Object Classes
This section describes the following Access Manager object classes:
iplanet-am-managed-assignable-group
Supported by
Access Manager
Definition
Specifies a dynamic group with a well-known attribute in the search filter. For Messaging Server, the well-known attribute is memberOf. The search filter is contained in the mgrpDeliverTo attribute.
Superior Class
iplanet-am-managed-group
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.182
Required Attributes
none
Allowed Attributes
Inherits attributes from superior class.
iplanet-am-managed-filtered-group
Supported by
Access Manager
Definition
Specifies a dynamic group which can be filtered on any attribute. The search filter is set in the mgrpDeliverTo attribute.
This group is not subscribable. Do not use iplanet-am-group-subscribable for a filtered dynamic group.
Superior Class
iplanet-am-managed-group
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.181
Required Attributes
none
Allowed Attributes
Inherits attributes from superior class. Note that since this group can not be subscribed to, the mail attribute should not be used with it. If present, it will be ignored.
iplanet-am-managed-filtered-role
Supported by
Access Manager
Definition
Specifies the attributes necessary to define administrator roles and their ACIs. The list of all users assigned this role is a dynamic list; that is, the list can be retrieved only by performing a search filtered by the role name. For further information on roles, see the Access Manager documentation at:
http://docs.sun.com
Superior Class
iplanet-am-managed-role
Object Class Type
auxiliary
OID
1.3.6.1.4.1.42.2.27.9.2.74
Required Attributes
none
Allowed Attributes
This class inherits the attributes of its superior class, see iplanet-am-managed-role.
iplanet-am-managed-group
Supported by
Access Manager
Definition
This is the superior class for the various types of groups: static, assignable dynamic, and filtered dynamic. (See iplanet-am-managed-assignable-group, iplanet-am-managed-filtered-group, iplanet-am-managed-static-group.)
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.180
Required Attributes
none
Allowed Attributes
iplanet-am-managed-group-container
Supported by
Access Manager
Definition
The Access Manager class that defines the groups container under each Messaging Server hosted domain.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.189
Required Attributes
none
Allowed Attributes
none
iplanet-am-managed-org-unit
Supported by
Access Manager
Definition
This class is used by Access Manager to manage organizational units. It uses the same attributes as sunManagedOrganization and for all intents and purposes functions as any other organization managed by Access Manager.
Do not use this class for the domain organizations, or people and group containers in Messaging Server. Even though the attribute that holds the container name is organizational unit (ou), the proper Access Manager class to use is either iplanet-am-managed-group-container, or iplanet-am-managed-people-container.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.186
Required Attributes
none
Allowed Attributes
businessCategory, iplanet-am-service-status, telephoneNumber, sunOverrideTemplates, sunPreferredDomain, seeAlso
iplanet-am-managed-people-container
Supported by
Access Manager
Definition
The Access Manager class that defines the people container under each Messaging Server hosted domain.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.187
Required Attributes
none
Allowed Attributes
none
iplanet-am-managed-person
Supported by
Access Manager
Definition
Specifies Access Manager attributes used to manage users.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.184
Required Attributes
none
Allowed Attributes
iplanet-am-modifiable-by, iplanet-am-role-aci-description, iplanet-am-static-group-dn, iplanet-am-user-account-life
iplanet-am-managed-role
Supported by
Access Manager
Definition
Specifies the attributes necessary to define administrator roles and their ACIs. This is the superior class for iplanet-am-managed-filtered-role.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.179
Required Attributes
none
Allowed Attributes
iplanet-am-role-aci-description, iplanet-am-role-aci-list, iplanet-am-role-any-options, iplanet-am-role-description, iplanet-am-role-managed-container-dn, iplanet-am-role-service-options, iplanet-am-role-type
iplanet-am-managed-static-group
Supported by
Access Manager
Definition
Defines a group in which there are members identified with the uniqueMember attribute. Each user named in those attributes has the memberOf attribute in their LDAP user entry.
Note that static groups can have dynamic members. In this case, the LDAP entry must also contain the iplanet-am-managed-assignable-group object class.
Superior Class
iplanet-am-managed-group
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.183
Required Attributes
none
Allowed Attributes
none (inherits from iplanet-am-managed-group)
iplanet-am-user-service
Supported by
Access Manager
Definition
This class contains the Access Manager attributes necessary to manage user accounts.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.176
Required Attributes
none
Allowed Attributes
iplanet-am-user-account-life, iplanet-am-user-admin-start-dn, iplanet-am-user-alias-list, iplanet-am-user-auth-config, iplanet-am-user-auth-modules, iplanet-am-user-failure-url, iplanet-am-user-federation-info, iplanet-am-user-federation-info-key, iplanet-am-user-login-status, iplanet-am-user-password-reset-force-reset, iplanet-am-user-password-reset-options, iplanet-am-user-password-reset-question-answer, iplanet-am-user-service-status, iplanet-am-user-success-url
iPlanetPreferences
Supported by
Directory Server
Definition
Used by Access Manager. While Messaging Server does not use this object class, it is necessary for Access Manager.
Attributes for this object class hold certain preferences for this user. Specifically, the preferred language, preferred locale, and preferred time zone.
Note: The Messaging Server does not use this object class to define the preferred language. In addition, it does not use an attribute for locale; it infers the locale from the language. Messaging Server holds the preferredLanguage attribute in inetOrgPerson.
Superior Class
top
Object Class Type
auxiliary
OID
Unassigned
Required Attributes
none
Allowed Attributes
preferredLanguage, preferredLocale, preferredTimeZone
sunISManagedOrganization
Supported by
Calendar Server 6.0, Messaging Server 6.0
Definition
For LDAP Schema 2, this is a core class for both Messaging and Calendar products doing authentication with SSO. Every physical node must contain this class, including the root suffix.
The attribute holds the fully qualified login host name.
Superior Class
top
Object Class Type
auxiliary
OID
Unassigned
Required Attributes
none
Allowed Attributes
sunManagedOrganization
Supported by
Calendar Server 6.0, Messaging Server 6.0
Definition
This is a core class for both Messaging and Calendar products. Every physical node must contain this class.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.185
Required Attributes
Allowed Attributes
sunPreferredDomain, associatedDomainbusinessCategory, sunPreferredOrganization, telephoneNumber, sunOverrideTemplates, inetDomainBaseDN
sunNameSpace
Supported by
Access Manager
Definition
Used for LDAP Schema 2 only. Required to be present at the root of a subtree representing a namespace. Access Manager enforces the uniqueness attribute for namespaces.
Any organization or its subtree nodes can be designated as a namespace by extending the organization LDAP entry with this object class. Namespaces based on different unique attributes may overlap. That is, a subtree of a node designated as a namespace could also be its own namespace if the unique attributes are different. For example, the parent node could use uid to enforce uniqueness, while the child node uses the employee number.
This is a different paradigm than was used in LDAP Schema 1, in which every domain was considered a unique namespace (using uid as the default unique attribute). For LDAP Schema 2, all namespaces must be explicitly declared using this object class.
Note –
After Access Manager is installed, the root-suffix node contains this object class, but not its corresponding attribute. If you want to provision more than one unique namespace for your Messaging Server or Calendar Server installation, do not add sunNameSpaceUniqueAttrs to the root-suffix node.
For more information about namespaces, see the Sun Java Enterprise System Installation Guide.
Superior Class
top
Object Class Type
auxiliary
OID
1.3.6.1.4.1.42.2.27.9.2.29
Required Attributes
none
Allowed Attributes
sunServiceComponent
Supported by
Calendar Server 6.0, Messaging Server 6.0
Definition
Templates are LDAP entries of this object class. Search templates are used to describe how applications should construct searches to send to the directory server in order to locate entries in the DIT.
The entry is named by its required ou attribute.
Superior Class
top
Object Class Type
auxiliary
OID
1.3.6.1.4.1.42.2.27.9.2.27
Required Attributes
organizationalUnitName (ou)
Allowed Attributes
description, sunKeyValue, sunServiceId, sunSmsPriority, sunXmlKeyValue
userPresenceProfile
Supported by
Messaging Server 5.0
Definition
Used to store the presence information for a user.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.136
Required Attributes
none
Allowed Attributes
- © 2010, Oracle Corporation and/or its affiliates