The csdomain utility manages Calendar Server attributes in the domain LDAP entry. These attributes are part of the icsCalendarDomain object class. Commands are:
create a new domain entry in the LDAP directory.
add a Calendar Server attribute and its associated value in the domain entry.
delete a Calendar Server attribute in the domain entry, or delete an entire domain.
list Calendar Server attributes in the domain LDAP entry.
To run csdomain, the following parameters in the ics.conf file must be set:
service.virtualdomain.support must be set to “yes”.
local.schemaversion must be set to the version of the LDAP schema (“1” , “1.5”, or “2”).
If local.schemaversion = “1” or “1.5”, service.dcroot must be set to the root suffix of the DC tree in the LDAP directory.
If local.schemaversion = “2”, service.schema2root must be set to the root suffix underneath which all domains are found.
You must have followed the instructions in Chapter 10, Setting Up a Multiple Domain Calendar Server 6.3 Environment before using csdomain to add Organization Tree nodes.
You must run csdomain locally on the machine where Calendar Server is installed.
Calendar Server can be running or stopped.
You must be logged in as the user and group under which Calendar Server is running (such as icsuser and icsgroup) that was specified during installation, or as root.
csdomain [-q | -v] -n node create domain csdomain [-q | -v] {-a attr[=value] | -f filename} add domain csdomain [-q | -v] [-a attr | -f filename] delete domain csdomain [-q | -v] list domain |
The following table describes the commands available for the csdomain utility.
Table D–13 csdomain Utility Commands
Command |
Description |
---|---|
create |
Create a new domain in the LDAP directory. |
add |
Add a Calendar Server attribute and its associated value in the domain LDAP entry. If you add or update domain attributes using csdomain, restart Calendar Server for the new values to take effect. |
delete |
Delete a Calendar Server attribute in the LDAP directory for a specific domain or delete all LDAP entries for an entire domain. |
list |
Display Calendar Server attributes in the LDAP directory for a specific domain. |
version |
Display the version of the utility. |
The following table describes the csdomain utility command options.
Table D–14 csdomain Utility Command Options
Option |
Description |
---|---|
-v |
Run in verbose mode: Display all available information about the command being performed. Default is off. |
-q |
Run in quiet mode:
|
-aattr[=value] |
Specifies the LDAP attribute property name and its optional value. For a list of these attributes and property names, see D.9.3 LDAP Attributes and Property Names. |
-f filename |
Specifies a text file that contains Calendar Server LDAP directory property names and their associated values. For example: createLowerCase="yes" filterPrivateEvents="no" fbIncludeDefCal="no" subIncludeDefCal="no" uiProxyUrl="https://proxyserver" |
-n node |
Applies to the create command as follows:
|
domain |
For the add, delete, and list commands, specifies an existing domain in the LDAP directory. For the create command, specifies the unique name of a new domain that will be created in the LDAP directory. For example: west.sesta.com |
The following tables describe the LDAP attributes and property names that apply to the csdomain utility. These attributes are part of the icsCalendarDomain object class. When you add or delete a value, you must use the property name and not the attribute name.
If you add or update domain LDAP attributes using csdomain, restart Calendar Server for the new values to take effect.
D.9.3 LDAP Attributes and Property Names describes the icsAllowRights attribute and properties that you can set with the csdomain utility. This attribute is a 32-bit numeric string, with each bit in the string corresponding to a specific user right. (In the current release, some bits are not used and are set to zero by default.) If a bit corresponding to a specific right is set (value=1), the right is not allowed. If the bit is not set (value=0), the right is allowed.
Each property in the icsAllowRights attribute has a corresponding ics.conf parameter. If a property is not set (value = 0) or is not present (service.virtualdomain.support = “no”), Calendar Server uses the corresponding ics.conf parameter as the default value.
The value for icsAllowRights is a numeric string and not an integer. To use icsAllowRights programmatically in bitwise operations, you must first convert its string value to an integer.
Table D–15 icsAllowRights LDAP Directory Attribute and Properties
The following table describes the icsExtendedDomainPrefs attribute and properties that you can set with the csdomain utility. Each property has a corresponding ics.conf parameter. If a property is not set ( for example, value = 0, or service.virtualdomain.support=“no”), or is not present, Calendar Server uses the corresponding ics.conf parameter as the default value.
Table D–16 icsExtendedDomainPrefs LDAP Directory Attribute
Property Name |
Description |
---|---|
allowProxyLogin |
Specifies "yes" or "no" whether to allow proxy logins. Corresponding ics.conf parameter: service.http.allowadminproxy (default = "yes") |
calmasterAccessOverride |
Specifies "yes" or "no" whether the Calendar Server administrator can override access control. Corresponding ics.conf parameter: service.admin.calmaster.overrides.accesscontrol (default = "no") |
calmasterCred |
Specifies an ASCII string that is the password of the user ID specified as the Calendar Server domain administrator. Corresponding ics.conf parameter: service.siteadmin.cred (no default) |
calmasterUid |
Specifies an ASCII string that is the user ID of the person designated as the Calendar Server domain administrator. Corresponding ics.conf parameter: service.siteadmin.userid (no default) |
createLowercase |
Specifies "yes" or "no" whether Calendar Server should convert a calendar ID (calid) to lowercase when creating a new calendar or when searching for a calendar Corresponding ics.conf parameter: calstore.calendar.create.lowercase (default = "no") |
domainAccess |
Specifies an access control list (ACL) for the domain. For information about ACLs, see 1.8.3 Access Control Lists (ACLs) in Calendar Server Version 6.3. This ACL is used for cross domain searches. For more information, see 11.2 Cross Domain Searching in Calendar Server 6.3 Systems. Caution – Only a single instance of domainAccess is allowed. However, the system does not warn you if there is a duplicate. You must ensure there is only one, whenever you change the value. |
fbIncludeDefCal |
Specifies "yes" or "no" whether a user’s default calendar is included in user’s free/busy calendar list. Corresponding ics.conf parameter: calstore.freebusy.include.defaultcalendar (default = "yes") |
filterPrivateEvents |
Specifies "yes" or "no" whether Calendar Server filters (recognizes) Private and Time and Date Only (confidential) events and tasks. If "no", Calendar Server treats them the same as Public events and tasks. Corresponding ics.conf parameter: calstore.filterprivateevents (default = "yes") |
groupMaxSize |
Specifies the maximum size of an LDAP group that will be expanded for an invitation. Corresponding ics.conf parameter: calstore.group.attendee.maxsize (default is "0" – expand the group without regard to size) |
language |
Specifies the language for a domain. Corresponding ics.conf parameter: local.domain.language |
resourceDefaultAcl |
Specifies an access control list (ACL) that is the default access control permissions used when a resource calendar is created. Corresponding ics.conf parameter: resource.default.acl (default is "@@o^a^r^g;@@o^c^wdeic^g; @^a^rsf^g" |
setPublicRead |
Specifies whether user default calendars are initially set to public read/private write ("yes") or private read/private write ("no"). Corresponding ics.conf parameter: service.wcap.login.calendar.publicread (default = "no") |
searchFilter |
Specifies a search filter for finding a user. Corresponding ics.conf parameter: local.userSearchFilter |
ssoCookieDomain |
Specifies that the browser should send a cookie only to servers in the specified domain. The value must begin with a period (.). For example: ".sesta.com" Corresponding ics.conf parameter: sso.cookiedomain (default is the current domain) |
ssoUserDomain |
Specifies the domain used as part of the user’s SSO authentication. Corresponding ics.conf parameter: sso.userdomain (no default) |
subIncludeDefCal |
Specifies "yes" or "no" whether a user’s default calendar is included in the user’s subscribed calendar list. Corresponding ics.conf parameter: calstore.subscribed.include.defaultcalendar (default = "yes") |
uiAllowAnyone |
Specifies "yes" or "no" whether the user interface should show and use the "Everybody" access control list (ACL). Corresponding ics.conf parameter: ui.allow.anyone (default = "yes") |
uiAllowDomain |
Specifies "yes" or "no" whether the user interface should show and use the access control list (ACL) for this domain. Corresponding ics.conf parameter: ui.allow.domain (default = "no") |
uiBaseUrl |
Specifies a URL for the base server address. For example: "https://proxyserver". Corresponding ics.conf parameter: ui.base.url (no default) |
uiConfigFile |
Specifies an optional xml based configuration file that Calendar Server can read at startup that allows parts of the user interface to be hidden. Corresponding ics.conf parameter: ui.config.file (no default) |
uiProxyURL |
Specifies a URL for the proxy server address to prepend in an HTML UI JavaScript file. For example: "https://web_portal.sesta.com/" Corresponding ics.conf parameter: ui.proxyaddress.url (no default) |
The following table describes other LDAP attributes and properties that you can set with the csdomain utility.
Table D–17 Other LDAP Directory Attributes for the csdomain Utility
Create a new domain using LDAP Schema version 1 named west.sesta.com:
csdomain -v -n o=nodewest,o=sesta create west.sesta.com
Create a new domain using LDAP Schema version 2 named east.sesta.com:
csdomain -v -n nodeeast create east.sesta.com
Display a list of Calendar Server LDAP attributes for the domain named west.sesta.com:
csdomain -v list west.sesta.com
Set the time zone to America/New_York for the domain named west.sesta.com:
csdomain -v -a timezone=America/New_York add west.sesta.com