpamAssasin, another filtering agent, does not use the actual value of the attribute; it can be set to anything.
While another attribute can be named in the option.dat setting for LDAP_OPTIN, it is not recommended. (For more information on Brightmail, see the Messaging Server Administration Guide.)
To use this attribute to specify per user opt in values, set the following in the option.dat file:
LDAP_OPTIN=mailAntiUBEService
To use the attribute to specify domain level opt in values, set the following in the option.dat file:
LDAP_DOMAIN_ATTR_OPTIN=mailAntiUBEService
Example
mailAntiUBEService: virus mailAntiUBEService: spam
OID
Unknown
mailAutoReplyMode
Origin
Messaging Server 5.0 (for reply mode), Messaging Server 5.2 patch 1 (for echo mode)
Syntax
cis, single-valued
Object Classes
Definition
Specifies the autoreply mode for user mail account. This is one of several autoreply attributes used when autoreply is an active mail delivery option. The two modes for autoreply are:
-
echo– Echo the original message with the added mailAutoReplyText or mailAutoReplyTextInternal to the original sender. This occurs only once a week per sender.
If you want the message to be echoed for each message from every sender regardless of how recently a previous reply was sent, set the mailAutoReplyTimeOut to 0, which will cause the reply message to be sent every time.
-
reply– Send a fixed reply, contained in attributes mailAutoReplyText or mailAutoReplyTextInternal, to the original sender.
Example
mailAutoReplyMode: reply
OID
2.16.840.1.113730.3.1.14
mailAutoReplySubject
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Subject text of autoreply response. $SUBJECT can be used to insert the subject of the original message into the response.
Example
mailAutoreplySubject: I am on vacation
OID
2.16.840.1.113730.3.1.772
mailAutoReplyText
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Autoreply text sent to all senders except users in the recipient’s domain. If not specified, external users receive no auto response.
Example
mailAutoreplyText: Please contact me later.
OID
2.16.840.1.113730.3.1.15
mailAutoReplyTextInternal
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Autoreply text sent to senders from the recipients domain. If not specified, then internal uses get the mail autoreply text message.
Example
mailAutoreplyTextInternal: Please contact me later.
OID
2.16.840.1.113730.3.1.773
mailAutoReplyTimeOut
Origin
Messaging Server 5.0
Syntax
integer, single-valued
Object Classes
Definition
Duration, in hours, for successive autoreply responses to any given mail sender. If the value is set to 0 for mailAutoReplyMode: echo then a response is sent back every time a message is received. Autoreply responses are sent out only if the recipient is listed in the “to” or “cc:” of the original message.
Example
mailAutoreplyTimeout: 48
OID
2.16.840.1.113730.3.1.771
mailClientAttachmentQuota
Origin
Messaging Server 5.0
Syntax
integer, single-valued
Object Classes
Definition
A positive integer value indicating the number of attachments the Messenger Express user can send per message in this domain. A value of -1 means no limit on attachments.
Example
mailClientAttachmentQuota: 12
OID
2.16.840.1.113730.3.1.768
mailConversionTag
Origin
Messaging Server 5.2
Syntax
cis, multi-valued (ASCII string)
Object Classes
inetMailGroup, inetMailUser
Definition
Method of specifying unique conversion behavior for a user or group entry. A message sent to this user or group will match any conversion file entries that require the specified value of the tag. (Any string value can be associated with this attribute.)
Tag-specific conversion actions are specified in the MTA configuration.
The MTA option used to override this attribute is LDAP_CONVERSION_TAG.
Example
No example given.
OID
Unknown
mailDeferProcessing
Origin
Messaging Server 5.2
Syntax
cis, single-valued (ASCII string)
Object Classes
inetMailGroup, inetMailUser
Definition
Controls whether or not address expansion of the current user or group entry is performed immediately (value is “No”), or deferred (value is “Yes”).
Note –
A different attribute (other than mailDeferProcessing) can be designated for this purpose in the MTA option LDAP_REPROCESS.
Deferral takes place if the value is “Yes” and the current source channel isn’t the reprocess channel. Deferral is accomplished by directing the user or group’s address to the reprocess channel. That is, the expansion of the alias is aborted and the original address (user@domain) is queued to the reprocess channel.
If this attribute does not exist, the setting of the deferred processing flag associated with delivery options processing is checked. If it is set, processing is deferred.
If it is not set, the default for users is to process immediately (as if the value of this attribute were “No”).
The default for groups (such as mailing lists) is controlled by the MTA option DEFER_GROUP_PROCESSING, which defaults to 1 (yes).
Best Practices Suggestions for Duplicate Message Problem
Getting duplicate copies of messages can happen. For example, if a user sends an email to both addresseeA, and groupA that contains addresseeA, and DEFER_GROUP_PROCESSING=1 and this attribute is No, then the message immediately duplicates, such that addresseeA gets two copies, one that came directly, and one that took the deferred expansion hop through the reprocess channel for groupA to get expanded.
While disabling deferred group expansion would eliminate the duplicate, that’s not a good idea if you have a lot of large groups. Using expandlimit 1 can potentially cause unnecessary overhead on general, non-group, multi-recipient messages.
To minimize the effect of this situation, the following two solutions are best practices:
-
For installations with only a few small groups, setting the default DEFER_GROUP_PROCESSING=1, and this attribute to No, gives you duplicates but also gives you two major benefits:
-
You don’t have to bother running the reprocess channel, which makes a bit less overhead and a bit faster delivery.
-
The potential for eliminating duplicate addresses is increased.
If your installation has many small groups and only a few large groups, then set DEFER_GROUP_PROCESSING=0, and this attribute to Yes for the few large groups.
-
Example
The default for mail users:
mailDeferProcessing: No
The default for mailing lists:
mailDeferProcessing:Yes
OID
Unknown
mailDeliveryFileURL
Origin
Messaging Server 5.0
Syntax
ces, single-valued
Object Classes
Definition
Fully qualified local path of file to which all messages sent to the mailing list are appended. Used in conjunction with mailDeliveryOption: file.
The MTA option used to override this attribute’s value is LDAP_PROGRAM_FILE.
Example
mailDeliveryFileURL: /home/dreamteam/mail_archive
OID
2.16.840.1.113730.3.1.787
mailDeliveryOption
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Specifies delivery options for the mail recipient. One or more values are permitted on a user or group entry, supporting multiple delivery paths for inbound messages. Values will apply differently depending on whether the attribute is used in inetMailGroup or inetMailUser.
Note, that the mailUserStatus attribute is processed before this attribute. If mailUserStatus is set to hold, an internal flag is set so that when mailDeliveryOption is processed, the mailUserStatus hold overrides whatever delivery options are specified with mailDeliveryOption.
For users, delivery addresses are generated for each valid delivery option value.
Valid values are:
For users only (inetMailUser):
-
autoreply– Specifies autoreply is turned on for the user. Messages on which the recipient is listed in the “To:” or “Cc:” header fields of the message are sent to the autoreply channel where an autoreply message is generated and sent to the original sender.
-
hold– A recipient is temporarily halted from receiving messages. Note that unlike mailUserStatus, hold for this attribute does not disallow POP, IMAP and WebMail access. For this attribute, hold only halts delivery to the recipient’s mailbox, but access is still allowed.
-
mailbox– Deliver messages to the user’s IMAP/POP store.
-
native or unix– Deliver messages to the user’s /var/mail store INBOX. The store is in Berkeley mailbox format. Messaging Server does not support /var/mail access. Users must use UNIX tools to access mail from the /var/mail store.
For groups only (inetMailGroup):
-
file– Messages are appended to the file specified in the attribute mailDeliveryFileURL.
-
members– Messages are sent to members of the mailing list. If missing, the default is assumed to be members.
-
members_offline– To defer processing for this group, set the attribute to this value, and set the option.dat file option DEFER_GROUP_PROCESSING to zero (0).
Both users and groups:
These values are handled the same for both users and groups.
-
program– Messages are delivered to a program, which is on the approved list of programs (specified in MTA’s configuration). The name of the program is specified in the attribute mailProgramdeliveryInfo.
-
forward– Specifies that messages will be forwarded. The forwarding address is specified in the attribute mailForwardingAddress. Note that when this value is set, mailForwardingAddress must be set to keep the mail system in sync.
The MTA option DELIVERY_OPTIONS, found in the msg-svr-base/config/option.dat file, defines how each of the previously listed values will be processed.
The MTA option used to override this attribute’s value is LDAP_DELIVERY_OPTION.
Example
mailDeliveryOption: mailbox
OID
2.16.840.1.113730.3.1.16
mailDomainAllowedServiceAccess
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Stores access filters (rules). If no rules are specified, then domain is allowed access to all services from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:
-
Access is granted if the client information matches an allow filter for that service.
-
Access is denied if the client information matches a deny filter for that service.
-
If no match is made with any allow or deny filters, access is granted, except in the case where there are allow filters but no deny filters. In this case, a lack of match means access is denied.
Note the effect of the preceding rule:
-
If no rule is specified for mailAllowedServiceAccess, users are allowed access to all services from all clients.
-
If an allow filter is explicitly specified for any service, users are denied access to all other services that are not specified.
For example, suppose you want to enable S/MIME for a domain. If you do not specify any allow filters or deny filters for mailAllowedServiceAccess, S/MIME is enabled.
Now suppose you specify an allow filter for the pop service. In this case, S/MIME is disabled until you also specify an allow filter for the smime service.
For a full explanation of access filters and an alternate way to control access through the administration console or the config utility, see “Configuring Client Access to POP, IMAP, and HTTP Services” in the Messaging Server Administration Guide.
Rule Syntax
+ or - <service_list\>":"<client_list\>
+ (allow filter) means the service list services are being granted to the client list.
- (deny filter) means the services are being denied to the client list.
service_list is a comma separated list of services to which access is being granted or denied.
Legal service names are: imap, imaps, pop, pops, smtp, smtps, http, and smime. Note that the MMP supports imap, imaps, pop, pops, and smtp, and smime. The back-end supports imap, pop, smtp, http, and smime.
client_list is a comma separated list of clients (domains) to which access is being granted or denied.
Wild cards can be substituted for the client list (domains). The following table shows the allowed wild cards and describes each of them:
Table 3–11 Wild Cards|
Wild cards |
Meanings |
|---|---|
|
ALL, * |
The universal wild card. Matches all names. |
|
DNSSPOOFER |
Matches any host whose DNS name does not match its own IP address. |
|
KNOWN |
Matches any host whose name and address are known. Use with care. |
|
LOCAL |
Matches any local host (one whose name does not contain a dot character). If your installation uses only canonical names, even local host names will contain dots and thus will not match this wild card. |
|
UNKNOWN |
Matches any host whose name or address are unknown. Use this with care. |
The following wild cards can be used for the service list: *, ALL.
Except Operator
The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule’s service list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.
The EXCEPT format is:
list 1 EXCEPT list 2
A list is a comma separated list of services or clients.
Example
This example shows a single rule with multiple services and a single wild card for the client list.
mailDomainAllowedServiceAccess: +imap,pop,http:*
This example shows multiple rules, but each rule is simplified to have only one service name and uses wild cards for the client list.
mailDomainAllowedServiceAccess: +imap:ALL$+pop:ALL$+http:ALL
The second example is probably the most commonly used in Messaging Server LDIF files.
An example of a rule with an EXCEPT operator is:
mailDomainAllowedServiceAccess: -ALL:ALL EXCEPT server1.sesta.com
This example denies access to all services for all clients except those on the host machine server1.sesta.com.
OID
2.16.840.1.113730.3.1.764
mailDomainCatchallAddress
Origin
Messaging Server 5.2
Syntax
cis, single-valued (RFC 822 mailbox)
Object Classes
Definition
Specifies an address to be substituted for any address in the domain that doesn’t match any user or group in the domain.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_CATCHALL_ADDRESS.
Example
No example given.
OID
Unknown
mailDomainConversionTag
Origin
Messaging Server 5.2
Syntax
cis, multi-valued (ASCII string)
Object Classes
Definition
Method of specifying unique conversion behavior for any user in the domain. A message sent to a user in this domain will match any conversion file entries that require the specified value of the tag. (Any string value can be associated with this attribute.)
Tag-specific conversion actions are specified in the MTA configuration.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_CONVERSION_TAG.
Example
No example given.
OID
Unknown
mailDomainDiskQuota
Origin
Messaging Server 5.0
Syntax
integer, single-valued
Object Classes
Definition
Disk quota, in bytes, for all users in the domain. If domain quota enforcement is activated, then domains exceeding this quota stop receiving more messages until the domain messages no longer exceed the quota. Domain quota enforcement is activated using the command imquotacheck -f -d <domain\>.
Valid numeric values for mailDomainDiskQuota are
pos_num[G|M|K] or -1 or -2.
where pos_num is a positive number up to a maximum of 4294966272
and G (gigabytes), M (megabytes), and K (kilobytes) are the valid units of measurement.
You can specify the full quota value as a positive number by itself (for example, 20000000) or use a unit of measurement (for example, 20M).
The maximum mailDomainDiskQuota value is 4096G.
Specifying a mailDomainDiskQuota value of 0 will mean that no mail will be delivered.
You can also use the values shown in the following table.
Table 3–12 mailDomainDiskQuota Values|
Value |
Meaning |
|---|---|
|
-1 |
No limit on space usage allowed. |
|
-2 |
Use system default quota. |
Example
To specify a quota of 4 gigabytes:
mailDomainDiskQuota: 4G
To specify the system default quota, do not add mailDomainDiskQuota to the LDAP entry. Or you can use the following value:
mailDomainDiskQuota: -2
OID
2.16.840.1.113730.3.1.766
mailDomainMsgMaxBlocks
Origin
Messaging Server 5.2
Syntax
integer, single-valued
Object Classes
mailDomain
Definition
Imposes a size limit in units of MTA blocks on all messages sent to addresses in this domain. This limit doesn’t apply to messages sent by users from this domain.
The value of this attribute is overridden by the value of mailMsgMaxBlocks, if set.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_BLOCKLIMIT.
Example
No example given.
OID
Unknown
mailDomainMsgQuota
Origin
Messaging Server 5.0
Syntax
integer, single-valued
Object Classes
Definition
Quota of number of messages permitted for all users in this domain. If domain quota enforcement is activated, then the domain exceeding this quota will stop receiving more messages until the messages no longer exceed the quota. Domain quota enforcement is activated using the command imquotacheck -f -d <domain\>.
Example
mailDomainMsgQuota: 2000000
OID
2.16.840.1.113730.3.1.767
mailDomainReportAddress
Origin
Messaging Server 5.2
Syntax
cis, single-valued (RFC 822 mailbox)
Object Classes
Definition
This value is used as the header From: address in DSN's reporting problems associated with recipient addresses in the domain. It is also used when reporting problems to users within the domain regarding errors associated with non-local addresses.
If this attribute is not set, the reporting address will default to postmaster@domain.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_REPORT_ADDRESS.
Example
No example given.
OID
Unknown
mailDomainSieveRuleSource
Origin
Messaging Server 5.2
Syntax
cis, single-valued (RFC 3028 sieve filter)
Object Classes
Definition
SIEVE filters are not supported by iPlanet Delegated Administrator.
SIEVE filter for all users in the domain. There are two possible forms for the value of this attribute: a single value that contains the complete sieve script (RFC 3028 compliant), and multiple values, with each value containing a piece of the sieve script (not RFC 3028 compliant).
A script has the following form:
require ["fileinto", "reject"];
# $Rule Info: Order=(1-infinity, or 0 for disabled)
Template=(template-name) Name=(rule name)
if header :is "Sender" "owner-ietf-mta-filters@imc.org"
{ fileinto "filter"; # move to "filter" folder }
if header :is "Subject" "SPAM!" { delete }
Multi-valued Form
Multiple SIEVE scripts per user can be stored in LDAP. To enable the user interface to handle several smaller rules scripts, rather than one script containing all the domain’s rules, this attribute takes multiple values (that is, multiple rules). The server looks at every rule in mailSieveRuleSource.
To provide ordering and possible user interface editing information, there is an optional SIEVE comment line in each rule. This line has the following format:
# $Rule Info: Order=(1-infinity, or 0 for disabled)
All rules that have a Rule Info line will be processed first by the Messaging Server. If Order=0, then this rule is not used in the SIEVE evaluation. Otherwise, the rules are processed in the order provided (1 having highest priority). To accommodate SIEVE rules that might not have been entered using the Rule Info extension, any other rules found are run by the server, in order received from LDAP after all rules with corresponding order values have been processed.
MTA Override Option
The MTA option that overrides this attribute’s value is LDAP_DOMAIN_ATTR_FILTER.
Example
The following example is correctly formed, but Messaging Server ignores discard and reject text, and does not send a reject or discard reply message.
mailSieveRuleSource: require ["fileinto", "reject",
"redirect", "discard"]
if header :contains "Subject" "New Rules Suggestion
{redirect "rules@sesta.com" # Forward message}
if header :contains "Sender" "porn.com"
{discard text:
Your message has been rejected.
Please remove this address from your mailing list.
# Reject message, send reply message.}
if size :over 1M
{reject text:
Please do not send large attachments.
Put your file on a server and send the URL.Thank you.
# Discard message, send reply message.}
if header :contains "Sender" "domainadminstrator@sesta.com
{fileinto complaints.refs # File message}
OID
Unknown
mailDomainStatus
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Current status of the mail domain. Can be one of the following values: active, inactive, deleted, hold, or overquota. This attribute is the mail service domain status. Missing value implies status is active. An illegal value is treated as inactive.
The following table lists the status values:
Table 3–13 Status Values
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
The MTA option that overrides this attribute’s values is LDAP_DOMAIN_ATTR_STATUS. The LDAP_DOMAIN_ATTR_STATUS option does not affect the message store or Delegated Administrator commadmin utility, which only recognize and use the current value of mailDomainStatus.
Example
mailDomainStatus: active
OID
2.16.840.1.113730.3.1.770
mailDomainWelcomeMessage
Origin
Messaging Server 6.0
Syntax
cis, single-valued
Object Classes
Definition
Welcome message sent to new users added to this domain. The message must contain a header and a message body. The message header must contain at least a subject line. The header and body are separated by a blank line. Enter the mail-domain welcome message on a single line. You must use a $ (dollar sign) to represent a new line. To indicate a blank line, use $$ (two dollar signs).
You can use the following variables in the mail-domain welcome message:
[ID] The userid (message store user ID).
[URL] The url location specified with the configutil parameter, gen.accounturl. You can configure this parameter to point the user to, for example, the url of the administrative interface where the user can customize the client configuration.
Example
The following example would be entered on a single line, even though it appears on this page on multiple lines:
mailDomainWelcomeMessage: From: postmaster@siroe.com$Subject: Welcome!$$ Dear [ID],$Welcome to the mail system.$To customize your email preferences, please go to the following url:$$[URL]$$-postmaster@siroe.com |
When the user anne logs in for the first time, the following sample mail-domain welcome message would be displayed (depending on the url configuration):
From: postmaster@siroe.com Subject: Welcome! To: anne@siroe.com Date: Tue, 7 Nov 2006 10:10:04 -0800 MIME-Version 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Dear anne, Welcome to the mail system. To customize your email preferences, please go to the following url: http://anne@west.siroe.com:8080/bin/user/admin/bin/enduser -postmaster@siroe.com |
OID
2.16.840.1.113730.3.1.765
mailEquivalentAddress
Origin
Messaging Server 5.2
Syntax
cis, multi-valued (RFC 822 addr-spec)
Object Classes
inetMailGroup, inetMailUser
Definition
Equivalent to mailAlternateAddress in regard to mail routing, except with this attribute, the header doesn’t get rewritten.
Note that mailEquivalentAddress is searched for when the system is deciding where to deliver messages, but it is not one of the attributes searched for when doing REVERSE_URL address reversal.
This attribute works only for direct LDAP mode, not with the deprecated imsimta dirsync option.
Example
mailEquivalentAddress: jdoe@sesta.com
mailEquvalentAddress: @sesta.com (catchall domain address)
OID
Unknown
mailFolderName
Origin
Messaging Server 6.2
Syntax
cis, single-valued
Object Classes
Definition
This attribute specifies the name of a public folder.
Example
mailFolderName: Announcements
OID
Unknown
mailForwardingAddress
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
This attribute stores one or more forwarding addresses for inbound messages. Addresses are specified in RFC 822 format. Messages are forwarded to the listed address when mailDeliveryOption: forward is set.
Note that both mailDeiveryOption and this attribute must be set in order to keep the mail system in sync.
Example
mailForwardingAddress: kokomo@sesta.com
OID
2.16.840.1.113730.3.1.17
mailHost
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
For a user or group entry, the fully qualified host name of the MTA that is the final destination of messages sent to this recipient. To be deemed local, the user entry must have this attribute, and it must match either the local.hostname configutil attribute, or one of the names specified by the local.imta.hostnamealiases configutil attribute. Otherwise, a new source routed address is generated in the form: @mailhost:user@domain and will be processed through the rewrite rules.
If a user entry does not have this attribute, the generated address will use the mailRoutingSmartHost hostname associated with the domain @smarthost:user@domain. If the domain has no mailRoutingSmartHost attribute, the address is discarded and a 5xx error is reported.
If a group entry does not have this attribute, the group is processed locally.
The MTA option that overrides this attribute’s value is LDAP_MAILHOST.
Example
mailHost: mail.siroe.com
OID
2.16.840.1.113730.3.1.18
mailMessageStore
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Specifies the message store partition name for the user. The mapping between the partition name and the file system location of the store is kept in the message store configuration. If not specified, the default store partition specified in the server configuration is used.
Example
mailMessageStore: secondary
OID
2.16.840.1.113730.3.1.19
mailMsgMaxBlocks
Origin
Messaging Server 5.2
Syntax
integer, single-valued
Object Classes
inetMailGroup, inetMailUser
Definition
The size in units of MTA blocks of the largest message that can be sent to this user or group. The limit doesn’t apply to messages sent by the user.
If this attribute is set, it overrides the value of mailDomainMsgMaxBlocks.
The MTA option that overrides the attribute’s value is LDAP_BLOCKLIMIT.
Example
No example given.
OID
Unknown
mailMsgQuota
Origin
Messaging Server 5.0
Syntax
integer, single-valued
Object Classes
Definition
Maximum number of messages permitted for a user is set with mailMsgQuota. This is a cumulative count for all folders in the store.
This attribute also can specify the number of messages allowed for a particular folder or message type.
Although mailMsgQuota is a single-valued attribute, you can use it to specify multiple quota values. You can set individual quota values for specific folders and message types. For details, see Specifying Quotas for Folders and Message Types.
If the mailMsgQuota attribute is missing, the system default quota is used. This is defined by the configutil parameter store.defaultmessagequota.
During server configuration, quota enforcement must be turned on for mailMsgQuota to take effect. Both soft and hard quotas can be set. (See the Sun Java System Messaging Server 6.3 Administration Guide.)
The MTA option override is LDAP_MESSAGE_QUOTA.
To specify a mailMsgQuota value for the user's entire mailbox tree, use the following format:
mailMsgQuota: msgquota |
where
msgquota is the number of messages.
msgquota Values
Valid values for msgquota are up to a maximum of 4294966272. Specifying a msgquota value of 0 will mean that no mail will be delivered. You can also use the values shown in the following table:
Table 3–14 MsgQuota Values|
Value |
Meaning |
|---|---|
|
-1 |
No limit on number of messages allowed |
|
-2 |
Use system default quota |
Specifying Quotas for Folders and Message Types
To enable the quotas for individual folders or specific message types, you must run the configutil command with the parameters store.quotafolder.enable and store.typequota.enable.
To enable and configure message types, you also must enable the configutil parameter store.messagetype.enable and configure other configutil parameters.
Guidelines for Specifying Multiple Quota Values
You can specify the following mailMsgQuota values for a user's mailbox tree:
-
Quota values for specific folders in the user's mailbox
-
Quota values for specific message types such as voice mail or text messages. A message type quota applies to messages of that type in all folders in the user's mailbox.
-
A default quota value that applies to all folders and message types in the user's mailbox that are not explicitly assigned quotas.
The following guidelines apply when you assign multiple quota values for a user:
-
Quotas do not overlap. For example, when there is a quota for a particular message type or folder, messages of that type or messages in that folder are not counted toward the default quota. Each message counts toward one and only one quota.
-
The total quota for the whole user mailbox equals the sum of the values of all the quotas specified by default, type, and folder.
-
Message type quotas take precedence over folder quotas. For example, suppose one quota is specified for a user's memos folder and another quota is specified for voice messages. Now suppose the user stores eight voice messages in the memos folder. The eight messages are counted toward the voice-mail quota and excluded from the memos folder quota.
Formatting Quota Values for Folders and Message Types
To specify mailMsgQuota values for folders or message types, use the following format:
mailMsgQuota: {msgquota}[;{name}%{msgquota}]...
|
where
{msgquota} is the number of messages. For a description of the valid numeric values, see msgquota Values.
{name} is the name of the folder or message type.
The semicolon (“;” ) is a separator that separates multiple quota values.
The percent sign (“%”) associates a folder or message-type name with the quota value that follows it.
Additional Formatting Guidelines for Quota Values
-
The first {msgquota} in the syntax shown above–that is, the first quota value entered after the mailMsgQuota attribute—does not have a name. This value represents the default quota for all folders in the user's mailbox that are not explicitly assigned quotas. The default value applies to all the unnamed folders combined, not individual folders.
-
A message-type name starts with a pound sign (“#”).
-
A folder name does not start with a pound sign (“#”).
-
The “%” and “#” signs are not allowed in folder names or message-type names.
Example
To specify a quota of 2,000 messages:
mailMsgQuota: 2000
To specify the system default quota, do not add mailMsgQuota to the LDAP entry. Or you can use the following value:
mailMsgQuota: -2
To specify a default quota of 2,000 messages for all user folders not explicitly assigned a quota; a voice-message quota of 100 messages; and a quota for the Archive folder of 4,000 messages:
mailMsgQuota: 2000;#voice%100;Archive%4000
In the preceding example, the 2,000–message default quota includes messages in all user folders except the Archive folder; it also excludes voice messages. The 100–message voice-mail quota includes voice messages in all user folders, including the Archive folder. The 4,000–message Archive-folder quota includes messages in the Archive folder and its subfolders; it includes messages of all types except voice messages.
OID
2.16.840.1.113730.3.1.774
mailProgramDeliveryInfo
Origin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
Specifies one or more programs used for program delivery. These programs have to be on the approved list of programs that the messaging server is permitted to execute for a domain. The attribute value specifies a reference to a program. That reference is resolved from the approved list of programs. The resolved reference also provides the program parameters and execution permissions. Used in conjunction with the mailDeliveryOption: program.
The value of this attribute should be used as the value for the method name (-m value) when running imsimta program.
The program approval process is documented further in the Sun Java System Messaging Server 6.3 Administration Guide.
The MTA option used to name a different attribute for this function is LDAP_PROGRAM_INFO.
Example
mailProgramDeliveryInfo: procmail
OID
2.16.840.1.113730.3.1.20
mailPublicFolderDefaultRights
Origin
Messaging Server 6.2
Syntax
cis, multi-valued
Object Classes
Definition
Specifies the access control rights granted for this public folder. Each value of this attribute consists of two parts separated by a space. The two parts are: an identifier, as specified in RFC 2086, and a list of access rights, mod_rights, as shown in the following table:
Table 3–15 Access Rights for a Public Folder|
Allowed Characters |
Name |
Actions Permitted |
|---|---|---|
|
l |
lookup |
Mailbox is visible to LIST/LSUB commands. |
|
r |
read |
SELECT the mailbox, perform CHECK, FETCH, PARTIAL, SEARCH, COPY from mailbox. |
|
s |
seen |
Keep seen/unseen information across sessions. (STORE SEEN flag) |
|
w |
write |
STORE flags other than SEEN and DELETED. |
|
i |
insert |
Perform APPEND, COPY into mailbox. |
|
p |
post |
Send mail to submission address for mailbox (not enforced by IMAP 4 itself). |
|
c |
create |
CREATE new sub-maiboxes in any implementation-defined hierarchy. |
|
d |
delete |
STORE DELETED flag, perform EXPUNGE. |
|
a |
administer |
Perform SETACL. |
Messaging Server’s IMAP ACL implementation also defines the following new identifier:
anyone@domain
where domain is a valid domain.
If the attribute is missing, the default rights specified in the mailPublicFolderDefaultRights attribute from the mailDomain object class will be applied. If mailDomain does not contain this attribute, the following default ACL is set when a public folder is first created:
anyone@domain lrs
where domain is a valid domain.
Group identifiers start with the prefix “group=”. Do not put the group identifier prefix on a userid. The message store’s user creation code checks for this.
Examples
mailPublicFolderDefaultRights: anyone@sesta.com lrs mailPublicFolderDefaultRights: group: sales@sesta.com lrs mailPublicFolderDefaultRights: john@sesta.com lrswid
OID
Unknown
mailQuota
Origin
Messaging Server 5.0
Syntax
integer, single-valued
Object Classes
Definition
Specifies, in bytes, the amount of disk space allowed for the user’s mailbox.
This attribute also can specify the amount of disk space allowed for a particular folder or message type.
Although mailQuota is a single-valued attribute, you can use it to specify multiple quota values. You can set individual quota values for specific folders and message types. For details, see Specifying Quotas for Folders and Message Types.
For a description of the numeric values for specifying quotas, see quota Values.
If the mailQuota attribute is not specified, the system default quota is used. The system default is specified in the server configuration parameter store.defaultmailboxquota. Setting the configuration parameter store.quotaenforcement to ”on’ causes the message store to enforce the quota.
Note –
LDAP_DISK_QUOTA is the MTA option used to specify a different attribute name for this function.
To specify a mailQuota value for the user's entire mailbox tree, use the following format:
mailQuota: quota |
where
quota is the number of bytes.
quota Values
Valid numeric values for quota are
pos_num[G|M|K] or -1 or -2.
where pos_num is a positive number up to a maximum of 4294966272
and G (gigabytes), M (megabytes), and K (kilobytes) are the valid units of measurement.
You can specify the full quota value as a positive number by itself (for example, 20000000) or use a unit of measurement (for example, 20M).
The maximum quota value of the user mailbox is 4096G.
Specifying a quota value of 0 will mean that no mail will be delivered.
You can also use the values shown in the following table.
Table 3–16 quota Values|
Value |
Meaning |
|---|---|
|
-1 |
No limit on space usage allowed |
|
-2 |
Use system default quota |
Specifying Quotas for Folders and Message Types
To enable the quotas for individual folders or specific message types, you must run the configutil command with the parameters store.quotafolder.enable and store.typequota.enable.
To enable and configure message types, you also must enable the configutil parameter store.messagetype.enable and configure other configutil parameters.
Guidelines for Specifying Multiple Quota Values
You can specify the following mailQuota values for a user's mailbox tree:
-
Quota values for specific folders in the user's mailbox
-
Quota values for specific message types such as voice mail or text messages. A message type quota applies to messages of that type in all folders in the user's mailbox.
-
A default quota value that applies to all folders and message types in the user's mailbox that are not explicitly assigned quotas.
The following guidelines apply when you assign multiple quota values for a user:
-
Quotas do not overlap. For example, when there is a quota for a particular message type or folder, messages of that type or messages in that folder are not counted toward the default quota. Each message counts toward one and only one quota.
-
The total quota for the whole user mailbox equals the sum of the values of all the quotas specified by default, type, and folder.
-
Message type quotas take precedence over folder quotas. For example, suppose one quota is specified for a user's memos folder and another quota is specified for voice messages. Now suppose the user stores eight voice messages in the memos folder. The eight messages are counted toward the voice-mail quota and excluded from the memos folder quota.
Formatting Quota Values for Folders and Message Types
To specify mailQuota values for folders or message types, use the following format:
mailQuota: {quota}[;{name}%{quota}]...
|
where
{quota} is the number of bytes. For a description of the allowed numeric values, see quota Values.
{name} is the name of the folder or message type.
The semicolon (“;” ) is a separator that separates multiple quota values.
The percent sign (“%”) associates a folder or message-type name with the quota value that follows it.
Additional Formatting Guidelines for Quota Values
-
The first {quota} in the syntax shown above–that is, the first quota value entered after the mailQuota attribute—does not have a name. This value represents the default quota for all folders in the user's mailbox that are not explicitly assigned quotas. The default value applies to all the unnamed folders combined, not individual folders.
-
A message-type name starts with a pound sign (“#”).
-
A folder name does not start with a pound sign (“#”).
-
The “%” and “#” signs are not allowed in folder names or message-type names.
Example
To specify a quota of 4 gigabytes for the user mailbox:
mailQuota: 4G
To specify the system default quota, do not add mailQuota to the LDAP entry. Or you can use the following value:
mailQuota: -2
To specify a 20 MB default quota for all user folders not explicitly assigned a quota; a 10 MB voice-message quota; and a 100 MB quota for the Archive folder:
mailQuota: 20M;#voice%10M;Archive%100M
In the preceding example, the 20 MB default quota includes messages in all user folders except the Archive folder; it also excludes voice messages. The 10 MB voice-message quota includes voices messages in all user folders, including the Archive folder. The 100 MB Archive folder quota includes messages in the Archive folder and its subfolders; it includes messages of all types except voice messages.
OID
2.16.840.1.113730.3.1.21
mailRejectText
Origin
Messaging Server 5.2
Syntax
ces, multi-valued
Object Classes
Definition
The first line of text stored in the first value of this attribute is saved. This text is returned if any of the authentication attributes cause the message to be rejected. Since text can appear in SMTP responses, the value is limited to US-ASCII characters in order to comply with messaging standards.
Note –
LDAP_REJECT_TEXT is the MTA option used to specify a different attribute name for this function.
Example
No example given.
OID
Unknown
mailRoutingAddress
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Used together with mailHost to determine whether or not the address should be acted upon at this time or forwarded to another system.
Note –
LDAP_ROUTING_ADDRESS is the MTA option used to specify a different attribute name for this function.
Example
No example given.
OID
2.16.840.1.113730.3.1.24
mailRoutingHosts
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Fully qualified host name of the MTA responsible for making routing decisions for users in this (and all contained) domain(s). Unspecified attribute implies all MTA's must route messages for the users/groups of this (and contained) domain(s).
When a domain is found to be non-local, the use of this attribute depends on the value of the MTA option ROUTE_TO_ROUTING_HOST:
-
If the value is zero (0), which is the default setting, the attribute was checked as part of the $* rewrite rule. With a non-local domain, the $* rewrite rule fails and no further use is made of this attribute’s values. The remaining rewrite rules determine the handling of the domain.
-
If the value of the option is one (1), then the first value of this attribute that the MTA receives is installed as the source route in the address. And, all addresses associated with the domain are routed to that host.
Since this attribute is multi-valued and the first value the MTA “sees” will be chosen when the option is set to 1, it might be tempting to assume that you can direct the order in which these mail hosts will be used; that is, you might assume you can do a sort of load balancing by ordering the various values of this attribute. But, LDAP does not guarantee that attribute value ordering is preserved, so the first value seen by the MTA might be any of the attribute’s values, not necessarily the first one in the LDAP entry.
You can implement load balancing with a set of MX records for each of the routing host names. Do not attempt to do it with the ordering of this attribute’s values.
LDAP_DOMAIN_AATR_ROUTING_HOSTS is the MTA option used to specify a different attribute name for this function.
Example
mailRoutingHosts: mail.siroe.com
OID
2.16.840.1.113730.3.1.759
mailRoutingSmartHost
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Fully qualified host name, or domain-literal IP address, of a mail server responsible for handling mail for users not found in the local directory. Messages sent to users not found in the messaging server’s directory are forwarded to the mail server specified in this attribute. This is useful when making a transition from one mail system to another and all users have not yet been moved over to the messaging server directory. An empty or missing attribute implies the local MTA is responsible for routing and delivering all messages for users in that domain.
This attribute is used by the system only if the domain it cares about is listed in the attribute, otherwise, it is ignored.
Note –
LDAP_DOMAIN_ATTR_SMARTHOST is the MTA option used to specify a different attribute name for this function.
Example
mailRoutingSmartHost: mail.siroe.com
mailRoutingSmartHost: 129.148.12.141
OID
2.16.840.1.113730.3.1.760
mailSieveRuleSource
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
inetMailUser, inetManagedGroup, inetMailGroup
Definition
SIEVE filters are not supported with iPlanet Delegated Administrator for Messaging. Use this with LDAP Schema 2 and Access Manager.
The attribute contains a SIEVE rule (RFC 3028 compliant) used to create a message filter script for a user entry. This attribute can be either single-valued, with the rule containing the complete SIEVE script, or multi-valued, with each rule containing an independently valid piece of the SIEVE script. When there are multiple values, the Web filter construction interface combines the rules into a single SIEVE script using an ordering parameter (Order) found in a #Rule Info: comment.
Note –
Note that when the value of Order is a negative number, the value is ignored, and the rule is processed with other unordered SIEVE rules for this entry, but when the value of Order is zero, the rule is disabled and not processed at all.
The script is applied when a message is ready to be enqueued to the delivery channel. Though the SIEVE script is created while the MTA is expanding aliases, it is not used until after the resulting delivery addresses have been expanded and are being sent to the ims-ms, native, autoreply or pipe channels.
A script has the following form:
require ["fileinto", "reject"];
# Rule Info: $Order=(1-infinity, or 0 for disabled)
Template=(template-name) Name=(rule name)
if header :is "Sender" "owner-ietf-mta-filters@imc.org"
{ fileinto "filter"; # move to "filter" folder }
if header :is "Subject" "SPAM!"
{ delete }
MTA Option
The MTA option used to name a different attribute for this function is LDAP_FILTER.
Example
mailSieveRuleSource: require ["fileinto", "reject",
"redirect", "discard]
if header :contains "Subject" "New Rules Suggestion
{redirect "rules@sesta.com" # Forward message }
if header :contains "Sender" "porn.com"
{discard text:
Your message has been rejected.
Please remove this address from your mailing list.
# Reject message, send reply message.}
if size :over 1M
{ reject text:
Please do not send me large attachments.
Put your file on a server and send me the URL.
Thank you.
# Discard message, send reply message.}
if header :contains "Sender" "barkley@sesta.com
{ fileinto complaints.refs # File message}
OID
2.16.840.1.113730.3.1.775
mailSMTPSubmitChannel
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Most commonly, this attribute is a factor involved in setting up guaranteed message delivery, or in setting up other special classes of service. When defined, this attribute tells the MTA to consider the channel named by this attribute to be the effective submission channel, if the SMTP AUTH is successful.
Example
mailSMTPSubmitChannel: tcp_tas
OID
2.16.840.1.113730.3.1.776
mailUserStatus
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Current status of the mail user. Can be one of the following values: active, inactive, deleted, hold, overquota, or removed.
A missing value implies status is active. An illegal value is treated as inactive.
Table 3–17 Mail User Status|
Status Value |
Description |
|---|---|
|
active |
Normal state. If inetUserStatus is also active, then mail is processed as per the values stored in other user attributes (such as mailDeliveryOption, mailSieveRuleSource, and so on). If not set to active, the status from inetUserStatus takes precedence. Other status attributes taken into consideration are inetDomainStatus and mailDomainStatus. If the combination of inetDomainStatus and mailDomainStatus permits mail delivery and access for the domain, the user state is determined from inetUserStatus and mailUserStatus. |
|
inactive |
The user’s mail account is inactive. A transient failure is returned to the sending MTA. |
|
disabled |
User's mail account is disabled. Messages sent to the user result in a permanent failure returned to the sending MTA with text specified by the ERROR_TEST_DISABLED_USER MTA option. If option is not set, the message "user disabled; cannot receive new mail" will be used. |
|
deleted |
The user’s mail account is marked to be deleted from the message store. A permanent failure is returned to the sending MTA and the user’s mail account is a candidate for cleanup by the msuser purge utility. User access to the mailbox is blocked. After msuser purge deletes the mail account from the message store, it sets the value of mailUserStatus to removed. |
|
removed |
Indicates that the resource (mailbox) associated with this entry has been removed. In addition, the user entry itself is marked to be deleted from the LDAP directory. A permanent failure is returned to the sending MTA. User access to the mailbox is blocked. This setting allows the Delegated Administrator commadmin domain purge command to delete the user entry from the LDAP directory. |
|
hold |
User’s mail is sent to the hold queue and access to the mailbox over IMAP, POP, and HTTP is disallowed. MTA and Message Access Servers on the store server must comply with this requirement. This setting overrides any other mailDeliveryOption settings. |
|
overquota |
The MTA will not deliver mail to a mailbox with this status. |
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Note –
LDAP_USER_STATUS is the MTA option that overrides the mailUserStatus attribute. The LDAP_USER_STATUS option does not affect the message store or Delegated Administrator commadmin utility, which only recognize and use the current value of mailUserStatus.
Example
mailUserStatus: active
OID
2.16.840.1.113730.3.1.778
maxPabEntries
Origin
Messaging Server 5.0
Syntax
integer, single-valued
Object Classes
Definition
Specifies the maximum number of personal address book entries users are permitted to have in their personal address book store. A value of -1 implies there is no limit. If this attribute is not present then the system default specified in the personal address book configuration is used.
Example
maxPabEntries: 1000
OID
2.16.840.1.113730.3.1.705
memberOf
Origin
Messaging Server 5.0, deprecated in Messaging Server 6.0 for inetUser; Access Manager
Syntax
dn, multi-valued
Object Classes
Definition
For LDAP Schema 2, this attribute decorates inetAdmin, and specifies the DN of an assignable dynamic group to which a user belongs. It is used as the default well-known filtered attribute used in conjunction with mgrpDeliverTo to search for assignable dynamic group members.
This attribute is deprecated for inetUser in Messaging Server 6.0 and is likely to be removed from the inetUser object class in future versions of the schema.
For LDAP Schema 1, this attribute specifies the DN of a mailing list to which a user belongs, indicating static group membership as a backpointer.
Example
memberOf: cn=Administrators,ou=groups o=sesta.com,o=basedn
OID
1.2.840.113556.1.2.102
memberOfPAB
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
The unique name (un) of the personal address book(s) in which this entry belongs.
Example
memberOfPAB:addressbook122FA7
OID
2.16.840.1.113730.3.1.718
memberOfPABGroup
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Unique name of the personal group(s) in which this user belongs.
Example
memberOfPabGroup:testgroup15577F2D
OID
2.16.840.1.113730.3.1.719
memberURL
Origin
Messaging Server 5.2
Syntax
ces, multi-valued
Object Classes
groupOfURLs
Definition
A list of URLs, which, when expanded, provides a list of mailing list member addresses.
This is the preferred way to specify a dynamic mailing list. Alternately, you can use mgrpDeliverTo.
The MTA option used to override this attribute’s value is LDAP_GROUP_URL2.
Example
memberURL:ldap://cn=jdoes, o=sesta.com
OID
2.16.840.1.113730.3.1.198
mgrpAddHeader
Origin
Netscape Messaging Server
Syntax
ces, multi-valued
Object Classes
Definition
Each attribute value specifies a header field that is to be added to the message header if it is present.
For the MTA, the values of these attributes are headers, which are used to set header-trimming ADD options.
Note –
LDAP_ADD_HEADER is the MTA option used to specify a different attribute name for this function.
Example
mgrpAddHeader:Reply-To: thisgroup@sesta.com
OID
2.16.840.1.113730.3.1.781
mgrpAllowedBroadcaster
Origin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
Identifies mail users allowed to send messages to the mail group. The purpose of this attribute is to restrict who can send messages to the mail group. If no instances of this attribute exist on the inetMailGroup entry, there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain, mgrpDisallowedDomain, and mgrpDisAllowedBroadcaster attributes are used.
The Messaging Server expects this attribute to contain either a distinguished name or an RFC822address using an LDAP URI or a mailto address (see example). If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. (That is, the group entry must contain an email address in one of the following attributes: mail, mailAlternateAddress, mailEquivalentAddress.)
If multi-valued, each URL or DN is expanded into a list of addresses and each address is checked against the current envelope “from” address. The message is allowed if there is a match.
Any email addresses specified are expanded as if they are a mailing list. Unlike a mailing list, this expansion includes all the attributes used to store email addresses (normally mail, mailAlternateAddress, and mailEquivalentAddress). Thus, if an address for the list itself is specified as a mgrpAllowedBroadcaster, a user can subscribe to a restricted list using one address and use an alternate address to send messages to the list.
If none of the attribute values is a valid URL, or none of the members of the group specified in the attribute value have a valid URL, the message will bounce or be directed to a moderator (as determined by the mgrpMsgRejectAction attribute).
Note –
LDAP_AUTH_URL is the MTA option used to specify a different attribute name for this function.
Example
mgrpAllowedBroadcaster: uid=bjensen,o=siroe.com
mgrpAllowedBroadcaster: ldap:///uid=bjensen,o=siroe.com
mgrpAllowedBroadcaster:mailto:group1@siroe.com
OID
2.16.840.1.113730.3.1.22
mgrpAllowedDomain
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Identifies domains or subdomains from which users are allowed to send messages to the mail group. Note that glob-style wild carding can be used in the domains. In other words, any part of the domain specification can be wild carded.
If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster, and mgrpDisallowedDomain attributes are used.
Note –
LDAP_AUTH_DOMAIN is the MTA option used to specify a different attribute name for this function.
Examples
mgrpAllowedDomain:siroe.com will only match the siroe.com domain.
mgrpAllowedDomain:*.siroe.com will match any subdomain of the siroe.com domain.
mgrpAllowedDomain:*.com will match any *.com domain.
mgrpAllowedDomain:siroe.* will match any top-level domain beginning with siroe.
OID
2.16.840.1.113730.3.1.23
mgrpAuthPassword
Origin
Messaging Server 5.0
Syntax
ces, single-valued
Object Classes
Definition
Specifies a password needed to post to the list.
The presence of this attribute forces a reprocessing pass. As the message is enqueued to the reprocessing channel, the password is taken from the header and placed in the envelope. Then, while reprocessing, the password is taken from the envelope and checked against this attribute. Only passwords that are actually used are removed from the header field.
This allows for routing to the moderator in the event of a password failure.
Note –
LDAP_AUTH_PASSWORD is the MTA option used to specify a different attribute name for this function.
Example
No example given.
OID
2.16.840.1.113730.3.1.783
mgrpBroadcasterPolicy
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Policy for determining allowed broadcaster. It specifies the level of authentication required to access the list of broadcaster addresses. The allowed values are:
-
AUTH_REQ, SMTP_AUTH_REQUIRED
In order to post to the list, the sender must be authenticated using the SMTP AUTH command.
-
PASSWORD_REQUIRED, PASSWD_REQUIRED, PASSWD_REQ
All values mean the password to the broadcaster list, specified by the mgrpAuthPassword attribute, must appear in an Approved: header field in the message.
-
NO_REQUIREMENTS
This value means no special requirements apply.
Note –
LDAP_AUTH_POLICY is the MTA option used to specify a different attribute name for this function.
Example
mgrpBroadcasterPolicy:AUTH_REQ
OID
2.16.840.1.113730.3.1.3
mgrpDeliverTo
Origin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
Used as an alternative method of specifying mail group membership. This can be used to create a dynamic mailing list.
The preferred attribute to use for specifying dynamic mail group is memberURL.
The values of this attribute are a list of URL's, which, when expanded, provides mailing list member addresses.
Messaging Server expects this attribute to contain an LDAP URL using the format described in RFC 1959. Any entries returned by the resulting LDAP search are members of the mailing group. There is a hard limit on the length of the search filter of 1024 bytes.
Note –
LDAP_GROUP_URL1 is the MTA option used to specify a different attribute name for this function.
Example
This example returns all users in the United States Accounting department for Sesta corporation.
mgrpDeliverTo: ldap:///ou=Accounting,o=Sesta,c=US??sub?(&(objectClass=inetMailUser)(objectClass=inetOrgPerson))
OID
2.16.840.1.113730.3.1.25
mgrpDisallowedBroadcaster
Origin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
Identifies mail users not allowed to send messages to the mail group. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain and mgrpDisallowedDomain attributes are used.
Messaging Server expects this attribute to contain either a distinguished name or an RFC822address. If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. (That is, the group entry must contain an email address in one of the following attributes: mail, mailAlternateAddress, mailEquivalentAddress.) The distinguished name must be represented in the form of an LDAP URL as described in RFC 1959.
If multi-valued, each URL is expanded into a list of addresses and each address is checked against the current envelope “from” address. The message is disallowed if there is a match.
Note –
LDAP_CANT_URL is the MTA option used to specify a different attribute name for this function.
Example
mgrpDisallowedBroadcaster: ldap:///uid=bjensen, o=sesta.com
mgrpDisallowedBroadcaster: mailto:sys50@sesta.com
OID
2.16.840.1.113730.3.1.785
mgrpDisallowedDomain
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Identifies domains from which users are not allowed to send messages to the mail group. This attribute is a private extension used by Messaging Server to manage mailing lists. If this attribute exists, then messages from listed domains are rejected. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster, and mgrpAllowedDomain attributes are used.
Note –
LDAP_CANT_DOMAIN is the MTA option used to specify a different attribute name for this function.
Example
mgrpDisallowedDomain:sesta.com
OID
2.16.840.1.113730.3.1.784
mgrpErrorsTo
Origin
Messaging Server 5.0
Syntax
ces, single-valued
Object Classes
Definition
Recipient of error messages generated when messages are submitted to this list. Recipient’s address can be specified using the mailto syntax, which includes an RFC 822 email address preceded by the keyword “mailto:” or simply an RFC 822 email address. Also supports LDAP URL syntax. However, if an LDAP URL is used, it must be one that produces a single address.
The envelope originator (MAIL FROM) address is set to the value of this attribute.
Note –
LDAP_ERRORS_TO is the MTA option used to specify a different attribute name for this function.
Examples:
Example 1: mgrpErrorsTo:mailto:jordan@siroe.comExample 2: mgrpErrorsTo: ldap:///uid=ofanning,ou=people,o=siroe.com,o=isp
OID
2.16.840.1.113730.3.1.26
mgrpModerator
Origin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
LDAP URI or mailto URL identifying the moderators allowed to submit messages to this list. Only those messages that are submitted by the moderator are sent to the members of this list. Messages submitted by others are forwarded to the moderators for approval and resubmitting.
The URLs given as the value of this attribute are expanded into a series of addresses, and then compared with the envelope “from” address. If there is a match, group processing continues. If there is no match, the value of this attribute becomes the group URL, any list of RFC 822 addresses or DNs associated with the group is cleared, the delivery options for the group are set to “members,” and there is no further group processing for the failed URL (subsequent group attributes are ignored).
Note –
LDAP_MODERATOR_URL is the MTA option used to specify a different attribute name for this function.
Example
mgrpModerator: mailto:jordan@sesta.com
OID
2.16.840.1.113730.3.1.33
mgrpMsgMaxSize
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Maximum message size in bytes that can be sent to the group. Messaging Server expects zero or one instance of this attribute to exist for every mailGroup entry. If no entry exists, then no size limit is imposed on mail to the group.
This attribute is obsolete, but still supported for backwards compatibility. Use mailMsgMaxBlocks instead.
Note –
LDAP_ATTR_MAXIMUM_MESSAGE_SIZE is the MTA option used to specify a different attribute name for this function.
Example
mgrpMsgMaxSize:8000
OID
2.16.840.1.113730.3.1.3
mgrpMsgPrefixText
Origin
Not implemented.
Syntax
UTF-8 text, single-valued
Object Classes
Definition
Specifies the text to be added to the beginning of the message text. You must supply the formatting. That is, you must insert CRLF where they belong in the text.
Note –
LDAP_PREFIX_TEXT is the MTA option used to specify a different attribute name for this function.
Example
No example given.
OID
Unknown
mgrpMsgRejectAction
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Identifies the action to be taken when a email sent to a mail group is rejected. The Messaging Server may reject mail for the following reasons:
-
It is received from an unauthorized domain (as defined by the mgrpAllowedDomain attribute).
-
It is received from an mail address that is not a member of the mgrpAllowedBroadcaster attribute.
-
It is larger than the size permitted on mgrpMsgMaxSize.
This attribute takes two values: reply and toModerator:
reply– The system produces an SMTP error, which is also the default if the attribute is not set. The text of the failure notice is stored in the mgrpMsgRejectText attribute.
toModerator– The mail is forwarded to the moderator for processing. The moderator is identified by the mgrpModerator attribute.
Note –
LDAP_REJECT_ACTION is the MTA option used to specify a different attribute name for this function.
Example
mgrpMsgRejectAction: reply
OID
2.16.840.1.113730.3.1.28
mgrpMsgRejectText
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Specifies the error text to use in the event of a group access failure. Because this text may appear in SMTP responses, this restricts the text to a single line of US-ASCII. This is implemented by reading only the first line of text in this attribute and using it only if it contains no 8 bit characters. (This is a limitation of the SMTP protocol.)
Example
No example given.
OID
2.16.840.1.113730.3.1.29
mgrpMsgSuffixText
Origin
Not implemented.
Syntax
UTF-8 text, single-valued
Object Classes
inetMailGroup
Definition
Specifies the text to be appended to the text message. You must supply the formatting. That is, you must insert any CRLF's (carriage return, line feeds) that belong in the text.
Note –
LDAP_SUFFIX_TEXT is the MTA option used to specify a different attribute name for this function.
Example
No example given.
OID
Unknown
mgrpNoDuplicateChecks
Origin
Messaging Server 5.0, not implemented going forward for Messaging Server 5.2
Syntax
cis, single-valued
Object Classes
Definition
This attribute is no longer supported. Duplicate checking is controlled by characteristics of the lists themselves. Some lists combine and some lists don’t.
Old definition: Prevents Messaging Server from checking for duplicate delivery to members of the mail group. Prevents multiple deliveries if a user is on multiple lists. No means the system checks for duplicate delivery. Yes means the system does not check for duplicate delivery.
Example
mgrpNoDuplicateChecks: yes
OID
2.16.840.1.113730.3.1.789
mgrpRemoveHeader
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Each attribute value specifies a header field that is to be removed from the message header, if present.
Turns the headers specified into header trimming MAXLINES=-1 options.
Note –
LDAP_REMOVE_HEADER is the MTA option used to specify a different attribute name for this function.
Example
No example given.
OID
2.16.840.1.113730.3.1.801
mgrpRequestTo
This attribute has been removed from the schema. It is no longer supported. It only worked for dirsync mode, which was deprecated in Messaging Server 5.2.
mgrpRFC822MailMember
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Identifies recipients of mail sent to mail group. Mail sent to both this attribute and uniqueMember attributes are not members of the mixed-in groupOfUniqueNames. This attribute represents mail recipients that cannot be expressed as distinguished names, or who are to be sent mail from this group but who do not have the full privileges of a unique group member. Messaging Server expects this attribute to contain RFC 822 mail addresses. Generally used for group members who are not in the local directory.
For backwards compatibility, rfc822MailMember is also supported. You can use either one or the other of these attributes in any given group, but not both.
Note –
LDAP_GROUP_RFC822 is the MTA option used to specify a different attribute name for this function.
Example
mgrpRFC822MailMember:bjensen@siroe.com
OID
2.16.840.1.113730.3.1.30
msgVanityDomain
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute and the object class using it are deprecated in the current release, and may not be supported in future releases. Sites should stop using this feature and consider migrating current vanity domains to hosted domains.
Example
No example given.
OID
2.16.840.1.113730.3.1.799
multiLineDescription
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Detailed description of the distribution list. A dollar sign (“$”) creates a new line.
Example
multiLineDescription:People who like cats. $And are ambivalent about people.
OID
1.3.6.1.4.1.250.1.2
nickName
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Identifies the short name used to locate a pabPerson or a pabGroup entry.
Example
nickname:Nick
OID
2.16.840.1.113730.3.1.720
nswcalDisallowAccess
Origin
NetscapeTM Calendar Hosting Server
Syntax
cis, single
Object Classes
Definition
Lists the calendar protocols not allowed to be used by this user.
Example
No example given.
OID
2.16.840.1.113730.3.1.539
nswmExtendedUserPrefs
Origin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
This attribute holds the pairs that define client user preferences such as sort order, Mail From address, and so on. Each instance of this attribute is the tuple pref_name=pref_value. This is a proprietary syntax and the example below is for illustrative purposes only.
Example
Example 1: nswmExtendedUserPrefs: meColorSet=4
Example 2:nswmExtendedUserPrefs: meSort=r
Example 3: nswmExtendedUserPrefs: meAutoSign=True
Example 4: nswmExtendedUserPrefs: meSignature=OtisFanning$ofanning@sesta.com
Example 5: nswmExtendedUserPrefs: meDraftFolder=Drafts
OID
2.16.840.1.113730.3.1.520
o
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Name of the user’s company or organization. Abbreviation of organizationName.
Example
organizationName:Company22 Incorporated
or
o:Company22 Incorporated
OID
2.5.4.10
objectClass
Origin
Messaging Server 5.0
Syntax
cis
Object Classes
Definition
Specifies the objects for this object class.
Example
objectClass:person
OID
2.5.4.0
organizationName (see o)
All information about this attribute found under o.
organizationUnitName (see ou)
All information about this attribute found under ou.
ou
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Name of the organization unit to which the user belongs. Abbreviation for organizationUnitName.
Example
organizationUnitName:docs
or
ou:docs
OID
2.16.840.1.113730.3.1.722
owner
Origin
Messaging Server 5.0, Calendar Server
Syntax
dn, single-valued
Object Classes
groupOfUniqueNames, icsCalendarResource
Definition
Identifies the distinguished name (DN) of the person or group with administrative privileges over the entry.
If the group has Calendar service (is a Calendar group), the owner must be a Calendar user in the same domain as the group. That is, Calendar service must be assigned to the owner as well as the Calendar group.
Example
owner:cn=John Smith,o=Sesta,c=US
OID
2.5.4.32
pabURI
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
LDAP URI specifying the container of the personal address book entries for this user. It takes the following form: ldap://server:port/container_dn, where:
-
server– Host name of the personal address book LDAP server.
-
port– Port of the personal address book LDAP server.
-
container_dn– DN of the subtree where all PAB entries for the user are created.
Example
pabURI: ldap://ldap.siroe.com:389/ou=ed,ou=people,o=sesta.com,o=isp,o=pab
OID
2.16.840.1.113730.3.1.703
parentOrganization
Origin
Messaging Server 6.0, Calendar Server 6.0
Syntax
cis, single-valued
Object Classes
sunManagedSubOrganization
Definition
Specifies the logical parent of a suborganization. The value of this is the DN of the parent organization or parent suborganization.
Example
parentOrganization:o=sesta,o=com,o=internet
OID
Unknown
postalAddress
Origin
LDAP
Syntax
cis
Object Classes
icsCalendarResource, organization, organizationalUnit
Definition
Identifies the entry’s mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($).
To represent an actual dollar sign (“$”) or back slash (“\”) within this text, use the escaped hex values, \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found
in the c:\cost file.
provide the string:
The dollar(\24) value can be found$in the c:\5ccost file.
Example
postalAddress:123 Oak Street$Anytown, CA$90101
OID
2.5.4.16
preferredLanguage
Origin
Messaging Server 5.0, Calendar Server, Directory Server
Syntax
Object Classes
icsCalendarUser, inetMailGroup, inetOrgPerson, iPlanetPreferences, mailDomain
Definition
Preferred written or spoken language for a person. The value for this attribute should conform to the syntax for HTTP Accept-Language header values.
Messaging Server uses this attribute to figure the locale. It does not use the locale specified with iPlanetPreferences.
Also used by Access Manager in user LDAP entries to store a user’s preferred language. Note that only Access Manager uses the iPlanetPreferences object class to host this attribute.
Table 3–18 Language Strings for preferredLanguage Attribute|
Language String |
Language |
|---|---|
|
de |
German |
|
en |
English |
|
es |
Spanish |
|
fr |
French |
|
ja |
Japanese |
|
ko |
Korean |
|
zh-CN |
Chinese - People’s Republic of China |
|
zh-TW |
Chinese - Taiwan |
Example
preferredLanguage:en
OID
2.16.840.1.113730.3.1.39
preferredMailHost
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
If you are provisioning an LDAP Schema 2 directory with Communications Suite Delegated Administrator:
See preferredMailHost for a definition of how to use this attribute with Schema 2.
If you are provisioning an LDAP Schema 1 directory with iPlanet Delegated Administrator, use the following definition:
Used to set the mailHost attribute of newly created users in this mail domain. When a user is created, the mailHost attribute of the user entry is filled by the value of preferredMailHost.
Example
preferredMailHost:mail.siroe.com
OID
2.16.840.1.113730.3.1.761
preferredMailMessageStore
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
If you are provisioning an LDAP Schema 2 directory with Communications Suite Delegated Administrator:
See preferredMailMessageStore for a definition of how to use this attribute with Schema 2.
If you are provisioning an LDAP Schema 1 directory with iPlanet Delegated Administrator, use the following definition:
Used to set the mailMessageStore attribute of newly created users. If missing, Delegated Administrator leaves the mailMessageStore attribute empty and the access server assumes that the user’s mailbox is in the default partition of the server instance.
Example
preferredMailMessageStore: primary
OID
2.16.840.1.113730.3.1.762
seeAlso
Origin
LDAP
Syntax
dn
Object Classes
groupOfUniqueNames, organization, organizationalUnit
Definition
Identifies another LDAP entry that may contain information related to this entry.
Example
seeAlso: cn=Quality Control Inspectors,ou=manufacturing,o=Company22, c=US
OID
2.5.4.34
sn
Origin
LDAP
Syntax
cis
Object Classes
Definition
Identifies the entry’s surname, also referred to as last name or family name.
Example
surname:jones
OID
2.5.4.4
telephoneNumber
Origin
LDAP
Syntax
tel
Object Classes
domain, organization, organizationalUnit
Definition
Identifies the entry’s phone number.
Example
telephoneNumber:800-555-1212
OID
2.5.4.20
uid
Origin
Calendar Server 5.0, Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
icsCalendarResource, icsCalendarUser
Definition
Identifies the unique identifier for this user or resource within its relative namespace. All valid user and resource entries must have a uid attribute. Group entries may have a uid.
For Messaging Server, the uid is used to generate the user address to pass to the delivery channel. If a user entry does not have a uid attribute, the entry is ignored. If multiple uid attributes exist in an entry, only the first one is used. The MTA used to override this attribute’s value is LDAP_UID.
Example
uid:jdoe
OID
0.9.2342.19200300.100.1.1
un
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Unique name assigned to PAB entry. This is also the naming attribute for entries created by this object class and is used to form the DN of all PAB entries, irrespective of the type (pab, pabPerson, or pabGroup).
Example
un:Nick
OID
2.16.840.1.113730.3.1.717
uniqueMember
Origin
Messaging Server 5.0
Syntax
dn, multi-valued
Object Classes
Definition
Identifies a member of a static group. Each member of the group is listed in the group’s LDAP entry using this attribute.
Example
uniqueMember:uid=jdoe,ou=People,o=sesta.com,o=basedn uniqueMember: uid=rsmith,ou=People,o=sesta.com,o=basedn
OID
2.5.4.50
userId (see uid)
All information for this attribute found at uid.
userPassword
Origin
Messaging Server 5.0
Syntax
bin, single-valued
Even though RFC 2256 defines this attribute as multi-valued, for Sun JavaTM System products, only one value is allowed.
Object Classes
inetUser, domain, organization, organizationalUnit
Definition
This attribute identifies the entry’s password and encryption method in the following format:
{encryption method}encrypted password
Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality. Transfer of cleartext may result in disclosure of the password to unauthorized parties.
Example
userPassword:{sha}FTSLQhxXpA05
OID
2.5.4.35
vacationEndDate
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Vacation end date and time. Date is in the following format: YYYYMMDDHHMMSSZ; where YYYY is the four digit year, MM is the two digit month, DD is the two digit day, HH is the two digit hour, and SS is the two digit second. Time is normalized to GMT. Z is the character Z.
When the current date falls outside the range of dates specified by the attributes vacationStartDate and vacationEndDate, then any delivery options (in the DELIVERY_OPTIONS list) prefixed with “^” are removed from the active set of options. For example, if one of the DELIVERY_OPTIONS is “^*autoreply” and today’s date falls outside the vacation date range, then the option is removed from the active options list. Otherwise, the autoreply delivery option is activated.
Example
vacationEndDate:20000220000000Z
OID
2.16.840.1.113730.3.1.708
vacationStartDate
Origin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Vacation start date and time. Date is in the following format: YYYYMMDDHHMMSSZ; where YYYY is the four digit year, MM is the two digit month, DD is the two digit day, HH is the two digit hour, and SS is the two digit second. Time is normalized to GMT. Z is the character Z.
Example
vacationStartDate:20000215000000Z
OID
2.16.840.1.113730.3.1.707
mgrpErrorsTo
Origin
Messaging Server
Syntax
cis, single-valued
Object Classes
inetMailGroup
Definition
The mgrpErrorsTo attribute specifies either an email address or a URL, which is resolved to produce an address. The address is placed in the MAIL FROM (envelope from) field of all messages the list produces. Additionally, the presence of the mgrpErrorsTo attribute causes the MTA to treat the group as a full-fledged mailing list and not as a simple autoforwarder. The basic purpose of the MAIL FROM address is to create a place to send reports of message delivery problems. As such, the main effect of mgrpErrorsTo is to cause errors delivering list mail to be directed to the mgrpErrorsTo address.
Example
mgrpErrorsTo=mgrperrors.log@siroe.com
OID
2.16.840.1.113730.3.1.26
- © 2010, Oracle Corporation and/or its affiliates