icsDomainNotAllowed
Origin
Calendar Server
Syntax
cis, single-valued (see mgrpDisallowedDomain)
Object Classes
Definition
What domains are not allowed. The value has the following format:
service-list:client-list
where service-list is a blank- or comma-separated list of one or more service names or wild cards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wild cards.
The following are the explicit wild cards recognized by the system:
|
ALL |
Always matches |
|
LOCAL |
Matches any host whose name does not contain a dot character. |
|
UNKNOWN |
Matches any host whose name or address are unknown. Use this with care. |
|
KNOWN |
Matches host whose name and address are known. Use with care. |
|
DNSSPOOFER |
Matches any host whose name does not match its address. |
There is one operator that can be used in the service-list and the client-list:
|
EXCEPT |
Matches anything that matches list 1 unless it matches anything in list 2. The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated. |
The value comes from ics.conf setting service.http.domainnotallowed.
Example 1
If you want to allow access to all but a selected few hosts, you can explicitly deny access as in the following example:
Deny access to anyone at the company22.com domain.
icsDomainNotAllowed: ALL:company22.com
In this instance, you would not need to have any specific icsDomainAllowed attributes.
Example 2
If you want to implement a no-access default, a single instance of this attribute will do it. This denies all service to all hosts, unless they are specifically permitted access by icsDomainAllowed attributes.
icsDomainNotAllowed: ALL:ALL
Example 3
The following example shows how to deny access to any unknown users.
icsDomainNotAllowed: ALL:UNKNOWN@ALL
OID
2.16.840.1.113730.3.1.737
- © 2010, Oracle Corporation and/or its affiliates