Sun logo      Previous      Contents      Index      Next     

Sun ONE Messaging and Collaboration 6.0 Schema Reference Manual

Chapter 4
Sun ONE Identity Server Classes and Attributes

This chapter describes LDAP object classes and attributes for Sun™ Open Net Environment (ONE) Identity Server implementing Sun ONE LDAP Schema v.2. The objects and attributes are listed alphabetically.

Note that the Identity Server schema is subject to change. To understand provisioning considerations, see the Sun Java™ Enterprise System Installation Guide.

The chapter is divided into two sections:


Object Classes

This section describes the following Sun ONE Identity Server object classes:


iplanet-am-managed-assignable-group

Supported by

Sun ONE Identity Server

Definition

Specifies a dynamic group with a well-known attribute in the search filter. For Messaging Server, the well-known attribute is memberOf. The search filter is contained in the mgrpDeliverTo attribute.

Superior Class

iplanet-am-managed-group

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.182

Required Attributes

N/A

Allowed Attributes

Inherits attributes from superior class.


iplanet-am-managed-filtered-group

Supported by

Sun ONE Identity Server

Definition

Specifies a dynamic group which can be filtered on any attribute. The search filter is set in the mgrpDeliverTo attribute.

This group is not subscribable. Do not use iplanet-am-group-subscribable for a filtered dynamic group.

Superior Class

iplanet-am-managed-group

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.181

Required Attributes

N/A

Allowed Attributes

Inherits attributes from superior class. Note that since this group can not be subscribed to, the mail attribute should not be used with it. If present, it will be ignored.


iplanet-am-managed-filtered-role

Supported by

Sun ONE Identity Server

Definition

Specifies the attributes necessary to define administrator roles and their ACIs. The list of all users assigned this role is a dynamic list; that is, the list can be retrieved only by performing a search filtered by the role name. For further information on roles, see the Sun ONE Identity Server documentation at:

http://docs.sun.com

Superior Class

iplanet-am-managed-role

Object Class Type

auxiliary

OID

1.3.6.1.4.1.42.2.27.9.2.74

Required Attributes

N/A

Allowed Attributes

This class inherits the attributes of its superior class, see iplanet-am-managed-role.


iplanet-am-managed-group

Supported by

Sun ONE Identity Server

Definition

This is the superior class for the various types of groups: static, assignable dynamic, and filtered dynamic. (See iplanet-am-managed-assignable-group, iplanet-am-managed-filtered-group, iplanet-am-managed-static-group.)

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.180

Required Attributes

N/A

Allowed Attributes

mail, inetGroupStatus


iplanet-am-managed-group-container

Supported by

Sun ONE Identity Server

Definition

The Sun ONE Identity Server class that defines the groups container under each Sun ONE Messaging Server hosted domain.

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.189

Required Attributes

N/A

Allowed Attributes

N/A


iplanet-am-managed-org-unit

Supported by

Sun ONE Identity Server

Definition

This class is used by Sun ONE Identity Server to manage organizational units. It uses the same attributes as sunManagedOrganization and for all intents and purposes functions as any other organization managed by Identity Server.

Do not use this class for the domain organizations, or people and group containers in Sun ONE Messaging Server. Even though the attribute that holds the container name is organizational unit (ou), the proper Identity Server class to use is either iplanet-am-managed-group-container, or iplanet-am-managed-people-container.

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.186

Required Attributes

N/A

Allowed Attributes

businessCategory, iplanet-am-service-status, telephoneNumber, sunOverrideTemplates, sunPreferredDomain, seeAlso


iplanet-am-managed-people-container

Supported by

Sun ONE Identity Server

Definition

The Sun ONE Identity Server class that defines the people container under each Sun ONE Messaging Server hosted domain.

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.187

Required Attributes

N/A

Allowed Attributes

N/A


iplanet-am-managed-person

Supported by

Sun ONE Identity Server

Definition

Specifies sunONE Identity Server attributes used to manage users.

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.184

Required Attributes

N/A

Allowed Attributes

iplanet-am-modifiable-by, iplanet-am-role-aci-description, iplanet-am-static-group-dn, iplanet-am-user-account-life


iplanet-am-managed-role

Supported by

Sun ONE Identity Server

Definition

Specifies the attributes necessary to define administrator roles and their ACIs. This is the superior class for iplanet-am-managed-filtered-role.

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.179

Required Attributes

N/A

Allowed Attributes

iplanet-am-role-aci-description, iplanet-am-role-aci-list, iplanet-am-role-any-options, iplanet-am-role-description, iplanet-am-role-managed-container-dn, iplanet-am-role-service-options, iplanet-am-role-type


iplanet-am-managed-static-group

Supported by

Sun ONE Identity Server

Definition

Defines a group in which there are members identified with the uniqueMember attribute. Each user named in those attributes has the memberOf attribute in their LDAP user entry.

Note that static groups can have dynamic members. In this case, the LDAP entry must also contain the iplanet-am-managed-assignable-group object class.

Superior Class

iplanet-am-managed-group

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.183

Required Attributes

N/A

Allowed Attributes

N/A (inherits from iplanet-am-managed-group)


iplanet-am-user-service

Supported by

Sun ONE Identity Server

Definition

This class contains the Sun ONE Identity Server attributes necessary to manage user accounts.

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.176

Required Attributes

N/A

Allowed Attributes

iplanet-am-user-account-life, iplanet-am-user-admin-start-dn, iplanet-am-user-alias-list, iplanet-am-user-auth-config, iplanet-am-user-auth-modules, iplanet-am-user-failure-url, iplanet-am-user-federation-info, iplanet-am-user-federation-info-key, iplanet-am-user-login-status, iplanet-am-user-password-reset-force-reset, iplanet-am-user-password-reset-options, iplanet-am-user-password-reset-question-answer, iplanet-am-user-service-status, iplanet-am-user-success-url


iPlanetPreferences

Supported by

Sun ONE Directory Server

Definition

Used by Sun ONE Identity Server. While Sun ONE Messaging Server does not use this object class, it is necessary for Identity Server.

Attributes for this object class hold certain preferences for this user. Specifically, the preferred language, preferred locale, and preferred time zone.

Note: Sun ONE Messaging Server does not use this object class to define the preferred language. In addition, it does not use an attribute for locale; it infers the locale from the language. Messaging Server holds the preferredLanguage attribute in inetOrgPerson.

Superior Class

top

Object Class Type

auxiliary

OID
Required Attributes

N/A

Allowed Attributes

preferredLanguage, preferredLocale, preferredTimeZone


sunISManagedOrganization

Supported by

Sun ONE Calendar Server 6.0, Sun ONE Messaging Server 6.0

Definition

For Sun ONE LDAP Schema v.2, this is a core class for both Messaging and Calendar products doing authentication with SSO. Every physical node must contain this class, including the root suffix.

The attribute holds the fully qualified login host name.

Superior Class

top

Object Class Type

auxiliary

OID

Required Attributes

N/A

Allowed Attributes

sunOrganizationAlias


sunManagedOrganization

Supported by

Sun ONE Calendar Server 6.0, Sun ONE Messaging Server 6.0

Definition

This is a core class for both Messaging and Calendar products. Every physical node must contain this class.

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.185

Required Attributes

inetDomainStatus

Allowed Attributes

sunPreferredDomain, businessCategory, sunPreferredOrganization, telephoneNumber, sunOverrideTemplates


sunNameSpace

Supported by

Sun ONE Identity Server

Definition

Used for Sun ONE LDAP Schema v.2 only. Required to be present at the root of a subtree representing a namespace. Sun ONE Identity Server enforces the uniqueness attribute for namespaces.

Any organization or its subtree nodes can be designated as a namespace by extending the organization LDAP entry with this object class. Namespaces based on different unique attributes may overlap. That is, a subtree of a node designated as a namespace could also be its own namespace if the unique attributes are different. For example, the parent node could use uid to enforce uniqueness, while the child node uses the employee number.

This is a different paradigm than was used in Sun ONE LDAP Schema v.1, in which every domain was considered a unique namespace (using uid as the default unique attribute). For Sun ONE LDAP Schema v.2, all namespaces must be explicitly declared using this object class.


Note

After Sun ONE Identity Server is installed, the root-suffix node contains this object class, but not its corresponding attribute. If you want to provision more than one unique namespace for your Sun ONE Messaging Server or Sun ONE Calendar Server installation, do not add sunNameSpaceUniqueAttrs to the root-suffix node.


For more information about namespaces, see the Sun Java™ Enterprise System Installation Guide.

Superior Class

top

Object Class Type

auxiliary

OID

1.3.6.1.4.1.42.2.27.9.2.29

Required Attributes

N/A

Allowed Attributes

sunNameSpaceUniqueAttrs


sunServiceComponent

Supported by

Sun ONE Calendar Server 6.0, Sun ONE Messaging Server 6.0

Definition

Templates are LDAP entries of this object class. Search templates are used to describe how applications should construct searches to send to the directory server in order to locate entries in the DIT.

The entry is named by its required ou attribute.

Superior Class

top

Object Class Type

auxiliary

OID

1.3.6.1.4.1.42.2.27.9.2.27

Required Attributes

organizationalUnitName (ou)

Allowed Attributes

description, sunKeyValue, sunServiceId, sunSmsPriority, sunXmlKeyValue


userPresenceProfile

Supported by

iPlanet Messaging Server 5.0

Definition

Used to store the presence information for a user.

Superior Class

top

Object Class Type

auxiliary

OID

2.16.840.1.113730.3.2.136

Required Attributes

N/A

Allowed Attributes

vacationEndDate, vacationStartDate


Attributes

This section describes the following Sun ONE Identity Server attributes:


associatedDomain

Origin

Sun ONE LDAP Schema 2

Syntax

dn, multi-valued

Object Classes

inetDomain, sunManagedOrganization

Definition

Specifies the DNS domain name aliases used to lookup an organization entry.

Used when a domain subtree is being referenced by domain names in addition to the one specified in the attribute sunPreferredDomain.

Example

associatedDomain:qa.sesta.com

associatedDomain:eng.sesta.com

OID


inetGroupStatus

Origin

Sun ONE Identity Server

Syntax

cis, single-valued

Object Classes

iplanet-am-managed-group

Definition

This is a global status for groups and overrides the status found in inetMailGroupStatus. It holds the current status of the group: active, inactive, or deleted for all services. It is used by Sun ONE Identity Server to manage groups. Status changes can be made to a group’s status using the commcli interface, or by directly changing the LDAP entry for the group.

The following table lists the attribute’s values and their meanings:

Table 4-1  Status Attribute Values

Value

Description

active

The group is active and its users may use services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service.

inactive

Group is inactive. The group users may not use any services granted by service-specific object classes. This state overrides individual service status set using the service’s status attributes.

deleted

Group is marked as deleted. The group may remain in this state within the directory for some time (pending purging of deleted groups). Service requests for all groups marked as deleted will return permanent failures.

A missing value implies status is active. An illegal value is treated as inactive.

Example

inetGroupStatus: active

OID

1.3.6.1.4.1.42.2.27.9.1.588


iplanet-am-group-subscribable

Origin

Sun ONE Identity Server

Syntax

boolean, single-valued

Object Classes

iplanet-am-managed-group

Definition

Specifies if users can subscribe to the group. Boolean value: true, false. Default setting is true.

If the value is true, the group can be seen, searched for and subscribed to by end users. If the value is false, the group can be seen and searched for but can not be subscribed to by end users.

Filtered groups can not be subscribed to; this attribute is ignored if found on a filtered group.

Example

iplanet-am-group-subscribable: true

OID

2.16.840.1.113730.3.1.1085


iplanet-am-modifiable-by

Origin

Sun ONE Identity Server

Syntax

dn, multi-valued

Object Classes

iplanet-am-managed-person

Definition

This attribute lists the role-dn of the administrator who has access rights to modify this user entry. By default, the value is set to the role-dn of the administrator who created the account.

Example

For native mode (with domain nodes on the organization tree):

iplanet-am-modifiable-by: cn:Top-level Admin Role, o=sesta.com

For compatibility mode (with domain nodes on the DC Tree):

iplanet-am-modifiable-by: cn=Top-level Admin Role, dc=sesta, dc=com

OID

2.16.840.1.113730.3.1.1094


iplanet-am-role-aci-description

Origin

Sun ONE Identity Server

Syntax

string, multi-valued

Object Classes

iplanet-am-managed-person

Definition

Description of the ACI that belongs to this role.

Example

OID

2.16.840.1.113730.3.1.1081


iplanet-am-role-aci-list

Origin

Sun ONE Identity Server

Syntax

string, multi-valued

Object Classes

iplanet-am-managed-role

Definition

The set of ACIs associated with this role. The format is a DN:ACI pair, where the DN of the entry is specified with its ACI. When deleting a role, this attribute allows for the ACIs associated with this role to be located and cleaned up properly.

Example

For native mode (with domain nodes on the organization tree):

iplanet-am-role-aci-list: o=sesta.com,o=basedn:aci: (target="ldap:///o=sesta.com,o=basedn")(targetfilter=(!(|(nsroledn=cn=Top-le vel Admin Role,o=sesta.com,o=basedn)(nsroledn=cn=Top-level Help Desk Admin Role,o=sesta.com,o=basedn))))(targetattr != "nsroledn")(version 3.0; acl "Organization Admin access allow"; allow (all) roledn = "ldap:///cn=myrole,o=sesta.com,o=basedn";)

For compatibility mode (with domain nodes on a DC Tree):

iplanet-am-role-aci-list: dc=sesta,dc=com:aci: (target="ldap:///dc=sesta,dc=com")(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=sesta,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=sesta,dc=com))))(targetattr != "nsroledn")(version 3.0; acl "Organization Admin access allow"; allow (all) roledn = "ldap:///cn=myrole,dc=sesta,dc=com";)

OID

2.16.840.1.113730.3.1.1082


iplanet-am-role-any-options

Origin

Sun ONE Identity Server

Syntax

string, multi-valued

Object Classes

iplanet-am-managed-role

Definition

Not currently used.

Example

OID

2.16.840.1.113730.3.1.1084


iplanet-am-role-description

Origin

Sun ONE Identity Server

Syntax

cis, multi-valued

Object Classes

iplanet-am-managed-role

Definition

An optional description of the role being defined.

Example

iplanet-am-role-description: Top Level Admin Role

OID

2.16.840.1.113730.3.1.1080


iplanet-am-role-managed-container-dn

Origin

Sun ONE Identity Server

Syntax

dn, multi-valued

Object Classes

iplanet-am-managed-role

Definition

Defines the container this role resides in.

Example

For example, if the role being defined administers the domain organization east:

iplanet-am-role-managed-container-dn: ou=east,o=sesta.com,o=basedn

OID

2.16.840.1.113730.3.1.977


iplanet-am-role-service-options

Origin

Sun ONE Identity Server

Syntax

string, multi-valued

Object Classes

iplanet-am-managed-role

Definition

Not currently used.

Example

OID

2.16.840.1.113730.3.1.1083


iplanet-am-role-type

Origin

Sun ONE Identity Server

Syntax

string, multi-valued

Object Classes

iplanet-am-managed-role

Definition

Defines the type of role. There are three values, as shown in the following table:

Role Value

Role Names

1

Top Level Admin Role

2

General Admin Role

3

User Role

Even though this attribute is defined as multi-valued string, it is implemented in Messaging Server as if it were a single-valued integer.

Example

iplanet-am-role-type: 1

OID

2.16.840.1.113730.3.1.1079


iplanet-am-service-status

This attribute is aliased to sunRegisteredServiceName. Use that attribute instead.


iplanet-am-static-group-dn

Origin

Sun ONE Identity Server

Syntax

dn, multi-valued

Object Classes

iplanet-am-managed-group

Definition

Defines the DNs for the static groups this user belongs to.

Example

For native mode (with domain nodes on the organization tree):

iplanet-am-static-group-dn: cn=mygroup, ou=groups, o=sesta.com

For compatibility mode (with domain nodes on the DC Tree):

iplanet-am-static-group-dn: cn=mygroup, ou=groups, dc=sesta, dc=com

OID

2.16.840.1.113730.3.1.1094


iplanet-am-user-account-life

Origin

Sun ONE Identity Server

Syntax

date string, single-valued

Object Classes

iplanet-am-user-service

Definition

Specifies the account expiration date in the following format:

yyyy/mm/dd hh:mm:ss

where the first mm is for month, dd is for day, yyyy for full year (for example, 2005), hh is for the time stamp hour, the final mm is for the timestamp minutes, and ss is for the timestamp seconds.

If this attribute is present, the authentication service will disallow login if the current date has passed the specified account expiration date.

Example

iplanet-am-user-account-life: 2040/12/31 23:59:59

OID

2.16.840.1.113730.3.1.976


iplanet-am-user-admin-start-dn

Origin

Sun ONE Identity Server

Syntax

dn, single-valued

Object Classes

iplanet-am-user-service

Definition

Specifies the starting point node (DN) displayed in the starting view of the IS Console when this administrator logs in.

Example

iplanet-am-user-admin-start-dn: ou=people, o=sesta.com, o=basedn

OID

2.16.840.1.113730.3.1.1072


iplanet-am-user-alias-list

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

Defines a list of aliases for the user.

Example

User jdoe could have an alias of jd, johnd, or jd123456.

iplanet-am-user-alias-list: jd

iplanet-am-user-alias-list: johnd

iplanet-am-user-alias-list: jd123456

OID

1.3.6.1.4.1.42.2.27.9.1.59


iplanet-am-user-auth-config

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

Specifies the user authentication configuration method in an XML string. There is no default value.

Example

<AttributeValuePair><Value>com.sun.identity.authentication.modules.ldap.LD AP REQUIRED </Value></AttributeValuePair>

OID

1.3.6.1.4.1.42.2.27.9.1.58


iplanet-am-user-auth-modules

Origin

Sun ONE Identity Server

Syntax

string, multi-valued

Object Classes

iplanet-am-user-service

Definition

Not currently used.

Example

OID

2.16.840.1.113730.3.1.1071


iplanet-am-user-failure-url

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

Defines the routing taken (URL user is redirected to) if the login fails. Any valid URL can be used.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.71


iplanet-am-user-federation-info

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

For Sun ONE Identity Server internal use only. Do not use.

Specifies the user account’s Federation specific information. This is managed internally by Sun ONE Identity Server’s Federation Management module to store user account’s Federation related information, and should not be modified outside of that module.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.74


iplanet-am-user-federation-info-key

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

For Sun ONE Identity Server internal use only. Do not use.

Specifies the user account’s Federation information key. This is managed internally by Sun ONE Identity Server’s Federation Management module to store the user account’s Federation information key, and should not be modified outside of that module.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.73


iplanet-am-user-login-status

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

Specifies the user status. It takes two values:

Example
OID

2.16.840.1.113730.3.1.1074


iplanet-am-user-password-reset-force-reset

Origin

Sun ONE Identity Server

Syntax

boolean, single-valued

Object Classes

iplanet-am-user-service

Definition

Not currently used.

Specifies whether password will be forced to be reset. Values: true, false. Defaults to false.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.591


iplanet-am-user-password-reset-options

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

Used internally by Sun ONE Identity Server’s password reset module. Do not use. Any values assigned to this attribute will be ignored.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.589


iplanet-am-user-password-reset-passwordChanged

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

Not used.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.592


iplanet-am-user-password-reset-question-answer

Origin

Sun ONE Identity Server

Syntax

string, single-valued

Object Classes

iplanet-am-user-service

Definition

Password question and answer used to prompt user who has forgotten their password. The format is question answer.

Example

iplanet-am-user-password-reset-question-answer:
favorite restaurant Outback

OID

1.3.6.1.4.1.42.2.27.9.1.590


iplanet-am-user-service-status

Origin

Sun ONE Identity Server

Syntax

dn, single-valued

Object Classes

iplanet-am-user-service

Definition

Specifies the status of the user for various services.

Example
OID

2.16.840.1.113730.3.1.1073


iplanet-am-user-success-url

Origin

Sun ONE Identity Server

Syntax

dn, single-valued

Object Classes

iplanet-am-user-service

Definition

Defines the routing taken (URL the user is directed) if the login succeeds. Any valid URL can be used.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.71


preferredLocale

Origin

Sun ONE Directory Server

Syntax

cis, single-valued

Object Classes

iPlanetPreferences

Definition

Used by Sun ONE Identity Server to store user preference for locale. The values accepted by this attribute are described in the Sun ONE Identity Server Administrator’s Guide, chapter 18. Some additional information on locales is located in the Sun ONE Directory Server Reference Manual.

Example

preferredLocale:en-US

OID

2.16.840.1.113730.3.1.39


preferredTimeZone

Origin

Sun ONE Directory Server

Syntax

cis, single-valued

Object Classes

iPlanetPreferences

Definition

Used by Sun ONE Identity Server to store user preference for time zone. Supported time zone names can be found in the appendix under "Standard Time Zones".

Example

preferredTimeZone: America/Los Angeles

OID

TBD


sunAdditionalTemplates

Origin

Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0

Syntax

cis, multi-valued

Object Classes

inetDomain, sunManagedOrganization

Definition

Specifies relative DN (RDN) sequences, that is DNs that are relative to the organization entry. Values identify entries in the configuration templates part of the ou=services tree below this organization. These are additional templates beyond those specified in the global configuration templates. These are used to specify operations private to an organization.

This attribute must appear in the top entry for this organization.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.76


sunKeyValue

Origin

Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0

Syntax

cis, multi-valued

Object Classes

sunServiceComponent

Definition

Each value is a “key=value” pair, where the key is the name of the XML element. table lists the keys for search templates.

Table 4-2  Search Template Keys

Key

Description

attrs

Attribute to retrieve from LDAP entry.

rfc2247Flag

Boolean (ture, false) that tells applications to use the RFC2247 algorithm for constructing the DN of the LDAP entry, instead of performing an LDAP search using the filter specified in the inetDomainSearchFilter attribute.

baseDN

If rfc2247Flag is set to true, and if this key is present, then it must be appended to the algorithmically constructed DN in order to get the DN of the target entry.

For more information on templates and the native and compatibility mode LDAP data models, see Chapter 1, "Overview".

Example

The following sunKeyValue attributes appear in the default search template for the native mode LDAP data model:

sunKeyValue: attrs=objectclass
sunKeyValue: attrs=ou
sunKeyValue: attrs=inetDomainStatus

The following sunKeyValue attributes appear in the default search template for compatibility mode (uses the RFC 2247 algorithm for constructing the search DN):

sunKeyValue: attrs=objectclass
sunKeyValue: attrs=ou
sunKeyValue: attrs=inetDomainStatus
sunKeyValue: rfc2247=true
sunKeyValue: baseDN=o=internet

OID

1.3.6.1.4.1.42.2.27.9.1.83


sunNameSpaceUniqueAttrs

Origin

Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0

Syntax

cis, multi-valued

Object Classes

sunNameSpace

Definition

Stores the name of an attribute required to be unique across all entries in the subtree.

This attribute allows namespace uniqueness to be enforced. For further explanation of namespaces, see the Sun Java™ Enterprise System Installation Guide and the object class description for sunNameSpace.

Example

sunNameSpaceUniqueAttrs:uid

sunNameSpaceUniqueAttrs:c

OID

1.3.6.1.4.1.42.2.27.9.1.85


sunOrganizationAlias

Origin

Sun ONE Identity Server

Syntax

cis, single-valued

Object Classes

userPresenceProfile

Definition

Sun ONE Identity Server uses this attribute for authentication. It holds the fully qualified host name for the server the user is logging into.

The format is: server.domain.

Example

sunOrganizationAlias: seaside.siroe.com

OID

TBD


sunOverrideTemplates

Origin

Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0

Syntax

cis, multi-valued

Object Classes

inetDomain,sunManagedOrganization

Definition

Specifies relative DN (RDN) sequences, that is DNs that are relative to the organization entry. Values identify entries in the configuration templates part of the ou=services tree below this organization. These templates override global configuration templates for searches and other operations within this organization.

This attribute must appear in the top entry for this organization.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.77


sunPreferredDomain

Origin

Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0

Syntax

cis, single-valued

Object Classes

iplanet-am-managed-org-unit, sunManagedOrganization

Definition

Specifies the DNS domain name used to lookup an organization entry when a unique matching organization is required.

When a value for this is available, provisioners should set it so as to enable applications to look up organizations using a domain name.

The domain name value of this attribute must be unique across all organizations in the directory, including the domains named in associatedDomain.

This attribute is for use with native mode data model LDAPs only; it must not be used in DC Tree nodes.

In the native mode LDAP data model, this attribute serves the same function as inetCanonicalDomainName used to in compatibility mode. If you are running in compatibility mode, do not use this attribute.

Example

sunPreferredDomain:sesta.com

OID

2.16.840.1.113730.3.1.1086


sunPreferredOrganization

Origin

Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0

Syntax

cis, single-valued

Object Classes

iplanet-am-managed-org-unit, sunManagedOrganization

Definition

Specifies the DNS name used to lookup an organization entry when a unique matching organization is required.

When a value for this is available, provisioners should set it so as to enable applications to look up organizations using the organization’s name.

This attribute is for use with native mode data model LDAPs only; it must not be used in DC Tree nodes.

Example

sunPreferredOrganization:sesta.com

OID

1.3.6.1.4.1.42.2.27.9.1.75


sunRegisteredServiceName

Origin

Sun ONE Identity Server

Syntax

string, multi-valued

Object Classes

iplanet-am-managed-org-unit, sunManagedOrganization

Definition

Defines the set of names of the registered services. The following services are defined for Messaging Server and Calendar Server:

Service Name

Description

DomainMailService

Mail service definition for domains.

DomainCalendarService

Calendar service definition for domains.

UserMailService

Mail service definition for users.

UserCalendarService

Calendar service definition for users.

GroupMailService

Mail service definition for groups.

For informational purposes: The following services are used by Sun ONE Identity Server for authentication with SSO (Single Sign-On). These services must be registered to the root suffix node. This step is done by Identity Server as part of its installation process. The services are:

Any one can create a new service and load it into Identity Server. For information on how to do this, see the Sun ONE Identity Server documentation at:

http://docs.sun.com/

Example

sunRegisterdServiceName: DomainMailService

OID

1.3.6.1.4.1.42.2.27.9.1.593


sunServiceId

Origin

Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0

Syntax

cis, single valued

Object Classes

sunServiceComponent

Definition

The kind of template being created. For search templates, the value is StuctureUmsObjects. (At this time search templates are the only publicly defined template.)

Example

sunServiceId:StructureUmsObjects

OID

1.3.6.1.4.1.42.2.27.9.1.79


sunSmsPriority

Origin

Sun ONE Identity Server

Syntax

cis, single valued

Object Classes

sunServiceComponent

Definition

Stores the priority of the service with respect to its siblings.

Example

sunSmsPriority:

OID

1.3.6.1.4.1.42.2.27.9.1.81


sunXmlKeyValue

Origin

Sun ONE Identity Server

Syntax

cis, single valued

Object Classes

sunServiceComponent

Definition

Not currently used.

Example
OID

1.3.6.1.4.1.42.2.27.9.1.84



Previous      Contents      Index      Next     


Copyright 2003 Sun Microsystems, Inc. All rights reserved.