Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Communications Services 6 2005Q1 Schema Reference Guide 

Chapter 3
Attributes

This chapter describes attributes required or allowed by LDAP object classes for Communications Services products. The attributes are listed alphabetically.

Note that attributes used exclusively by Access Manager (formerly called Identity Server) are covered in Chapter 4, "Sun Java™ System Access Manager Classes and Attributes." Whereas, attributes used exclusively by iPlanet Delegated Administrator for Messaging are covered in Chapter 6, "Classes and Attributes Used by iPlanet Delegated Administrator (Schema 1)."

List of Attributes

This chapter describes the following attributes:

Attribute Definitions

aclGroupAddress

Origin

Messaging Server 6.0

Syntax

cis

Object Classes

inetMailUser

Definition

Adds a user to a dynamic group specified as an identifier in an ACL entry. Members of the group share the particular access rights defined in the ACL entry. The group is represented by a dynamic mailing list with a filter on the aclGroupAddr attribute.

Example

aclGroupAddr: lee-staff@siroe.com

OID

1.3.6.1.4.1.42.2.27.9.1.686

adminRole

Origin

Messaging Server 5.0

Syntax

cis

Object Classes

inetAdmin

Definition

Specifies the administrator role for this administrator entry.

Example

OID

2.16.840.1.113730.3.1.601

aliasedObjectName

Origin

Messaging Server 5.0

Syntax

dn

Object Classes

inetDomainAlias

Definition

Used only in Schema 1 or in Schema 2 compatibility mode (with a DC Tree), not in Schema 2 native mode (no DC Tree).

Used by the Messaging Server to identify alias entries in the directory. Contains the distinguished name of the entry for which it is an alias. The domain attribute values are taken only from the referenced domain. So that routing will be identical between these domains.

Example

aliasedObjectName: cn=jdoe,o=sesta.com

OID

2.5.4.1

businessCategory

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

groupOfUniqueNames, organization, organizationalUnit

Definition

Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level.

Example

businessCategory:Engineering

OID

2.5.4.15

calCalURI

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

pabPerson

Definition

Contains URI to user’s entire default calendar. For details see RFC 2739.

Example

Varies according to the version of calendar server implemented. For details see RFC 2739.

OID

1.2.840.113556.1.4.478

calFBURL

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

pabPerson

Definition

URL to the user’s default busy time data. For details see RFC 2739.

Example

Varies according to the version of calendar server implemented. For details see RFC 2739.

OID

1.2.840.113556.1.4.479

cn

Origin

Calendar Server

Syntax

cis, single-valued

Object Classes

icsCalendarResource, icsCalendarUser, inetResource

Definition

For users, full name of person. For resources, a unique identifier. In either case, it may contain spaces and special characters. Abbreviation for commonName.

Example

For a user: cn: John Doe.

For a resource: cn: Conference Room #3

or

commonName: John Doe

commonName: Conference Room #3

OID

2.5.4.3

co

Origin

LDAP

Syntax

cis

Object Classes

pabPerson

Definition

Contains the name of a country, using a two character code. Abbreviation for countryName.

The attribute friendlyCountryName is used to spell out the actual country name.

Example

co:IE

or

countryName:IE

friendlyCountryName:Ireland

OID

2.5.4.4

commonName (see cn)

countryName (see co)

dataSource

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser, inetMailGroup

Definition

Text field to store a tag or identifier. Value has no operational impact.

Example

dataSource:1.0

OID

2.16.840.1.113730.3.1.779

dateOfBirth

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

pabPerson

Definition

Date of birth of the pabPerson. Format is: YYYYMMDD.

Example

dateOfBirth: 19740404
(date of birth on April 6, 1974.)

OID

2.16.840.1.113730.3.1.779

dc

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetDomainAlias

Definition

The domain component of the domain alias entry.

Example

dc=sesta

For example a domain alias entry DN might be:
dn: dc=sesta, dc=fr, o=internet.

OID

0.9.2342.19200300.100.1.25

description

Origin

LDAP

Syntax

cis, multi-valued

Object Classes

icsCalendarDWPHost, icsCalendarResource, groupOfUniqueNames, inetOrgPerson, organization, organizationalUnit, pab, pabGroup, sunServiceComponent

Definition

Provides a human readable description of the object. For people and organizations, this often includes their role or work assignment.

Example

description: Quality control inspector.

OID

2.5.4.13

domainUidSeparator

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetDomainOrg

Definition

This attribute is used only for LDAP Schema 1.

This attribute is used by the messaging server to override the default mailbox (MB) home. When present, this attribute specifies that compound user identifications (UIDs) are used in this domain and this attribute specifies the separator. For instance, if + is the separator, the mailbox names in this domain are obtained by replacing the right most occurrence of + in the uid with @. To map an internal mailbox name to the UID, the right most occurrence of @ is replaced with a + in the mailbox name.

While substitution of an @ for the UID separator is sufficient to generate a mailbox name, this may not be the same as any of the user’s actual email addresses.

Note  

Format of internal mailbox names is uid@domain, where “domain” is DNS domain mapping to the namespace. The only exception to this rule is mailbox names for users in default domain where only the uid is used to construct internal mailbox names. See inetCanonicalDomainName on how the default value of domain name used can be overridden in specific cases.

The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_UID_SEPARATOR.

Example

domainUIDSeparator: #

OID

2.16.840.1.113730.3.1.702

domOrgMaxUsers

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetDomainOrg

Definition

This attribute is used only for LDAP Schema 1.

Maximum number of user entries in a domain organization.

Example

domOrgMaxUser: 500

OID

2.16.840.1.113730.3.1.697

domOrgNumUsers

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetDomainOrg

Definition

Number of current user entries in a domain organization.

Example

domOrgNumUsers: 345

OID

2.16.840.1.113730.3.1.698

facsimileTelephoneNumber

Origin

Calendar Server

Syntax

tel, single-valued

Object Classes

icsCalendarResource, inetResource, organization, organizationalUnit

Definition

Fax telephone number for resources.

Example

facsimileTelephoneNumber 1-800-555-1212

OID

2.5.4.23

givenName

Origin

LDAP

Syntax

cis

Object Classes

icsCalendarUser

Definition

Identifies the entry’s given name, usually a person’s first name.

Example

givenName: John

OID

2.5.4.42

icsAdminRole

Origin

Calendar Server

Syntax

cis

Object Classes

icsAdministrator

Definition

Administrative calendar role that can be assigned to a group.

Example

OID

2.16.840.1.113730.3.1.724

icsAlias

Origin

Calendar Server

Syntax

cis, UTF8 encoded

Object Classes

icsCalendarResource

Definition

Alias associated with a resource. An alias can make a resource name easier for the end user to work with.

Example

The resource named “halleyscomet” can be aliased as “Halley’s Comet”.

icsAlias: Halley’s Comet

OID

2.16.840.1.113730.3.1.725

icsAllowedServiceAccess

Origin

Calendar Server 6.0

Syntax

cis, single-valued

Object Classes

icsCalendarDomain, icsCalendarUser

Definition

This attribute is used only if the icsStatus attribute is not set, or in other words, if icsStatus is set, this attribute is ignored.

Use this attribute to disallow calendar services to a user. As a default all users are allowed access with http, but if you specify this attribute as shown in the example, it disallows the user from receiving calendar access (user is disabled):

Any other setting, or absence of the attribute entirely, results in the user having access to http services (user is enabled).

Example

icsAllowedServiceAccess:http

OID

2.16.840.1.113730.3.1.726

icsAllowRights

Origin

Calendar Server

Syntax

int, single valued

Object Classes

icsCalendarDomain

Definition

A numeric string used to hold bit fields, each corresponding to a set of rights. Each bit corresponds to a setting in the ics.conf file. After you have figured out the bit string settings you want, convert the bits to an integer.

If the property is set (1), the right is not allowed. If the bit is not set (0), the right is allowed.

If this attribute does not exist, the corresponding ics.conf default settings are used.

Table 3-1 defines the meaning of each bit position for bits 0-15:

Table 3-1  Bit Definitions and ics.conf Settings

Property Name and ics.conf Setting Name

Bit

Allows (0) or Disallows (1)

allowCalendarCreation

service.wcap.allowcreatecalendars

0

Creation of calendars

allowCalendarDeletion

service.wcap.allowdeletecalendars

1

Deletion of calendars

allowPublicWritableCalendars

service.wcap.allowpublicwriteablecalendars

2

Publicly writable calendars for users

N/A

3

Reserved. Defaults to 0

allowModifyUserPreferences

service.admin.calmaster.wcap.allowgetmodifyuserprefs

4

Domain Administrator allowed to change user preferences

allowModifyPassword

service.wcap.allowchangepassword

5

Users allowed to change their password

N/A

6

Reserved. Defaults to 0

N/A

7

Reserved. Defaults to 0

allowUserDoubleBook

user.allow.doublebook

8

Double booking of user calendars

allowResourceDoubleBook

resource.allow.doublebook

9

Double booking of resource calendars

allowSetCn

service.wcap.allowsetprefs.cn

10

User preference cn modified by set_userprefs command

allowSetGivenName

service.wcap.allowsetprefs.givenname

11

User preference givenname modified by set_userprefs command

allowSetGivenMail

service.wcap.allowsetprefs.mail

12

User preference mail modified by set_userprefs command

allowSetPrefLang

service.wcap.allowsetprefs.preferredlanguage

13

User preference preferredlanguage modified by set_userprefs command

allowSetSn

service.wcap.allowsetprefs.sn

14

User preference sn modified by set_userprefs command

N/A

15-
31

Reserved. Defaults to all 0

Example

If you decide that you want to disallow the following bits:

then your bit pattern would look like this:

‘00000000000000000000101000000100’

which you would convert into the integer 2564 so that:

icsAllowRights: 2564

OID

2.16.840.1.113730.3.1.727

icsAnonymousAllowWrite

Origin

Calendar Server

Syntax

boolean (yes, no)

Object Classes

icsCalendarDomain

Definition

Specifies if anonymous users can write events in public calendars. The value comes from the ics.conf setting service.wcap.anonymousallowpubliccalendarwrite.

Example

icsAnonymousAllowWrite: yes

OID

2.16.840.1.113730.3.1.728

icsAnonymousCalendar

Origin

Calendar Server

Syntax

ces

Object Classes

icsCalendarDomain

Definition

Calendar ID for anonymous users. The value is taken from the ics.conf setting calstore.anonymous.calid.

Example

icsAnonymousCalendar: guest1

OID

2.16.840.1.113730.3.1.729

icsAnonymousDefaultSet

Origin

Not implemented.

Syntax

ces, UTF8 encoded

Object Classes

icsCalendarDomain

Definition

Default calendar set for anonymous users.

Example

OID

2.16.840.1.113730.3.1.730

icsAnonymousLogin

Origin

Calendar Server

Syntax

boolean (yes, no))

Object Classes

icsCalendarDomain

Definition

Specifies if anonymous login is allowed. Value is taken from the ics.conf file setting service.http.allowanonymousLogin.

Example

icsAnonymousLogin: yes

OID

2.16.840.1.113730.3.1.798

icsAnonymousSet

Origin

Not implemented.

Syntax

ces, UTF8 encoded

Object Classes

icsCalendarDomain

Definition

Reserved. Not implemented.

Default calendar set for anonymous users.

Example

OID

2.16.840.1.113730.3.1.732

icsCalendar

Origin

Calendar Server

Syntax

ces, single-valued

Object Classes

icsCalendarResource, icsCalendarUser

Definition

The calendar ID (calid) of the default calendar for a user or resource. Required attribute. It is a policy of Calendar Server to construct calids based on the user's uid, since it is guaranteed to be unique.

Example

icsCalendar: jdoe

OID

2.16.840.1.113730.3.1.731

icsCalendarOwned

Origin

Calendar Server

Syntax

ces, multi-valued

Object Classes

icsCalendarUser

Definition

Calendars owned by this user. At least one instance of this attribute must exist for each user and must be set with the user's default calendar value. Multiple instances of this attribute can be used to specify other calendars the user owns.

Example

icsCalendarOwned: jdoe
icsCalendarOwned: jdoe:BaseballSchedule
icsCalendarOwned: jdoe:Project
icsCalendarOwned: jdoe:Holidays

OID

1.3.6.1.4.1.42.2.27.9.1.6

icsCapacity

Origin

Not implemented.

Syntax

int, single-valued

Object Classes
Definition

Reserved, not implemented.

Example
OID

2.16.840.1.113730.3.1.800

icsContact

Origin

Not implemented.

Syntax

cis, UTF8 encoded

Object Classes

icsCalendarResource

Definition

Reserved, not implemented.

Resource contact name.

Example

icsContact: John Doe jdoe@sesta.com

OID

2.16.840.1.113730.3.1.733

icsDefaultAccess

Origin

Calendar Server

Syntax

cis, single valued

Object Classes

Definition

Default access control string applied to the user’s default calendar. For more information about access control, see “Access Control Entries” in the Sun Java™ System Calendar Server Programmer’s Manual. If this attribute is not present, the value is taken from the ics.conf file setting calstore.calendar.default.acl.

Example

Granting the user both freebusy and scheduling permission for calendar components.

icsDefaultAccess: @sesta.com^c^sf^g

OID

2.16.840.1.113730.3.1.734

icsDefaultSet

Origin

Calendar Server

Syntax

ces, single-valued

Object Classes

icsCalendarUser

Definition

User preference for what calendars to display at login. User’s can specify any of their calendar sets (groups they have created) to be displayed at login instead of a single calendar.

Example

icsDefaultSet: MyCalendarGroup

OID

2.16.840.1.113730.3.1.735

icsDomainAllowed

Origin

Not implemented.

Syntax

cis, single-valued (see mgrpAllowedDomain)

Object Classes

icsCalendarDomain

Definition

What domains are allowed. The value has the following format:

service-list:client-list

where service-list is a blank- or comma-separated list of one or more service names or wildcards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wildcards.

The following are the explicit wildcards recognized by the system:

ALL

Always matches

LOCAL

Matches any host whose name does not contain a dot character.

UNKNOWN

Matches any host whose name or address are unknown. Use this with care.

KNOWN

Matches any host whose name and address are known. Use with care.

DNSSPOOFER

Matches any host whose name does not match its address.

There is one operator that can be used in the service-list and the client-list:

EXCEPT

Matches anything that matches list 1 unless it matches anything in list 2.

The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated.

You can use patterns to distinguish clients by the network address that they can connect to. For example: service@host_pattern:client-list.

The default value comes from service.http.domainallowed in the ics.conf file.

Example

Allow local access to anyone in the sesta.com domain.

icsDomainAllowed: ALL:sesta.com

OID

2.16.840.1.113730.3.1.736

icsDomainNames

Origin

Calendar Server

Syntax

cis, multi-valued, ASCII

Object Classes

icsCalendarDomain

Definition

For cross-domain searching, each external domain to be searched must be listed using this attribute.

Example

icsDomainNames: sesta.com
icsDomainNames: siroe.com

OID

1.3.6.1.4.1.42.2.27.9.1.3

icsDomainNotAllowed

Origin

Calendar Server

Syntax

cis, single-valued (see mgrpDisallowedDomain)

Object Classes

icsCalendarDomain

Definition

What domains are not allowed. The value has the following format:

service-list:client-list

where service-list is a blank- or comma-separated list of one or more service names or wildcards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wildcards.

The following are the explicit wildcards recognized by the system:

ALL

Always matches

LOCAL

Matches any host whose name does not contain a dot character.

UNKNOWN

Matches any host whose name or address are unknown. Use this with care.

KNOWN

Matches host whose name and address are known. Use with care.

DNSSPOOFER

Matches any host whose name does not match its address.

There is one operator that can be used in the service-list and the client-list:

EXCEPT

Matches anything that matches list 1 unless it matches anything in list 2.

The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated.

The value comes from ics.conf setting service.http.domainnotallowed.

Example 1

If you want to allow access to all but a selected few hosts, you can explicitly deny access as in the following example:

Deny access to anyone at the company22.com domain.

icsDomainNotAllowed: ALL:company22.com

In this instance, you would not need to have any specific icsDomainAllowed attributes.

Example 2

If you want to implement a no-access default, a single instance of this attribute will do it. This denies all service to all hosts, unless they are specifically permitted access by icsDomainAllowed attributes.

icsDomainNotAllowed: ALL:ALL

Example 3

The following example shows how to deny access to any unknown users.

icsDomainNotAllowed: ALL:UNKNOWN@ALL

OID

2.16.840.1.113730.3.1.737

icsDWPBackEndHosts

Origin

Calendar Server 5.1.1

Syntax

cis, multi-valued

Object Classes

icsCalendarDomain

Definition

The list of all possible back end hosts used for calendars found in this domain. This attribute is required if the calendar installation is using the Database Wire Protocol (DWP).

Example

icsDWPBackEndHosts: machine1
icsDWPBackEndHosts: machine2

OID

1.3.6.1.4.1.42.2.27.9.1.5

icsDWPHost

Origin

Calendar Server.1

Syntax

cis, single-valued, ASCII

Object Classes

icsCalendarDWPHost, icsCalendarResource, icsCalendarUser

Definition

Stores a DWP host name so that the calendar ID can be resolved to the Database Wire Protocol (DWP) server that stores the calendar and its data. When the calendar database is distributed across several back end servers, the attribute value is the DNS name of user’s back end host. Each user’s entire calendar will be on a single back end server. Required if using the Calendar Lookup Database (CLD).

This attribute is required if the Calendar installation is using DWP to distribute calendar data across back end calendar data servers. If DWP is not being used, every user’s calendar will be found on the same host as the calendar server. If an installation initially does not use DWP, but later switches to it, the calendar server will fill in this value based on the default DWP host name found in the domain entry. If there is no value or such entry (calendar server is not in hosted domain mode) then the value will be picked up from the ics.conf configuration file.

Example

icsDWPHost:calserv1

OID

1.3.6.1.4.1.42.2.27.9.1.1

icsExtended

Origin

Calendar Server 5.1.1

Syntax

cis, multi-valued

Object Classes

icsCalendarDWPHost

Definition

Extensions for calendar. Reserved.

Example
OID

2.16.840.1.113730.3.1.738

icsExtendedDomainPrefs

Origin

Calendar Server

Syntax

cis, multi- valued

Object Classes

icsCalendarDomain

Definition

Preferences for calendar domains can be set using the properties found in Table 3-2. Each attribute value is a property-value pair. The default settings for these properties are found in the domain server’s ics.conf file. In the absence of this attribute, the ics.conf settings will be used.

Table 3-2  Domain Preferences  

Property

Value

Description

allowProxyLogin

yes, no

Allow proxy login

calmasterAccessOverride

yes, no

Domain administrator can override access control

calmasterCred

string

Bind credentials (password) for user specified in ics.conf setting service.admin.calmaster.
userid

calmasterUid

string

User ID for the domain administrator

createLowerCase

yes, no

Make calendar name lowercase for creating new calendars and looking up calendars.

domainAccess

valid acl string

Access control string for domain. Used in cross-domain searches to permit external domains to search this domain.

fbIncludeDefCal

yes, no

User’s default calendar included in freebusy calendar list.

filterPrivateEvents

yes, no

Filter the private and confidential events on queries to server.

resourceDefaultAcl

valid access string

Resource calendars’ default ACL

setPublicRead

yes, no

Set default user calendars to public read and private write (yes), or private read and private write (no).

subIncludeDefCal

yes, no

User’s default calendar included in subscribed calendar list

uiAllowAnyone

yes/no

Everybody ACL shows and can be used in the user interface.

uibaseURL

valid URL

Base server address.

For example, https://proxyserver/

uiConfigFile

string

Specifies the configuration file for the user interface. (Allows items in the user interface to be turned off.)

uiProxyUrl

string

Proxy server address prepended in user interface JavaScript file.

For example, https://web_portal.com/

Example

icsExtendedDomainPrefs: createLowerCase=yes

icsExtendedDomainPrefs: domainAccess=@@d^a^slfrwd^g;anonymous^a^r^g;@^a^s^g

In this example, any external domain matching the access rights shown above can search this domain.

OID

2.16.840.1.113730.3.1.739

icsExtendedGroupPrefs

Origin

Calendar Server

Syntax

cis

Object Classes

icsAdministrator

Definition

Extensions for calendar group preferences.Reserved.

Example

OID

2.16.840.1.113730.3.1.740

icsExtendedResourcePrefs

Origin

Not implemented.

Syntax

cis

Object Classes
Definition

Reserved, not implemented.

Example
OID

2.16.840.1.113730.3.1.741

icsExtendedUserPrefs

Origin

Calendar Server

Syntax

cis, multi-valued

Object Classes

icsCalendarUser

Definition

Extensions for calendar user preferences. The attribute value is a property-value pair. The following are the properties and their values

Table 3-3  Extended User Preferences  

Properties

Values

Description

ceAllCalendarTZIDS

a standard time zone

Time zone TZID for this calendar.

ceClock

12, 24

Defines whether a 12- or 24-hour clock is used.

ceColorSet

pref_group1
pref_group2
pref_group3
pref_group4
pref_group7

Defines which of the five UI color schemes to use.

ceDateOrder

M/D/Y
D/M/Y
Y/M/D

Determines what order the three elements of a date (month (M), day (D), and year (Y)) are displayed.

ceDateSeparator

Any single printable character. For example: / or -

The single character used to delimit displayed date elements (M,D,Y).

For example, a date can be displayed as: 12/22/2002.

ceDayHead

023

Start time hour (expressed as one of 24 hours in a day) for displaying calendar information.

ceDayTail

023

End time hour (expressed as one of 24 hours in a day) for displaying calendar information.

cdDefaultAgenda

unused

Not currently implemented.

cdDefaultAlarmEmail

email addresses separated by white space

Email Addresses event alarms sent to.

ceDefaultAlarmStart

P[unit count][unit type]

Amount of time before the event an alarm should be sent. Where unit count is any numeric value, and unit type is either M (minutes), H (hours), or D (days).

For example: P10M

ceDefaultTZID

one of standard time zones

For a list of time zones, see Standard Time Zones.

Time zone to use when a calendar does not have one assigned to it.

ceDefaultView

dayview
weekview
monthview
yearview
groupview

View to be presented at log in.

If this parameter is not present, overview is used as the default.

(groupview is the Comparison view on the user interface)

ceExludeSatSun

boolean (0, 1)

Calendars don’t display if value=1. Default is value=0.

ceFontFace

One of these values:
1) Times New Roman, Times, serif
2) Courier New, Courier, noon
3) PrimaSans BT, Verdana, sans-serif

Three choices of font face to be used in the user interface.

ceFontSizeDelta

pref_font_size_
group_2 (normal)

pref_font_size_
group_1 (larger)

pref_font_size_
group_3 (smaller)

Defines three font sizes for the user interface. In the interface they are defined as:
normal, larger, smaller.

ceGroupInviteAll

boolean (0, 1)

When creating an invitation while viewing a group, invite all calendars in the group when value=1; default is 1.

ceInterval

PT0H15M
PT0H30M
PT1H0M
PT2H0M
PT4H0M

Defines the time interval to be used when displaying calendar information.
Intervals are: 15 min., 30 min., 1hour, 2 hours, 4 hours.

ceNotifyEmail

any valid RFC 822 email address

Email address notifications are mailed to when the calendar receives an invitation to an event.

ceNotifyEnable

0, 1

Enables/disables email notifications being sent when the calendar receives an invitation to an event.
0 = do not sent notifications
1 = send notifications

ceSingleCalendarTZID

any valid time zone

For a list of valid time zones, see Standard Time Zones.

Lists the time zone assigned to this calendar.
If the parameter is not sent, the default time zone is used.

For example: America/Los_Angeles

ceToolImage

0, 1

Toggle for the user interface display of icon images on the toolbar.
0 = do not display icons,
1 = display icons (default)

ceToolText

0, 1

Toggle for the user interface display of icon text on the toolbar.
0 = do not display text with the icon
1 = display text with the icon (default)

Note  

Regarding ceToolImage and ceToolText: the user interface only allows three possibilities for the toolbar: icons and text (attributes values 1, 1), icons only (attributes values 1, 0), and text only (attributes values 0, 1). It does not allow the user to turn off both icons and text (attributes values 0, 0).

Example

icsextendeduserprefs: ceClock=12

icsextendeduserprefs: ceColorSet=pref_group_1

icsextendeduserprefs: ceDateOrder=D/M/Y

icsextendeduserprefs: ceDateSeparator=/

icsextendeduserprefs: ceDayHead=10

icsextendeduserprefs: ceDayTail=17

icsextendeduserprefs: ceDefaultAlarmEmail=jdoe@sesta.com

icsextendeduserprefs: ceDefaultAlarmStart=P30H

icsextendeduserprefs: ceDefaultTZID=America/New_York

icsextendeduserprefs: ceDefaultView=groupview

icsextendeduserprefs: ceFontFace=PrimaSans BT,Verdana,sans-serif

icsextendeduserprefs: ceFontSizeDelta=pref_font_size_group_3

icsextendeduserprefs: ceInterval=PT2H0M

icsextendeduserprefs: ceNotifyEmail=jdoe@sesta.com

icsextendeduserprefs: ceNotifyEnable=0

icsextendeduserprefs: ceSingleCalendarTZID=America/Los_Angeles

icsextendeduserprefs: ceToolText=1

icsextendeduserprefs: ceToolImage=1

OID

2.16.840.1.113730.3.1.742

icsFirstDay

Origin

Calendar Server

Syntax

cis, single-valued

Object Classes

icsCalendarUser

Definition

First day of the week to be displayed on user’s calendar.

Range of values: 1–7, with 1 = Sunday, 2 = Monday, 3= Tuesday, 4 = Wednesday,
5 = Thursday, 6 = Friday, 7 = Saturday

Example

icsFirstDay: 1

OID

2.16.840.1.113730.3.1.743

icsFreeBusy

Origin

Not implemented.

Syntax

ces, single-valued

Object Classes
Definition

Reserved, not implemented.

Example
OID

2.16.840.1.113730.3.1.744

icsGeo

Origin

Not implemented.

Syntax

cis single-valued

Latitude; longitude

Object Classes
Definition

Reserved, not implemented.

Geographical location of user or resource.

Example

This class exists only for compliance with the RFC spec and is not used.

OID

2.16.840.1.113730.3.1.745

icsMandatorySubscribed

Origin

Calendar Server

Syntax

ces

Object Classes

icsCalendarDomain

Definition

The valid calendar IDs for mandatory subscribed calendars for all users in a domain.

Example

icsMandatorySubscribed: ConfRm1@sesta.com:meetings

OID

2.16.840.1.113730.3.1.746

icsMandatoryView

Origin

Calendar Server

Syntax

cis

Object Classes

icsCalendarDomain

Definition

The mandatory default view for all calendars in a domain. Views are: overview, day, week, month, year, comparison.

Example

icsMandatoryView: overview

OID

2.16.840.1.113730.3.1.747

icsPartition

Origin

Not implemented.

Syntax

cis, single-valued, ASCII

Object Classes

icsCalendarResource, icsCalendarUser

Definition

Reserved. not implemented.

The name of the partition that holds a calendar database. There is no default value.

Example

icsPartition: partition1

OID

1.3.6.1.4.1.42.2.27.9.1.4

icsPreferredHost

Origin

Not implemented.

Syntax

cis, single-valued

Object Classes
Definition

Reserved, not implemented.

Specifies the preferred host for this calendar. This attribute is used by clients to retrieve the front-end-host server name.

Example
OID

2.16.840.1.113730.3.1.749

icsQuota

Origin

Not implemented.

Syntax

int, single-valued

Object Classes
Definition

Reserved, not implemented.

Example
OID

2.16.840.1.113730.3.1.748

icsRecurrenceBound

Origin

Calendar Server

Syntax

int, single-valued

Object Classes

icsCalendarDomain

Definition

Maximum number of instances created for events and todos with infinite recurrence. The value is taken from the ics.conf setting calstore.recurrence.bound.

Example

icsRecurrenceBound: 60

OID

2.16.840.1.113730.3.1.750

icsRecurrenceDate

Origin

Calendar Server

Syntax

cis, single-valued

Object Classes

icsCalendarDomain

Definition

An ISO8601 date/time string specifying the maximum date for events and todos with infinite recurrence.

Example

icsRecurrenceDate: 20300365T115959Z

OID

2.16.840.1.113730.3.1.751

icsRegularExpressions

Origin

Calendar Server.1

Syntax

ces, multi-valued, UTF8

Object Classes

icsCalendarDWPHost

Definition

Stores regular expressions used to divide the LDAP database between servers.

Example

icsRegularExpressions: A–F,G–L,M–T,U–Z

A–F, G–L, M–T, U–Z are possible values for instances of this attribute and describe a database divided alphabetically between four servers.

OID

1.3.6.1.4.1.42.2.27.9.1.2

icsSessionTimeout

Origin

Calendar Server

Syntax

int, single-valued

Object Classes

icsCalendarDomain

Definition

Number of seconds of inactivity before a user session is timed out. Read from ics.conf setting service.http.idletimeout.

Example

icsSessionTimeout: 600

OID

2.16.840.1.113730.3.1.752

icsSet

Origin

Calendar Server

Syntax

cis, multi-valued

Object Classes

icsAnonymousSet,icsCalendarUser,icsDefaultAnonymousSet

Definition

Defines one group of calendars. End users create these groups for various tasks. Each group is represented by one icsSet attribute, that is, for every group the user creates there will be one icsSet attribute. For example, if the user has three groups defined, there will be three icsSet attributes.

The value for this attribute is a six-part string, with each part separated by a dollar sign ($).

The following table shows the six parts of this attribute’s value:

Table 3-4  Six Parts of the Attribute Value  

Part

Required?

Description

name

Required

The display name of this group.

calendars

Required

A semi-colon-separated list of calendar IDs (calid) that comprise this group.

tzmode

Required

Three possible values: default, inherit, specify. The value that tells where the time zone for this group comes from.

default – take user’s default time zone
inherit – take the time zone of the first calendar in the group
specify – take the time zone from the tz value that follows.

tz

Not Required, unless
tzmode = specify

A valid time zone for this group. For a list of acceptable values, see Standard Time Zones. Value is optional unless tzmode = specify, then it is required.

mergeInDayView

Required

A boolean (TRUE/FALSE). The value tells whether to display this group in the Day view (TRUE) or the Comparison view (FALSE)

description

Not Required

Character string. Optional description of the calendar.

Example

The value of this attribute should all be on one line or if you wish to break a line, start the next line with a single space or tab.

icsSet: name=GroupName$calendars=calid1;calid2;calid3$
 tzmode=specify$tz=America/Los_Angeles$mergeInDayView=FALSE$
 description=Example group of calendars.

OID

2.16.840.1.113730.3.1.753

icsSourceHtml

Origin

Calendar Server

Syntax

ces, single-valued

Object Classes

icsCalendarDomain

Definition

The alternate location of all client HTML files. A directory path that is relative to the installed client HTML files. The default value comes from the ics.conf setting service.http.uidir.path.

Table 3-5 lists the values for this attribute.

Table 3-5  Alternate Locations for Client HTML files.

Parameters

Value

Definition

sourceUrl

directory

Directory relative to executable, where all URL references to files are stored.

uiDirPath

directory

Directory containing the default client. If only WCAP access is allowed, value is ““.

calHostname

hostname

HTTP host for retrieving HTML documents.

Example

icsSourceHtml: calHostname=calhost1

OID

2.16.840.1.113730.3.1.754

icsStatus

Origin

Calendar Server

Syntax

cis, single-valued

Object Classes

icsCalendarDomain, icsCalendarDWPHost, icsCalendarGroup, icsCalendarResource, icsCalendarUser

Definition

This attribute must be set when assigning calendar services to a domain. The attribute describes the status of this domain’s calendar service with one of the values specified in Table 3-6:

Table 3-6   Calendar Status Values

Status

Definition

active

Users and resources in this domain have access to calendar services.

inactive

No calendar services allowed for any users or resources in this domain, until the status is changed to active again. Calendars remain in the database and the LDAP entry remains.

deleted

No calendar service allowed for any users or resources in this domain. It is marked for deletion. Calendars will be removed from the database and the LDAP attributes that control the calendar’s service will be removed.

All the entries remain in the directory, but object classes having to do only with calendars for these users, resources and domains will be removed. For example, icsCalendarUser, icsCalendarResource, icsCalendarDomain will be removed. In addition all attributes with the ics prefix will be removed.

For resources, it means that the resources associated with this object are to be removed from the calendar system, but the entry remains in the directory. For domains, all calendars associated with all the users and resources within that domain are to be removed.

If this attribute is not set, the icsAllowedServiceAccess attribute is checked. If present and the value of that attribute is http, then calendar services are disabled for the user (the user status is inactive). If icsAllowedServiceAccess has any other value, or if both attributes are missing, then the default user status is active.

Calendar services evaluate the following status attributes in order:inetDomainStatus, icsStatus (for icsCalendarDomain), either inetResourceStatus or inetUserStatus, and icsStatus (for either icsCalendarResource or icsCalendarUser).

The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.

Example

icsStatus: active

OID

2.16.840.1.113730.3.1.755

icsSubscribed

Origin

Calendar Server

Syntax

ces, multi-valued

Object Classes

icsCalendarUser

Definition

List of calendars to which this user is subscribed. This includes all the calendars that the user owns, as well as any calendars owned by others to which the owner subscribes.

The value of this attribute is the calendar ID and optionally, the calendar name, with a dollar sign ($) between them, when present.

Example

icsSubscribed: jdoe$MyHomeCalendar
icsSubscribed: jsmith

OID

2.16.840.1.113730.3.1.756

icsTimezone

Origin

Calendar Server

Syntax

cis

Object Classes

icsCalendarResource, icsCalendarUser

Definition

The default time zone for this user or resource calendar if one is not explicitly assigned through their own user preferences (see icsExtendedUserPrefs). Specifically a valid time zone from the list found in Standard Time Zones. The value is taken from the ics.conf setting calstore.default.timezoneID.

Example

icsTimezone: America/Chicago

OID

2.16.840.1.113730.3.1.757

inetCanonicalDomainName

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetDomainAuthInfo

Definition

Used both in LDAP Schema 1 and compatibility mode for LDAP Schema 2 (with a DC Tree). This attribute is a fully qualified domain name. For an explanation of native and compatibility mode LDAP structures, see the Sun Java™ Enterprise System Installation Guide.

In Schema 1 or compatibility mode, if more than one DC node in a DC tree refers to the same organization node in the Organization tree, this attribute is used to specify the canonical domain name used by the mail processes to open users’ mailboxes. (There can be only one canonical domain name per organization node, but there can be many DC nodes referring to the same organization node)

This attribute is not necessary if there is only one DC node referring to an organization node. If the attribute is missing, the DC node entry is taken for the canonical domain name.

If this attribute is missing and there are multiple DC nodes referring to the same organization node, the mail processes could possibly use the wrong domain name when trying to open users’ mailboxes.

Using multiple domain nodes to point to the same organization node allows you to have different attribute settings (and therefore different routing) for each one. If you want to be sure the two domains have the same attribute settings (are routed identically), use aliasedObjectName on the duplicate node instead.

This attribute is not used for the LDAP Schema 2 native mode LDAP data model.

Example

For the corporation sesta.com, if two DC nodes exist, dc=sesta and dc=sesta2, both referring to the organization node o=sesta, then you must specify one of them in the attribute:

inetCanonicalDomainName: sesta.com

Thus:

dn: dc=sesta,dc=com,o=internet
inetDomainBaseDN: o=sesta.com
inetCanonicalDomainName: sesta.com

dn: dc=sesta2,dc=com,o=internet
inetDomainBaseDN: o=sesta.com

OID

2.16.840.1.113730.3.1.701

inetCoS

Origin

Messaging Server 5.0

Syntax

cis, multivalued

Object Classes

ipUser

Definition

(Organization tree domain) Specifies the name of the Class of Service (CoS) template supplying values for attributes in the user entry. The RDN of the CoS template is the value of this attribute. Attribute values provided by the template and any override rules are specified in the CoS definition. CoS definitions are created by using the object class cosDefinition. The value of attribute cosSpecifier in CoS definition entry is set to inetCoS. Create CoS definitions and templates in the container ou=CoS in the subtree for that domain. See the iPlanet Messaging Server 5.2 Provisioning Guide for more information.

Example

inetCoS: HallofFame

OID

2.16.840.1.113730.3.1.706

inetDomainBaseDN

Origin

Messaging Server 5.0

Syntax

dn, single-valued

Object Classes

inetDomain, sunManagedOrganization

Definition

In Schema 2, this attribute decorates index nodes configured to support multiple logical groupings that point to the same physical data. In Schema 1, the attribute decorates domain nodes on the DC Tree when in compatibility mode.

Schema 2

When your deployment comprises multiple logical groupings pointing to the same physical data, the directory may be configured to contain index nodes. Each index node must include the attribute inetDomainBaseDN; the attribute's value must point to the physical node under which the physical data is contained. The physical node must be decorated with the sunManagedOrganization object class.

Schema 1

The two domains, the alias and the referenced domain, can have different attribute values, such that routing will differ between the two. If you want to ensure routing is the same, the attribute values of both domains must be identical.

DN of the organization’s subtree where all user/group entries are stored. This attribute points to a valid Organization subtree DN. Messaging Server components using the RFC 2247 search (compatibility mode) must resolve this DN in order to search for user and group entries that correspond to the hosted organization.

Example

inetDomainBaseDN: o=sesta.com,o=siroe-isp.com

OID

2.16.840.1.113730.3.1.690

inetDomainCertMap

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetDomainAuthInfo

Definition

Reserved.

Example

TBD

OID

2.16.840.1.113730.3.1.700

inetDomainSearchFilter

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetDomainAuthInfo

Definition

LDAP search filter to use in search templates when performing a native mode search. The compatibility mode RFC 2247 algorithm search requires this attribute, but ignores its value.

Used during authentication to map login name in that domain to an LDAP entry.

The following variables can be used in constructing the filter:

If this attribute is missing, it is equivalent to:

(&(objectclass=inetOrgPerson)(uid=%U))

Namespaces where users are provisioned with compound uids, such as uid=john_siroe.com, where john is the userID and siroe.com is the domain, would use a search filter of uid=%U_%V. This maps a login string of john@siroe.com (where @ is the login separator for the service) into a search request by the service for an entry’s namespace of siroe.com, where uid=john_siroe.com.

An alternate example of using this attribute would be for sites wanting to log people in based on their employee identification. Assuming the attribute empID in user entries stores employee identifications, the search filter would be:

(&(objectclass=inetOrgPerson)(empID=%U)).

This attribute must return a unique match for valid users within the inetDomainBaseDN subtree.

Example

inetDomainSearchFilter: uid=%U

OID

2.16.840.1.113730.3.1.699

inetDomainStatus

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetDomain

Definition

Applications using a DC Tree as their entry point (RFC 2247 compliant compatibility mode LDAP data model) may choose to respect application specific status attributes, but must consume and respect this attribute on the affiliated physical node (Organization Tree). In other words, for compatibility mode, both the DC Tree and the Organization Tree contain this attribute and if the two attribute’s values differ, the one on the Organization Tree will take precedence.

Specifies the global status of a domain for all services. The intent of this attribute is to allow the administrator to temporarily suspend and then reactivate access, or to permanently remove access, by the domain and all its users to all the services enabled for that domain.

This attribute takes one of three values. Supported values are:

Table 3-7  Status Attribute Values

Value

Description

active

Domain is active and users in the domain may use services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service.

inactive

Domain is inactive. The account may not use any services granted by service-specific object classes. This state overrides individual service status set using the service’s status attributes.

deleted

Domain is marked as deleted. The account may remain in this state within the directory for some time (pending purging of deleted users). Service requests for all users in a domain marked as deleted will return permanent failures.

A missing value implies status is active. An illegal value is treated as inactive.

There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.

Similarly, this attribute is used for calendar services when evaluating status. The status attributes used are: inetDomainStatus, icsStatus (of icsCalendarDomain), either inetResourceStatus or inetUserStatus, and icsStatus (of either icsCalendarResource or icsCalendarUser).

In addition, in compatibility mode, when this attribute decorates both the DC Tree and the Organization Tree, both attributes should agree. Administrators are responsible for keeping the two synchronized. If the two attributes do not have the same value, Messaging Server will use the value found in the Organization Tree, while some other legacy application might be using the DC Tree attribute only. This could cause unpredictable results.

For more information on native and compatibility mode LDAP schemes, see the Sun Java™ Enterprise System Installation Guide.

Example

inetDomainStatus: active

OID

2.16.840.1.113730.3.1.691

inetMailGroupStatus

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailGroup

Definition

Current status of a mail group.

The following table lists the possible status values and gives a description of each:

active

Messages are delivered to the members of the mailing list.

inactive

Messages sent to the mailing list result in a transient failure.

disabled

Mailing list is disabled. Messages sent to the mailing list result in a permanent failure returned to the sending MTA with text specified by the ERROR_TEXT_DISABLED_GROUP MTA option. If option is not set, the message "group disabled; cannot receive new mail" will be used.

deleted

Mailing list can be purged from the directory. Messages sent to the group return a permanent failure.

A missing value implies status is active. An illegal value is treated as inactive.

There are four status attributes that interact with each other: inetDomainStatus, mailDomainStatus, inetGroupStatus, and inetMailGroupStatus. These are considered in the order just given. The first one with a status of active takes precedence over the setting of all the others.

The MTA option LDAP_GROUP_STATUS can be used to specify a different attribute to be used for group status.

Example

inetMailGroupStatus: active

OID

2.16.840.1.113730.3.1.786

inetResourceStatus

Origin

Calendar Server

Syntax

cis, single-valued

Object Classes

inetResource

Definition

This is a global status for resources. It holds the current status of the resource: active, inactive, or deleted for all services. It is used by Access Manager to manage resources. Status changes can be made to a resource’s status using the commcli interface, or by directly changing the LDAP entry for the group.

The following table lists the attribute’s values and their meanings:

Table 3-8  Status Attribute Values

Value

Description

active

The resource is active and it may be used in services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service.

inactive

Resource is inactive. The resource may not be used in any services granted by service-specific object classes. This state overrides individual service status set using the service’s status attributes.

deleted

Resource is marked as deleted. The resource may remain in this state within the directory for some time (pending purging of deleted resources). Service requests for all resources marked as deleted will return permanent failures.

There are several status attributes that are evaluated to determine status. They are evaluated in this order: inetDomainStatus, icsStatus (for icsCalendarDomain), inetResourceStatus, icsStatus (for icsCalendarResource). These are considered in the order just given. The first one with a status of active takes precedence over the setting of all the others.

Example

inetResourceStatus: active

OID

2.16.840.1.113730.3.1.758

inetSubscriberAccountId

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetSubscriber

Definition

A unique account ID used for billing purposes.

Example

inetSubscriberAccountId: A3560B0

OID

2.16.840.1.113730.3.1.694

inetSubscriberChallenge

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetSubscriber

Definition

Attribute for storing the challenge phrase used to identify the subscriber. Used in conjunction with the inetSubscriberResponse.

Example

inetSubscriberChallenge=Mother’s Maiden Name

OID

2.16.840.1.113730.3.1.695

inetSubscriberResponse

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetSubscriber

Definition

Attribute for storing the response to the challenge phrase.

Example

inetSubscriberResponse=Mamasita

OID

2.16.840.1.113730.3.1.696

inetUserHttpURL

Origin

Messaging Server 5.0, deprecated in Messaging Server 6.0

Syntax

cis, single-valued

Object Classes

inetUser

Definition

This attribute is deprecated for the user class inetUser starting in Messaging Server 6.0 and is likely to be removed from the object class in future versions of the schema.

User’s primary URL for publishing Web content. This is an informational attribute and may be used in phonebook-type applications. It is not intended to have any operational impact.

Example

inetUserHttpURL: http://www.siroe.com/theotis

OID

2.16.840.1.113730.3.1.693

inetUserStatus

Origin

Messaging Server 5.0, Calendar Server 5.1.1

Syntax

cis, single-valued

Object Classes

inetUser

Definition

Specifies the status of a user’s account with regard to global server access.This attribute enables the administrator to temporarily suspend, reactivate, or permanently remove access to all services for a user account.

The following table lists the values for this attribute:

Table 3-9  Status Attribute Values

Values

Description

active

The user account is active and the user can use all services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service. For example, a user can use the email system if both mailUserStatus and inetDomainStatus are set to active.

inactive

The user account is inactive. The account cannot use any services granted by service-specific object classes. This state overrides individual service status set using the service’s status attributes.

deleted

The account is marked as deleted. The account can remain in this state within the directory for some time (pending purging of deleted users). Service requests for a user marked as deleted must return permanent failures.

A missing value implies status is active. An illegal value is treated as inactive.

There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.

For calendar services, the attributes evaluated are: inetDomainStatus, icsStatus (for icsCalendarDomain), inetUserStatus, icsStatus (for icsCalendarUser).

When this attribute applies to a static group, defined using the inetUser object class, inactivating (disabling) the group only applies to the group itself and not the users in the group.

To disable the users of a group, create a dynamic group by assigning roles to the users, and then disable the role (which disables all users assigned to that role). For more information about roles, see the Sun Java™ System Directory Server Administrator’s Guide.

The MTA option LDAP_USER_STATUS can be used to specify a different attribute to be used for user status.

Example

inetUserStatus=inactive

OID

2.16.840.1.113730.3.1.692

mail

Origin

Messaging Server 5.0

Syntax

cis, single-valued (RFC 822 address)

Object Classes

inetLocalMailRecipient, icsCalendarResource, icsCalendarUser

Definition

Identifies a user’s primary email address (the email address retrieved and displayed by white-pages lookup applications).

This attribute and mailAlternateAddress, are the default attributes used for reverse searches.

Example

mail=jdoe@sesta.com

OID

0.9.2342.19200300.100.1.3

mailAccessProxyPreAuth

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

mailDomain

Definition

Attribute tells the MMP if the users in this domain have to be preauthenticated. Permitted values are yes or no.

Example

mailAccessProxyPreAuth=yes

OID

2.16.840.1.113730.3.1.769

mailAccessProxyReplay

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

mailDomain

Definition

This attribute tells the Messaging Multiplexor how to reconstruct the login string when replaying the login sequence with the backend mail server. A missing attribute implies that the message access proxies construct the replay string based on the login name used by the client, the domain of the client, and the login separator used for this service. The mailAccessProxyReplay attribute overrides this default behavior when the message access proxy has a different backend server than Communications Services.

The syntax is that of a login string, with the following substitutions:

Examples
  1. If the client logs in as hugo and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay=%U@%V, the replayed login string is hugo@yoyo.com.
  2. If the client logs in as hugo, and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay=%[surname]@%V, the replayed login string is the value of the surname attribute of the client.
  3. If the client logs in as hugo+yoyo.com, and the login separator for the service used is +, and mailAccessProxyReplay=%U@%V, the replayed login string is hugo@yoyo.com.
  4. If the client logs in as hugo, and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay is not defined, and the login separator for the service used is +, the replayed login string is hugo+yoyo.com.
OID

2.16.840.1.113730.3.1.763

mailAdminRole

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailAdministrator

Definition

Specifies the administrative role assigned to the members of the group. The only legal value for this attribute is storeAdmin. The object class that contains this attribute—inetMailAdministrator—is overlaid on a group entry to grant members of a group administrative privileges over part of the mail server. Currently the only privilege group members inherit are rights to perform proxy authentication for any user in the domain. These rights extend over users in the same domain as where the group is defined. To grant such privileges the attribute mailAdminRole must be set to the value storeAdmin.

Example

mailAdminRole: storeAdmin

OID

2.16.840.1.113730.3.1.780

mailAllowedServiceAccess

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Stores access filters (rules). If no rules are specified, then user is allowed access to all services from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:

For a full explanation of access filters and an alternate way to control access through the administration console or the config utility, see “Configuring Client Access to POP, IMAP, and HTTP Services” in the Messaging Server Administration Guide.

Rule Syntax

"+" or "-"service_list":"client_list

+ (allow filter) means the services in the service list are being granted to the client list.

- (deny filter) means the services are being denied to the client list.

service_list is a comma separated list of services to which access is being granted or denied.

Legal service names are: imap, imaps, pop, pops, smtp, smtps, http, and smime. Note that the MMP supports imap, imaps, pop, pops, and smtp, and smime.The backend supports imap, pop, smtp, http, and smime.

client_list is a comma separated list of clients (domains) to which access is being granted or denied.

Wildcards can be substituted for the client list (domains). The following table shows the legal wildcards and gives a description of each:

Table 3-10   Wildcards

Wildcards

Description

ALL, *

The universal wildcard. Matches all names.

DNSSPOOFER

Matches any host whose DNS name does not match its own IP address.

KNOWN

Matches any host whose name and address are known. Use with care.

LOCAL

Matches any local host (one whose name does not contain a dot character). If your installation uses only canonical names, even local host names will contain dots and thus will not match this wildcard.

UNKNOWN

Matches any host whose name or address are unknown. Use this with care.

The following wildcards can be used for the service list: *, ALL.

Except Operator

The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule’s service list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.

The EXCEPT format is:

list1 EXCEPT list2

where list1 is a comma separated list of services and list2 is a comma separated lists of clients.

Example

This example shows a single rule with multiple services and a single wildcard for the client list.

mailAllowedServiceAccess: +imap,pop,http:*

This example shows multiple rules, but each rule is simplified to have only one service name and uses wildcards for the client list. (This is the most commonly used method of specifying access control in LDIF files.)

mailAllowedServiceAccess: +imap:ALL$+pop:ALL$+http:ALL

An example of how to disallow all services for a user is:

mailAllowedServiceAccess: -imap:*$-pop:*$-http:*

An example of a rule with an EXCEPT operator is:

mailAllowedServiceAccess: -ALL:ALL EXCEPT server1.sesta.com

This example denies access to all services for all clients except those on the host machine server1.sesta.com.

OID

2.16.840.1.113730.3.1.777

mailAlternateAddress

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetLocalMailRecipient, pabPerson

Definition

Alternate RFC 822 email address of this recipient. If the MTA receives mail with a “to” header with this email address, it rewrites the header with the value of the mail attribute and routes the email to that inbox. The reverse-pointing addresses are rewritten from the value of any of a user's mailAlternateAddress attributes to the value of the user's mail attribute. (That is, the MTA will rewrite the following headers, if they match this attribute, to the value of the user's mail attribute.)

The mailEquivalentAddress attribute works similarly to route the email, but does not rewrite the header.

The local part of the address may be omitted to designate a user/group as the catchall address. A catchall domain address is an address that will receive mail to a specified domain if the MTA does not find an exact user address match with that domain.

This attribute, along with mail, are the default attributes used for reverse searches.

Example

mailAlternateAddress: jdoe@sesta.com

mailAlternateAddress: @sesta.com (catchall domain address)

OID

2.16.840.1.113730.3.1.13

mailAntiUBEService

Origin

Messaging Server 5.2

Syntax

cis, multi-valued

Object Classes

inetMailUser, mailDomain

Definition

The string values given by this and other optin attributes are collected and passed to the filtering agent being used (for instance, Brightmail).

For Brightmail spam and virus checking, the interpretation of these strings is specified in the Brightmail configuration file. Brightmail uses the information from this attribute for its processing.

There are two Brightmail values:

SpamAssasin, another filtering agent, does not use the actual value of the attribute; it can be set to anything.

While another attribute can be named in the option.dat setting for LDAP_OPTIN, it is not recommended. (For more information on Brightmail, see the Messaging Server Administration Guide.)

To use this attribute to specify per user optin values, set the following in the option.dat file:

LDAP_OPTIN=mailAntiUBEService

To use the attribute to specify domain level optin values, set the following in the option.dat file:

LDAP_DOMAIN_ATTR_OPTIN=mailAntiUBEService

Example

mailAntiUBEService: virus

mailAntiUBEService: spam

OID

mailAutoReplyMode

Origin

Messaging Server 5.0 (for reply mode), Messaging Server 5.2 patch 1 (for echo mode)

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Specifies the autoreply mode for user mail account. This is one of several autoreply attributes used when autoreply is an active mail delivery option. The two modes for autoreply are:

Example

mailAutoReplyMode: reply

OID

2.16.840.1.113730.3.1.14

mailAutoReplySubject

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Subject text of auto-reply response. $SUBJECT can be used to insert the subject of the original message into the response.

Example

mailAutoreplySubject: I am on vacation

OID

2.16.840.1.113730.3.1.772

mailAutoReplyText

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Auto-reply text sent to all senders except users in the recipient’s domain. If not specified, external users receive no auto response.

Example

mailAutoreplyText: Please contact me later.

OID

2.16.840.1.113730.3.1.15

mailAutoReplyTextInternal

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Auto-reply text sent to senders from the recipients domain. If not specified, then internal uses get the mail auto-reply text message.

Example

mailAutoreplyTextInternal: Please contact me later.

OID

2.16.840.1.113730.3.1.773

mailAutoReplyTimeOut

Origin

Messaging Server 5.0

Syntax

int, single-valued

Object Classes

inetMailUser

Definition

Duration, in hours, for successive auto-reply responses to any given mail sender. If the value is set to 0 for mailAutoReplyMode: echo then a response is sent back every time a message is received. Auto-reply responses are sent out only if the recipient is listed in the “to” or “cc:” of the original message.

Example

mailAutoreplyTimeout: 48

OID

2.16.840.1.113730.3.1.771

mailClientAttachmentQuota

Origin

Messaging Server 5.0

Syntax

int, single-valued

Object Classes

mailDomain

Definition

A positive integer value indicating the number of attachments the Messenger Express user can send per message in this domain. A value of -1 means no limit on attachments.

Example

mailClientAttachmentQuota: 12

OID

2.16.840.1.113730.3.1.768

mailConversionTag

Origin

iPlanet Messaging Server 5.2

Syntax

cis, multi-valued (ASCII string)

Object Classes

inetMailGroup, inetMailUser

Definition

Method of specifying unique conversion behavior for a user or group entry. A message sent to this user or group will match any conversion file entries that require the specified value of the tag. (Any string value can be associated with this attribute.)

Tag-specific conversion actions are specified in the MTA configuration.

The MTA option used to override this attribute is LDAP_CONVERSION_TAG.

Example
OID

mailDeferProcessing

Origin

iPlanet Messaging Server 5.2

Syntax

cis, single-valued (ASCII string)

Object Classes

inetMailGroup, inetMailUser

Definition

Controls whether or not address expansion of the current user or group entry is performed immediately (value is “No”), or deferred (value is “Yes”).

Note

A different attribute (other than mailDeferProcessing) can be designated for this purpose in the MTA option LDAP_REPROCESS.

Deferral takes place if the value is “Yes” and the current source channel isn’t the reprocess channel. Deferral is accomplished by directing the user or group’s address to the reprocess channel. That is, the expansion of the alias is aborted and the original address (user@domain) is queued to the reprocess channel.

If this attribute does not exist, the setting of the deferred processing flag associated with delivery options processing is checked. If it is set, processing is deferred.

If it is not set, the default for users is to process immediately (as if the value of this attribute were “No”).

The default for groups (such as mailing lists) is controlled by the MTA option DEFER_GROUP_PROCESSING, which defaults to 1 (yes).

Best Practices Suggestions for Duplicate Message Problem

Getting duplicate copies of messages can happen. For example, if a user sends an email to both addresseeA, and groupA that contains addresseeA, and DEFER_GROUP_PROCESSING=1 and this attribute is No, then the message immediately duplicates, such that addresseeA gets two copies, one that came directly, and one that took the deferred expansion hop through the reprocess channel for groupA to get expanded.

While disabling deferred group expansion would eliminate the duplicate, that’s not a good idea if you have a lot of large groups. Using expandlimit 1 can potentially cause unnecessary overhead on general, non-group, multi-recipient messages.

To minimize the effect of this situation, the following two solutions are best practices:

Example

The default for mail users:

mailDeferProcessing: No

The default for mailing lists:

mailDeferProcessing:Yes

OID

TBD

mailDeliveryFileURL

Origin

Messaging Server 5.0

Syntax

ces, single-valued

Object Classes

inetMailGroup

Definition

Fully qualified local path of file to which all messages sent to the mailing list are appended. Used in conjunction with mailDeliveryOption: file.

The MTA option used to override this attribute’s value is LDAP_PROGRAM_FILE.

Example

mailDeliveryFileURL: /home/dreamteam/mail_archive

OID

2.16.840.1.113730.3.1.787

mailDeliveryOption

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetMailGroup, inetMailUser

Definition

Specifies delivery options for the mail recipient. One or more values are permitted on a user or group entry, supporting multiple delivery paths for inbound messages. Values will apply differently depending on whether the attribute is used in inetMailGroup or inetMailUser.

Note, that the mailUserStatus attribute is processed before this attribute. If mailUserStatus is set to hold, an internal flag is set so that when mailDeliveryOption is processed, the mailUserStatus hold overrides whatever delivery options are specified with mailDeliveryOption.

For users, delivery addresses are generated for each valid delivery option value.

Valid values are:

For users only (inetMailUser):

For groups only (inetMailGroup):

Both users and groups:

These values are handled the same for both users and groups.

The MTA option DELIVERY_OPTIONS, found in the msg_svr_base/config/option.dat file, defines how each of the previously listed values will be processed.

The MTA option used to override this attribute’s value is LDAP_DELIVERY_OPTION.

Example

mailDeliveryOption: mailbox

OID

2.16.840.1.113730.3.1.16

mailDomainAllowedServiceAccess

Origin

Messaging Server 5.0

Syntax

cis, single valued

Object Classes

mailDomain

Definition

Stores access filters (rules). If no rules are specified, then domain is allowed access to all services from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:

For a full explanation of access filters and an alternate way to control access through the administration console or the config utility, see “Configuring Client Access to POP, IMAP, and HTTP Services” in the Messaging Server Administration Guide.

Rule Syntax

"+" or "-" <service_list>":"<client_list>

+ (allow filter) means the service list services are being granted to the client list.

- (deny filter) means the services are being denied to the client list.

service_list is a comma separated list of services to which access is being granted or denied.

Legal service names are: imap, imaps, pop, pops, smtp, smtps, http, and smime. Note that the MMP supports imap, imaps, pop, pops, and smtp, and smime.The backend supports imap, pop, smtp, http, and smime.

client_list is a comma separated list of clients (domains) to which access is being granted or denied.

Wildcards can be substituted for the client list (domains). The following table shows the allowed wildcards and describes each of them:

Table 3-11  Wildcards

Wildcards

Meanings

ALL, *

The universal wildcard. Matches all names.

DNSSPOOFER

Matches any host whose DNS name does not match its own IP address.

KNOWN

Matches any host whose name and address are known. Use with care.

LOCAL

Matches any local host (one whose name does not contain a dot character). If your installation uses only canonical names, even local host names will contain dots and thus will not match this wildcard.

UNKNOWN

Matches any host whose name or address are unknown. Use this with care.

The following wildcards can be used for the service list: *, ALL.

Except Operator

The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule’s service list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.

The EXCEPT format is:

list 1 EXCEPT list 2

A list is a comma separated list of services or clients.

Example

This example shows a single rule with multiple services and a single wildcard for the client list.

mailDomainAllowedServiceAccess: +imap,pop,http:*

This example shows multiple rules, but each rule is simplified to have only one service name and uses wildcards for the client list.

mailDomainAllowedServiceAccess: +imap:ALL$+pop:ALL$+http:ALL

The second example is probably the most commonly used in Messaging Server LDIF files.

An example of a rule with an EXCEPT operator is:

mailDomainAllowedServiceAccess: -ALL:ALL EXCEPT server1.sesta.com

This example denies access to all services for all clients except those on the host machine server1.sesta.com.

OID

2.16.840.1.113730.3.1.764

mailDomainCatchallAddress

Origin

iPlanet Messaging Server 5.2

Syntax

cis, single-valued (RFC 822 mailbox)

Object Classes

mailDomain

Definition

Specifies an address to be substituted for any address in the domain that doesn’t match any user or group in the domain.

The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_CATCHALL_ADDRESS.

Example
OID

TBD

mailDomainConversionTag

Origin

iPlanet Messaging Server 5.2

Syntax

cis, multi-valued (ASCII string)

Object Classes

mailDomain

Definition

Method of specifying unique conversion behavior for any user in the domain. A message sent to a user in this domain will match any conversion file entries that require the specified value of the tag. (Any string value can be associated with this attribute.)

Tag-specific conversion actions are specified in the MTA configuration.

The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_CONVERSION_TAG.

Example
OID

TBD

mailDomainDiskQuota

Origin

Messaging Server 5.0

Syntax

int, single-valued

Object Classes

mailDomain

Definition

Disk quota, in bytes, for all users in the domain. If domain quota enforcement is activated, then domains exceeding this quota stop receiving more messages until the domain messages no longer exceed the quota. Domain quota enforcement is activated using the command imquotacheck -f -d <domain>.

A value of -1 specifies no limit. This is the default.

Example

mailDomainDiskQuota: 50000000000

OID

2.16.840.1.113730.3.1.766

mailDomainMsgMaxBlocks

Origin

iPlanet Messaging Server 5.2

Syntax

int, single-valued

Object Classes

mailDomain

Definition

Imposes a size limit in units of MTA blocks on all messages sent to addresses in this domain. This limit doesn’t apply to messages sent by users from this domain.

The value of this attribute is overridden by the value of mailMsgMaxBlocks, if set.

The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_BLOCKLIMIT.

Example
OID

TBD

mailDomainMsgQuota

Origin

Messaging Server 5.0

Syntax

int, single-valued

Object Classes

mailDomain

Definition

Quota of number of messages permitted for all users in this domain. If domain quota enforcement is activated, then the domain exceeding this quota will stop receiving more messages until the messages no longer exceed the quota. Domain quota enforcement is activated using the command imquotacheck -f -d <domain>.

Example

mailDomainMsgQuota: 2000000

OID

2.16.840.1.113730.3.1.767

mailDomainReportAddress

Origin

iPlanet Messaging Server 5.2

Syntax

cis, single-valued (RFC 822 mailbox)

Object Classes

mailDomain

Definition

This value is used as the header From: address in DSNs reporting problems associated with recipient addresses in the domain. It is also used when reporting problems to users within the domain regarding errors associated with nonlocal addresses.

If this attribute is not set, the reporting address will default to “postmaster@domain.”

The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_REPORT_ADDRESS.

Example
OID

TBD

mailDomainSieveRuleSource

Origin

iPlanet Messaging Server 5.2

Syntax

cis, single-valued (RFC 3028 sieve filter)

Object Classes

mailDomain

Definition

SIEVE filters are not supported by iPlanet Delegated Administrator.

SIEVE filter for all users in the domain. There are two possible forms for the value of this attribute: a single value that contains the complete sieve script (RFC 3028 compliant), and multiple values, with each value containing a piece of the sieve script (not RFC 3028 compliant).

A script has the following form:

require ["fileinto", "reject"];
# $Rule Info: Order=(1-infinity, or 0 for disabled) Template=(template-name) Name=(rule name)
if header :is "Sender" "owner-ietf-mta-filters@imc.org"
{ fileinto "filter"; # move to "filter" folder }
if header :is "Subject" "SPAM!"
{ delete }

Multi-valued Form

Multiple SIEVE scripts per user can be stored in LDAP. To enable the user interface to handle several smaller rules scripts, rather than one script containing all the domain’s rules, this attribute takes multiple values (that is, multiple rules). The server looks at every rule in mailSieveRuleSource.

To provide ordering and possible user interface editing information, there is an optional SIEVE comment line in each rule. This line has the following format:

# $Rule Info: Order=(1-infinity, or 0 for disabled)

All rules that have a Rule Info line will be processed first by the Messaging Server. If Order=0, then this rule is not used in the SIEVE evaluation. Otherwise, the rules are processed in the order provided (1 having highest priority). To accommodate SIEVE rules that might not have been entered using the Rule Info extension, any other rules found are run by the server, in order received from LDAP after all rules with corresponding order values have been processed.

MTA Override Option

The MTA option that overrides this attribute’s value is LDAP_DOMAIN_ATTR_FILTER.

Example

The following example is correctly formed, but Messaging Server ignores discard and reject text, and does not send a reject or discard reply message.

mailSieveRuleSource:
require ["fileinto", "reject", "redirect", "discard"]
if header :contains "Subject" "New Rules Suggestion
    {redirect "rules@sesta.com" # Forward message }
if header :contains "Sender" "porn.com"
    {discard text:
Your message has been rejected. Please remove this address from your mailing list. # Reject message, send reply message.}
if size :over 1M
    { reject text:
Please do not send large attachments.
Put your file on a server and send the URL.
Thank you. # Discard message, send reply message.}
if header :contains "Sender" "domainadminstrator@sesta.com
    { fileinto complaints.refs # File message}

OID

TBD

mailDomainStatus

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

mailDomain

Definition

Current status of the mail domain. Can be one of the following values: active, inactive, deleted, hold, or overquota. This attribute is the mail service domain status. Missing value implies status is active. An illegal value is treated as inactive.

The following table lists the status values:

Table 3-12  Status Values

Value

Description

active

Mail service is marked as active for all users in this domain and all users in the domain that are marked active (see inetUserStatus and mailUserStatus for more information). However, any restrictions specified in mailAllowedServiceAccess and mailDomainAllowedServiceAccess still apply.

inactive

Mail service for all users in the domain is marked inactive. All user login attempts are rejected and messages sent to them get transient failure messages.

disabled

Mail service for all users in the domain is disabled. All user login attempts are rejected and messages sent to users in this domain result in a permanent failure returned top the sending MTA with text specified by the ERROR_TEST_DISABLED_USER MTA option. If the option is not set, one of the following messages will be used: "user disabled; cannot receive new mail" or “group disabled; cannot receive new mail” (depending on whether it is a user or a group).

deleted

Mail domain is marked as deleted and will be removed during cleanup by the purge utility after the grace period is over. Mailboxes and user’s mail service object classes are included in cleanup.

hold

Messages sent to all users in the domain are redirected to the hold channel. This value is typically used when users in the domain are being moved from one server to another without having to bounce messages back to the sender during the move. In this state, mailboxes can be moved without fear of any lost messages as all incoming messages are sent to the hold channel. Once the move is complete and the state has been changed from hold to active the messages are drained from the hold channel and sent to the MTAs where the user mailboxes now reside.

overquota

The MTA will not accept new messages for any users in the domain until this value is changed back to active.

unused

Specifies that the MTA will ignore this domain. For this domain no email administrative authority is to be assumed. This attribute is used when a domain entry is not using messaging, but is using other applications.

There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.

The MTA option that overrides this attribute’s values is LDAP_DOMAIN_ATTR_STATUS. The LDAP_DOMAIN_ATTR_STATUS option does not affect the message store or Delegated Administrator commadmin utility, which only recognize and use the current value of mailDomainStatus.

Example

mailDomainStatus: active

OID

2.16.840.1.113730.3.1.770

mailDomainWelcomeMessage

Origin

Messaging Server 6.0

Syntax

cis, single-valued

Object Classes

mailDomain

Definition

Welcome message sent to new users added to this domain. ‘$$’ is a carriage return. BNF syntax of this attribute is:

value:: <subjectline>’$’[<opt_headers>]’$$’<body>
subjectline:: ’Subject:’[<TEXT>]
opt_headers::<header_line>’$’[<opt_headers>]
header_line:: <header_name>’:’<TEXT>
header_name:: <TEXT>
body:: [<lines>]
lines:: <line>’$’[<lines>]
line:: <TEXT>

Example

mailDomainWelcomeMessage: Subject: Welcome!!$X-Endorsement: We’re good. $$Welcome to the mail system.

OID

2.16.840.1.113730.3.1.765

mailEquivalentAddress

Origin

iPlanet Messaging Server 5.2

Syntax

cis, multi-valued (RFC 822 addr-spec)

Object Classes

inetMailGroup, inetMailUser

Definition

Equivalent to mailAlternateAddress in regard to mail routing, except with this attribute, the header doesn’t get rewritten.

Note that mailEquivalentAddress is searched for when the system is deciding where to deliver messages, but it is not one of the attributes searched for when doing REVERSE_URL address reversal.

This attribute works only for direct LDAP mode, not with the deprecated imsimta dirsync option.

Example

mailEquivalentAddress: jdoe@sesta.com

mailEquvalentAddress: @sesta.com (catchall domain address)

OID

TBD

mailFolderName

Origin

Sun ONE Messaging Server 6.0

Syntax

cis, single-valued

Object Classes

mailDomain, mailPublicFolder

Definition

This attribute specifies the name of a public folder.

Example

mailFolderName: Announcements

OID

mailForwardingAddress

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetMailUser

Definition

This attribute stores one or more forwarding addresses for inbound messages. Addresses are specified in RFC 822 format. Messages are forwarded to the listed address when mailDeliveryOption: forward is set.

Note that both mailDeiveryOption and this attribute must be set in order to keep the mail system in sync.

Example

mailForwardingAddress: kokomo@sesta.com

OID

2.16.840.1.113730.3.1.17

mailHost

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetLocalMailRecipient

Definition

For a user or group entry, the fully qualified host name of the MTA that is the final destination of messages sent to this recipient. To be deemed local, the user entry must have this attribute, and it must match either the local.hostname configutil attribute, or one of the names specified by the local.imta.hostnamealiases configutil attribute. Otherwise, a new source routed address is generated in the form: @mailhost:user@domain and will be processed through the rewrite rules.

If a user entry does not have this attribute, the generated address will use the mailRoutingSmartHost hostname associated with the domain @smarthost:user@domain. If the domain has no mailRoutingSmartHost attribute, the address is discarded and a 5xx error is reported.

If a group entry does not have this attribute, the group is processed locally.

The MTA option that overrides this attribute’s value is LDAP_MAILHOST.

Example

mailHost: mail.siroe.com

OID

2.16.840.1.113730.3.1.18

mailMessageStore

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Specifies the message store partition name for the user. The mapping between the partition name and the file system location of the store is kept in the message store configuration. If not specified, the default store partition specified in the server configuration is used.

Example

mailMessageStore: secondary

OID

2.16.840.1.113730.3.1.19

mailMsgMaxBlocks

Origin

iPlanet Messaging Server 5.2

Syntax

int, single-valued

Object Classes

inetMailGroup, inetMailUser

Definition

The size in units of MTA blocks of the largest message that can be sent to this user or group. The limit doesn’t apply to messages sent by the user.

If this attribute is set, it overrides the value of mailDomainMsgMaxBlocks.

The MTA option that overrides the attribute’s value is LDAP_BLOCKLIMIT.

Example
OID

TBD

mailMsgQuota

Origin

Messaging Server 5.0

Syntax

int, single-valued

Object Classes

inetMailUser

Definition

Maximum number of messages permitted for a user is set with mailMsgQuota. This is a cumulative count for all folders in the store. Table 3-13 shows the special values and their meanings:

Table 3-13  mailMsgQuota Special Values

Value

Meaning

0

No mail messages allowed

-1

No limit on number of messages allowed

-2

Use system default quota (use of this value is being deprecated)

If this attribute is missing, the system default quota is used. This is defined by the configutil parameter store.defaultmessagequota.

During server configuration, quota enforcement must be turned on for mailMsgQuota to take effect. Both soft and hard quotas can be set. (See the Sun Java System Messaging Server Administration Guide.)

The MTA option override is LDAP_MESSAGE_QUOTA.

Example

mailMsgQuota: 2000

OID

2.16.840.1.113730.3.1.774

mailProgramDeliveryInfo

Origin

Messaging Server 5.0

Syntax

ces, multi-valued

Object Classes

inetMailGroup,inetMailUser

Definition

Specifies one or more programs used for program delivery. These programs have to be on the approved list of programs that the messaging server is permitted to execute for a domain. The attribute value specifies a reference to a program. That reference is resolved from the approved list of programs. The resolved reference also provides the program parameters and execution permissions. Used in conjunction with the mailDeliveryOption: program.

The value of this attribute should be used as the value for the method name (-m value) when running imsimta program.

The program approval process is documented further in the Messaging Server Administrator’s Guide.

The MTA option used to name a different attribute for this function is LDAP_PROGRAM_INFO.

Example

mailProgramDeliveryInfo: procmail

OID

2.16.840.1.113730.3.1.20  

mailPublicFolderDefaultRights

Origin

Sun ONE Messaging Server 6.0

Syntax

cis, multi-valued

Object Classes

mailPublicFolder

Definition

Specifies the access control rights granted for this public folder. Each value of this attribute consists of two parts separated by a space. The two parts are: an identifier, as specified in RFC 2086, and a list of access rights (mod_rights) as follows in Table 3-14.

Table 3-14  Access Rights for a Public Folder

Allowed Characters

Name

Actions Permitted

l

lookup

Mailbox is visible to LIST/LSUB commands.

r

read

SELECT the mailbox, perform CHECK, FETCH, PARTIAL, SEARCH, COPY from mailbox.

s

seen

Keep seen/unseen information across sessions. (STORE SEEN flag)

w

write

STORE flags other than SEEN and DELETED.

i

insert

Perform APPEND, COPY into mailbox.

p

post

Send mail to submission address for mailbox (not enforced by IMAP 4 itself).

c

create

CREATE new sub-maiboxes in any implementation-defined hierarchy.

d

delete

STORE DELETED flag, perform EXPUNGE.

a

administer

Perform SETACL.

Messaging Server’s IMAP ACL implementation also defines the following new identifier:

anyone@domain

where domain is a valid domain.

If the attribute is missing, the default rights specified in the mailPublicFolderDefaultRights attribute from the mailDomain object class will be applied. If mailDomain does not contain this attribute, the following default ACL is set when a public folder is first created:

anyone@domain lrs

where domain is a valid domain.

Group identifiers start with the prefix “group=”. Do not put the group identifier prefix on a userid. The message store’s user creation code checks for this.

Examples

mailPublicFolderDefaultRights: anyone@sesta.com lrs

mailPublicFolderDefaultRights: group: sales@sesta.com lrs

mailPublicFolderDefaultRights: john@sesta.com lrswid

OID

mailQuota

Origin

Messaging Server 5.0

Syntax

int, single-valued

Object Classes

inetMailUser, mailDomain

Definition

Specifies, in bytes, the amount of disk space allowed for the user’s mailbox. The numeric portion of the value is limited to 4294966272. For values approaching of exceeding four gigabytes, use the G suffix instead of specifying the full value as a number. Other valid suffixes are: K for kilobytes, M for megabytes, and G for gigabytes.

Table 3-15

Table 3-15  mailQuota Special Values

Value

Meaning

0

No space allowed for user’s mailbox

-1

No limit on space usage allowed

-2

Use system default quota (use of this value is being deprecated)

shows the special values for this attribute.

The quota value is limited to 4096G because the message store uses a 32 bit unsigned integer to store the quota value.

If the attribute is not specified, the system default quota is used.The system default is specified in the server configuration parameter store.defaultmailboxquota. Setting the configuration parameter store.quotaenforcement to ‘on’ causes the message store to enforce the quota.

Note

LDAP_DISK_QUOTA is the MTA option used to specify a different attribute name for this function.

Example

mailQuota: 4G

or for the system default quota:

mailQuota:

OID

2.16.840.1.113730.3.1.21

mailRejectText

Origin

Messaging Server 5.2

Syntax

ces, multi-valued

Object Classes

inetMailGroup

Definition

The first line of text stored in the first value of this attribute is saved. This text is returned if any of the authentication attributes cause the message to be rejected. Since text can appear in SMTP responses, the value is limited to US-ASCII characters in order to comply with messaging standards.

Note

LDAP_REJECT_TEXT is the MTA option used to specify a different attribute name for this function.

Example
OID

TBD

mailRoutingAddress

Origin

Messaging Server 5.0

Syntax

cis, single valued

Object Classes

inetLocalMailRecipient

Definition

Used together with mailHost to determine whether or not the address should be acted upon at this time or forwarded to another system.

Note

LDAP_ROUTING_ADDRESS is the MTA option used to specify a different attribute name for this function.

Example
OID

2.16.840.1.113730.3.1.24

mailRoutingHosts

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

mailDomain

Definition

Fully qualified host name of the MTA responsible for making routing decisions for users in this (and all contained) domain(s). Unspecified attribute implies all MTAs must route messages for the users/groups of this (and contained) domain(s).

When a domain is found to be nonlocal, the use of this attribute depends on the value of the MTA option ROUTE_TO_ROUTING_HOST:

Since this attribute is multi-valued and the first value the MTA “sees” will be chosen when the option is set to 1, it might be tempting to assume that you can direct the order in which these mail hosts will be used; that is, you might assume you can do a sort of load balancing by ordering the various values of this attribute. But, LDAP does not guarantee that attribute value ordering is preserved, so the first value seen by the MTA might be any of the attribute’s values, not necessarily the first one in the LDAP entry.

You can implement load balancing with a set of MX records for each of the routing host names. Do not attempt to do it with the ordering of this attribute’s values.

LDAP_DOMAIN_AATR_ROUTING_HOSTS is the MTA option used to specify a different attribute name for this function.

Example

mailRoutingHosts: mail.siroe.com

OID

2.16.840.1.113730.3.1.759

mailRoutingSmartHost

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

mailDomain

Definition

Fully qualified host name, or domain-literal IP address, of a mail server responsible for handling mail for users not found in the local directory. Messages sent to users not found in the messaging server’s directory are forwarded to the mail server specified in this attribute. This is useful when making a transition from one mail system to another and all users have not yet been moved over to the messaging server directory. An empty or missing attribute implies the local MTA is responsible for routing and delivering all messages for users in that domain.

This attribute is used by the system only if the domain it cares about is listed in the attribute, otherwise, it is ignored.

Note

LDAP_DOMAIN_ATTR_SMARTHOST is the MTA option used to specify a different attribute name for this function.

Example

mailRoutingSmartHost: mail.siroe.com

mailRoutingSmartHost: 129.148.12.141

OID

2.16.840.1.113730.3.1.760

mailSieveRuleSource

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetMailUser, inetManagedGroup, inetMailGroup

Definition

SIEVE filters are not supported with iPlanet Delegated Administrator for Messaging. Use this with LDAP Schema 2 and Access Manager.

The attribute contains a SIEVE rule (RFC 3028 compliant) used to create a message filter script for a user entry. This attribute can be either single-valued, with the rule containing the complete SIEVE script, or multi-valued, with each rule containing an independently valid piece of the SIEVE script. When there are multiple values, the Web filter construction interface combines the rules into a single SIEVE script using an ordering parameter (Order) found in a #Rule Info: comment.

Note

Note that when the value of Order is a negative number, the value is ignored, and the rule is processed with other unordered SIEVE rules for this entry, but when the value of Order is zero, the rule is disabled and not processed at all.

The script is applied when a message is ready to be enqueued to the delivery channel. Though the SIEVE script is created while the MTA is expanding aliases, it is not used until after the resulting delivery addresses have been expanded and are being sent to the ims-ms, native, autoreply or pipe channels.

A script has the following form:

require ["fileinto", "reject"];
# Rule Info: $Order=(1-infinity, or 0 for disabled) Template=(template-name) Name=(rule name)
if header :is "Sender" "owner-ietf-mta-filters@imc.org"
{ fileinto "filter"; # move to "filter" folder }
if header :is "Subject" "SPAM!"
{ delete }

MTA Option

The MTA option used to name a different attribute for this function is LDAP_FILTER.

Example

mailSieveRuleSource:
require ["fileinto", "reject", "redirect", "discard]
if header :contains "Subject" "New Rules Suggestion
    {redirect "rules@sesta.com" # Forward message }
if header :contains "Sender" "porn.com"
    {discard text:
Your message has been rejected. Please remove this address from your mailing list. # Reject message, send reply message.}
if size :over 1M
    { reject text:
Please do not send me large attachments.
Put your file on a server and send me the URL.
Thank you. # Discard message, send reply message.}
if header :contains "Sender" "barkley@sesta.com
    { fileinto complaints.refs # File message}

OID

2.16.840.1.113730.3.1.775

mailSMTPSubmitChannel

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Most commonly, this attribute is a factor involved in setting up guaranteed message delivery, or in setting up other special classes of service. When defined, this attribute tells the MTA to consider the channel named by this attribute to be the effective submission channel, if the SMTP AUTH is successful.

Example

mailSMTPSubmitChannel: tcp_tas

OID

2.16.840.1.113730.3.1.776  

mailUserStatus

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Current status of the mail user. Can be one of the following values: active, inactive, deleted, hold, overquota, or removed.

A missing value implies status is active. An illegal value is treated as inactive.

Table 3-16  Mail User Status

Status Value

Description

active

Normal state. If inetUserStatus is also active, then mail is processed as per the values stored in other user attributes (such as mailDeliveryOption, mailSieveRuleSource, and so on). If not set to active, the status from inetUserStatus takes precedence. Other status attributes taken into consideration are inetDomainStatus and mailDomainStatus. If the combination of inetDomainStatus and mailDomainStatus permits mail delivery and access for the domain, the user state is determined from inetUserStatus and mailUserStatus.

inactive

The user’s mail account is inactive. A transient failure is returned to the sending MTA.

disabled

User's mail account is disabled. Messages sent to the user result in a permanent failure returned to the sending MTA with text specified by the ERROR_TEST_DISABLED_USER MTA option. If option is not set, the message "user disabled; cannot receive new mail" will be used.

deleted

The user’s mail account is marked to be deleted from the message store. A permanent failure is returned to the sending MTA and the user’s mail account is a candidate for cleanup by the msuser purge utility. User access to the mailbox is blocked. After msuser purge deletes the mail account from the message store, it sets the value of mailUserStatus to removed.

removed

The user entry is marked to be deleted from the LDAP directory. A permanent failure is returned to the sending MTA. User access to the mailbox is blocked. This setting allows the Access Manager commadmin domain purge command to delete the user entry from the LDAP directory.

hold

User’s mail is sent to the hold queue and access to the mailbox over IMAP, POP, and HTTP is disallowed. MTA and Message Access Servers on the store server must comply with this requirement. This setting overrides any other mailDeliveryOption settings.

overquota

The MTA will not deliver mail to a mailbox with this status.

There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.

Note

LDAP_USER_STATUS is the MTA option that overrides the mailUserStatus attribute. The LDAP_USER_STATUS option does not affect the message store or Delegated Administrator commadmin utility, which only recognize and use the current value of mailUserStatus.

Example

mailUserStatus: active

OID

2.16.840.1.113730.3.1.778

maxPabEntries

Origin

Messaging Server 5.0

Syntax

int, single-valued

Object Classes

ipUser

Definition

Specifies the maximum number of personal address book entries users are permitted to have in their personal address book store. A value of -1 implies there is no limit. If this attribute is not present then the system default specified in the personal address book configuration is used.

Example

maxPabEntries: 1000

OID

2.16.840.1.113730.3.1.705

memberOf

Origin

Messaging Server 5.0, deprecated in Messaging Server 6.0 for inetUser; Access Manager

Syntax

dn, multi-valued

Object Classes

inetAdmin, inetUser

Definition

For LDAP Schema 2, this attribute decorates inetAdmin, and specifies the DN of an assignable dynamic group to which a user belongs. It is used as the default well-known filtered attribute used in conjunction with mgrpDeliverTo to search for assignable dynamic group members.

This attribute is deprecated for inetUser in Messaging Server 6.0 and is likely to be removed from the inetUser object class in future versions of the schema.

For LDAP Schema 1, this attribute specifies the DN of a mailing list to which a user belongs, indicating static group membership as a backpointer.

Example

memberOf: cn=Administrators,ou=groups o=sesta.com,o=basedn

OID

1.2.840.113556.1.2.102

memberOfPAB

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

pabPerson, pabGroup

Definition

The unique name (un) of the personal address book(s) in which this entry belongs.

Example

memberOfPAB:addressbook122FA7

OID

2.16.840.1.113730.3.1.718  

memberOfPABGroup

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

pabPerson

Definition

Unique name of the personal group(s) in which this user belongs.

Example

memberOfPabGroup:testgroup15577F2D

OID

2.16.840.1.113730.3.1.719

memberURL

Origin

Messaging Server 5.2

Syntax

ces, multi-valued

Object Classes

inetMailGroup

Definition

A list of URLs, which, when expanded, provides a list of mailing list member addresses.

This is the preferred way to specify a dynamic mailing list. Alternately, you can use mgrpDeliverTo.

The MTA option used to override this attribute’s value is LDAP_GROUP_URL2.

Example

memberURL:ldap://cn=jdoes, o=sesta.com

OID

2.16.840.1.113730.3.1.198

mgrpAddHeader

Origin

Netscape Messaging Server

Syntax

ces, multi-valued

Object Classes

inetMailGroup

Definition

Each attribute value specifies a header field that is to be added to the message header if it is present.

For the MTA, the values of these attributes are headers, which are used to set header-trimming ADD options.

Note

LDAP_ADD_HEADER is the MTA option used to specify a different attribute name for this function.

Example

mgrpAddHeader:Reply-To: thisgroup@sesta.com

OID

2.16.840.1.113730.3.1.781  

mgrpAllowedBroadcaster

Origin

Messaging Server 5.0

Syntax

ces, multi-valued

Object Classes

inetMailGroup

Definition

Identifies mail users allowed to send messages to the mail group. The Messaging Server expects this attribute to contain either a distinguished name or an RFC822address using an LDAP URI or a mailto address (see example). If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. (That is, the group entry must contain an email address in one of the following attributes: mail, mailAlternateAddress, mailEquivalentAddress.) If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain and mgrpDisallowedDomain attributes are used.

If multi-valued, each URL is expanded into a list of addresses and each address is checked against the current envelope “from” address. The message is allowed if there is a match.

To specify that only the members of this group can post to the group, use the group name as the value of the attribute.

If none of the attribute values is a valid URL, or none of the members of the group specified in the attribute value have a valid URL, then the message will bounce.

Note

LDAP_AUTH_URL is the MTA option used to specify a different attribute name for this function.

Example

mgrpAllowedBroadcaster: ldap:///uid=bjensen,o=siroe.com

mgrpAllowedBroadcaster:mailto:group1@siroe.com

OID

2.16.840.1.113730.3.1.22

mgrpAllowedDomain

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetMailGroup

Definition

Identifies domains (including subdomains) from which users are allowed to send messages to the mail group. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster, and mgrpDisallowedDomain attributes are used.

Note

LDAP_AUTH_DOMAIN is the MTA option used to specify a different attribute name for this function.

Example

mgrpAllowedDomain:siroe.com

This matches any user sending from *.siroe.com.

OID

2.16.840.1.113730.3.1.23  

mgrpAuthPassword

Origin

Messaging Server 5.0

Syntax

ces, single-valued

Object Classes

inetMailGroup

Definition

Specifies a password needed to post to the list.

The presence of this attribute forces a reprocessing pass. As the message is enqueued to the reprocessing channel, the password is taken from the header and placed in the envelope. Then, while reprocessing, the password is taken from the envelope and checked against this attribute. Only passwords that are actually used are removed from the header field.

This allows for routing to the moderator in the event of a password failure.

Note

LDAP_AUTH_PASSWORD is the MTA option used to specify a different attribute name for this function.

Example

OID

2.16.840.1.113730.3.1.783

mgrpBroadcasterPolicy

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailGroup

Definition

Policy for determining allowed broadcaster. It specifies the level of authentication required to access the list of broadcaster addresses. The allowed values are:

Note

LDAP_AUTH_POLICY is the MTA option used to specify a different attribute name for this function.

Example

mgrpBroadcasterPolicy:AUTH_REQ

OID

2.16.840.1.113730.3.1.3

mgrpDeliverTo

Origin

Messaging Server 5.0

Syntax

ces, multi-valued

Object Classes

inetMailGroup

Definition

Used as an alternative method of specifying mail group membership. This can be used to create a dynamic mailing list.

The preferred attribute to use for specifying dynamic mail group is memberURL.

The values of this attribute are a list of URLs, which, when expanded, provides mailing list member addresses.

Messaging Server expects this attribute to contain an LDAP URL using the format described in RFC 1959. Any entries returned by the resulting LDAP search are members of the mailing group. There is a hard limit on the length of the search filter of 1024 bytes.

Note

LDAP_GROUP_URL1 is the MTA option used to specify a different attribute name for this function.

Example

This example returns all users in the United States Accounting department for Sesta corporation.

mgrpDeliverTo: ldap:///ou=Accounting,o=Sesta,c=US??sub?
(&(objectClass=inetMailUser)(objectClass=inetOrgPerson))

OID

2.16.840.1.113730.3.1.25

mgrpDisallowedBroadcaster

Origin

Messaging Server 5.0

Syntax

ces, multi-valued

Object Classes

inetMailGroup

Definition

Identifies mail users not allowed to send messages to the mail group. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain and mgrpDisallowedDomain attributes are used.

Messaging Server expects this attribute to contain either a distinguished name or an RFC822address. If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. (That is, the group entry must contain an email address in one of the following attributes: mail, mailAlternateAddress, mailEquivalentAddress.) The distinguished name must be represented in the form of an LDAP URL as described in RFC 1959.

If multi-valued, each URL is expanded into a list of addresses and each address is checked against the current envelope “from” address. The message is disallowed if there is a match.

Note

LDAP_CANT_URL is the MTA option used to specify a different attribute name for this function.

Example

mgrpDisallowedBroadcaster: ldap:///uid=bjensen, o=sesta.com

mgrpDisallowedBroadcaster: mailto:sys50@sesta.com

OID

2.16.840.1.113730.3.1.785

mgrpDisallowedDomain

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetMailGroup

Definition

Identifies domains from which users are not allowed to send messages to the mail group. This attribute is a private extension used by Messaging Server to manage mailing lists. If this attribute exists, then messages from listed domains are rejected. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster, and mgrpAllowedDomain attributes are used.

Note

LDAP_CANT_DOMAIN is the MTA option used to specify a different attribute name for this function.

Example

mgrpDisallowedDomain:sesta.com

OID

2.16.840.1.113730.3.1.784

mgrpErrorsTo

Origin

Messaging Server 5.0

Syntax

ces, single-valued

Object Classes

inetMailGroup

Definition

Recipient of error messages generated when messages are submitted to this list. Recipient’s address can be specified using the mailto syntax, which includes an RFC 822 email address preceded by the keyword “mailto:” or simply an RFC 822 email address. Also supports LDAP URL syntax. However, if an LDAP URL is used, it must be one that produces a single address.

The envelope originator (MAIL FROM) address is set to the value of this attribute.

Note

LDAP_ERRORS_TO is the MTA option used to specify a different attribute name for this function.

Examples:

Example 1: mgrpErrorsTo:mailto:jordan@siroe.com
Example 2: mgrpErrorsTo: ldap:///uid=ofanning,ou=people,o=siroe.com,o=isp

OID

2.16.840.1.113730.3.1.26

mgrpModerator

Origin

Messaging Server 5.0

Syntax

ces, multi-valued

Object Classes

inetMailGroup

Definition

LDAP URI or mailto URL identifying the moderators allowed to submit messages to this list. Only those messages that are submitted by the moderator are sent to the members of this list. Messages submitted by others are forwarded to the moderators for approval and resubmitting.

The URLs given as the value of this attribute are expanded into a series of addresses, and then compared with the envelope “from” address. If there is a match, group processing continues. If there is no match, the value of this attribute becomes the group URL, any list of RFC 822 addresses or DNs associated with the group is cleared, the delivery options for the group are set to “members,” and there is no further group processing for the failed URL (subsequent group attributes are ignored).

Note

LDAP_MODERATOR_URL is the MTA option used to specify a different attribute name for this function.

Example

mgrpModerator: mailto:jordan@sesta.com

OID

2.16.840.1.113730.3.1.33

mgrpMsgMaxSize

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailGroup

Definition

Maximum message size in bytes that can be sent to the group. Messaging Server expects zero or one instance of this attribute to exist for every mailGroup entry. If no entry exists, then no size limit is imposed on mail to the group.

This attribute is obsolete, but still supported for backwards compatibility. Use mailMsgMaxBlocks instead.

Note

LDAP_ATTR_MAXIMUM_MESSAGE_SIZE is the MTA option used to specify a different attribute name for this function.

Example

mgrpMsgMaxSize:8000

OID

2.16.840.1.113730.3.1.3

mgrpMsgPrefixText

Origin

Not implemented.

Syntax

UTF-8 text, single-valued

Object Classes

inetMailGroup

Definition

Specifies the text to be added to the beginning of the message text. You must supply the formatting. That is, you must insert CRLF where they belong in the text.

Note

LDAP_PREFIX_TEXT is the MTA option used to specify a different attribute name for this function.

Example

OID

TBD

mgrpMsgRejectAction

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailGroup

Definition

Identifies the action to be taken when a email sent to a mail group is rejected. The Messaging Server may reject mail for the following reasons:

This attribute takes two values: reply and toModerator:

reply – The system produces an SMTP error, which is also the default if the attribute is not set. The text of the failure notice is stored in the mgrpMsgRejectText attribute.

toModerator – The mail is forwarded to the moderator for processing. The moderator is identified by the mgrpModerator attribute.

Note

LDAP_REJECT_ACTION is the MTA option used to specify a different attribute name for this function.

Example

mgrpMsgRejectAction: reply

OID

2.16.840.1.113730.3.1.28

mgrpMsgRejectText

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailGroup

Definition

Specifies the error text to use int he event of a group access failure. Because this text may appear in SMTP responses, this restricts the text to a single line of US-ASCII. This is implemented by reading only the first line of text in this attribute and using it only if it contains no 8-bit characters. (This is a limitation of the SMTP protocol.)

Example

OID

2.16.840.1.113730.3.1.29

mgrpMsgSuffixText

Origin

Not implemented.

Syntax

UTF-8 text, single valued

Object Classes

inetMailGroup

Definition

Specifies the text to be appended to the text message. You must supply the formatting. That is, you must insert any CRLFs (carriage return, line feeds) that belong in the text.

Note

LDAP_SUFFIX_TEXT is the MTA option used to specify a different attribute name for this function.

Example

OID

TBD

mgrpNoDuplicateChecks

Origin

Messaging Server 5.0, not implemented going forward for Messaging Server 5.2

Syntax

cis, single-valued

Object Classes

inetMailGroup

Definition

This attribute is no longer supported. Duplicate checking is controlled by characteristics of the lists themselves. Some lists combine and some lists don’t.

Old definition: Prevents Messaging Server from checking for duplicate delivery to members of the mail group. Prevents multiple deliveries if a user is on multiple lists. No means the system checks for duplicate delivery. Yes means the system does not check for duplicate delivery.

Example

mgrpNoDuplicateChecks: yes

OID

2.16.840.1.113730.3.1.789

mgrpRemoveHeader

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetMailGroup

Definition

Each attribute value specifies a header field that is to be removed from the message header, if present.

Turns the headers specified into header trimming MAXLINES=-1 options.

Note

LDAP_REMOVE_HEADER is the MTA option used to specify a different attribute name for this function.

Example

OID

2.16.840.1.113730.3.1.801

mgrpRequestTo

This attribute has been removed from the schema. It is no longer supported. It only worked for dirsync mode, which was deprecated in Messaging Server 5.2.

mgrpRFC822MailMember

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetMailGroup

Definition

Identifies recipients of mail sent to mail group. Mail sent to both this attribute and uniqueMember attributes are not members of the mixed-in groupOfUniqueNames. This attribute represents mail recipients that cannot be expressed as distinguished names, or who are to be sent mail from this group but who do not have the full privileges of a unique group member. Messaging Server expects this attribute to contain RFC 822 mail addresses. Generally used for group members who are not in the local directory.

For backwards compatibility, rfc822MailMember is also supported. You can use either one or the other of these attributes in any given group, but not both.

Note

LDAP_GROUP_RFC822 is the MTA option used to specify a different attribute name for this function.

Example

mgrpRFC822MailMember:bjensen@siroe.com

OID

2.16.840.1.113730.3.1.30

msgVanityDomain

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

msgVanityDomainUser

Definition

This attribute and the object class using it are deprecated in the current release, and may not be supported in future releases. Sites should stop using this feature and consider migrating current vanity domains to hosted domains.

Example
OID

2.16.840.1.113730.3.1.799

multiLineDescription

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

inetMailUser

Definition

Detailed description of the distribution list. A dollar sign (“$”) creates a new line.

Example

multiLineDescription:People who like cats. $And are ambivalent about people.

OID

1.3.6.1.4.1.250.1.2

nickName

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

pabPerson, pabGroup

Definition

Identifies the short name used to locate a pabPerson or a pabGroup entry.

Example

nickname:Nick

OID

2.16.840.1.113730.3.1.720

nswcalDisallowAccess

Origin

Netscape™ Calendar Hosting Server

Syntax

cis, single

Object Classes

icsCalendarUser

Definition

Lists the calendar protocols not allowed to be used by this user.

Example

OID

2.16.840.1.113730.3.1.539

nswmExtendedUserPrefs

Origin

Messaging Server 5.0

Syntax

cis, multi-valued

Object Classes

inetMailUser

Definition

This attribute holds the pairs that define Messenger Express preferences such as sort order, Mail From address, and so on. Each instance of this attribute is the tuple pref_name=pref_value. This is a proprietary syntax and the example below is for illustrative purposes only.

Example

Example 1: nswmExtendedUserPrefs: meColorSet=4
Example 2: nswmExtendedUserPrefs: meSort=r
Example 3: nswmExtendedUserPrefs: meAutoSign=True
Example 4: nswmExtendedUserPrefs: meSignature=Otis
Fanning$ofanning@sesta.com
Example 5: nswmExtendedUserPrefs: meDraftFolder=Drafts

OID

2.16.840.1.113730.3.1.520

o

Origin

Messaging Server 5.0

Syntax

cis, single valued

Object Classes

pabPerson

Definition

Name of the user’s company or organization. Abbreviation of organizationName.

Example

organizationName:Company22 Incorporated

or

o:Company22 Incorporated

OID

2.5.4.10

objectClass

Origin

Messaging Server 5.0

Syntax

cis

Object Classes

inetAdmin, organization

Definition

Specifies the objects for this object class.

Example

objectClass:person

OID

2.5.4.0

organizationName (see o)

organizationUnitName (see ou)

ou

Origin

Messaging Server 5.0

Syntax

cis, single valued

Object Classes

organizationalUnit,pabPerson

Definition

Name of the organization unit to which the user belongs. Abbreviation for organizationUnitName.

Example

organizationUnitName:docs

or

ou:docs

OID

2.16.840.1.113730.3.1.722  

owner

Origin

Messaging Server 5.0

Syntax

dn, single-valued

Object Classes

inetOrgPerson

Definition

Identifies the distinguished name (DN) of the person or group with administrative privileges over the entry.

Example

owner: cn=John Smith,o=Sesta,c=US

OID

2.5.4.32

pabURI

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

ipUser

Definition

LDAP URI specifying the container of the personal address book entries for this user. It takes the following form: ldap://server:port/container_dn, where:

Example

pabURI: ldap://ldap.siroe.com:389/ou=ed,ou=people,o=sesta.com,o=isp,o=pab

OID

2.16.840.1.113730.3.1.703

parentOrganization

Origin

Messaging Server 6.0, Calendar Server 6.0

Syntax

cis, single-valued

Object Classes

sunManagedSubOrganization

Definition

Specifies the logical parent of a suborganization. The value of this is the DN of the parent organization or parent suborganization.

Example

parentOrganization:o=sesta,o=com,o=internet

OID

postalAddress

Origin

LDAP

Syntax

cis

Object Classes

icsCalendarResource, organization, organizationalUnit

Definition

Identifies the entry’s mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($).

To represent an actual dollar sign (“$”) or back slash (“\”) within this text, use the escaped hex values, \24 and \5c respectively. For example, to represent the string:

The dollar ($) value can be found
in the c:\cost file.

provide the string:

The dollar(\24) value can be found$in the c:\5ccost file.

Example

postalAddress:123 Oak Street$Anytown, CA$90101

OID

2.5.4.16

preferredLanguage

Origin

Messaging Server 5.0, Calendar Server, Directory Server

Syntax

RFC 2798, cis, single-valued

Object Classes

icsCalendarUser, inetMailGroup, inetOrgPerson, iPlanetPreferences, mailDomain

Definition

Preferred written or spoken language for a person. The value for this attribute should conform to the syntax for HTTP Accept-Language header values.

Messaging Server uses this attribute to figure the locale. It does not use the locale specified with iPlanetPreferences.

Also used by Access Manager in user LDAP entries to store a user’s preferred language. Note that only Access Manager uses the iPlanetPreferences object class to host this attribute.

Table 3-17 lists the supported language strings:

Table 3-17  Language Strings for preferredLanguage Attribute

Language String

Language

de

German

en

English

es

Spanish

fr

French

ja

Japanese

ko

Korean

zh-CN

Chinese - People’s Republic of China

zh-TW

Chinese - Taiwan

Example

preferredLanguage:en

OID

2.16.840.1.113730.3.1.39

preferredMailHost

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

mailDomain

Definition

If you are provisioning an LDAP Schema 2 directory with Communications Services 6 2005Q1 Delegated Administrator:

If you are provisioning an LDAP Schema 1 directory with iPlanet Delegated Administrator, use the following definition:

Used to set the mailHost attribute of newly created users in this mail domain. When a user is created, the mailHost attribute of the user entry is filled by the value of preferredMailHost.

Example

preferredMailHost:mail.siroe.com

OID

2.16.840.1.113730.3.1.761

preferredMailMessageStore

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

mailDomain

Definition

If you are provisioning an LDAP Schema 2 directory with Communications Services 6 2005Q1 Delegated Administrator:

If you are provisioning an LDAP Schema 1 directory with iPlanet Delegated Administrator, use the following definition:

Used to set the mailMessageStore attribute of newly created users. If missing, Delegated Administrator leaves the mailMessageStore attribute empty and the access server assumes that the user’s mailbox is in the default partition of the server instance.

Example

preferredMailMessageStore: primary

OID

2.16.840.1.113730.3.1.762

seeAlso

Origin

LDAP

Syntax

dn

Object Classes

groupOfUniqueNames, organization, organizationalUnit

Definition

Identifies another LDAP entry that may contain information related to this entry.

Example

seeAlso: cn=Quality Control Inspectors,ou=manufacturing,o=Company22, c=US

OID

2.5.4.34

sn

Origin

LDAP

Syntax

cis

Object Classes

icsCalendarUser

Definition

Identifies the entry’s surname, also referred to as last name or family name.

Example

surname:jones

OID

2.5.4.4

telephoneNumber

Origin

LDAP

Syntax

tel

Object Classes

domain, organization, organizationalUnit

Definition

Identifies the entry’s phone number.

Example

telephoneNumber:800-555-1212

OID

2.5.4.20

uid

Origin

Calendar Server 5.0, Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

icsCalendarResource, icsCalendarUser

Definition

Identifies the unique identifier for this user or resource within its relative namespace. All valid user and resource entries must have a uid attribute. Group entries may have a uid.

For Messaging Server, the uid is used to generate the user address to pass to the delivery channel. If a user entry does not have a uid attribute, the entry is ignored. If multiple uid attributes exist in an entry, only the first one is used. The MTA used to override this attribute’s value is LDAP_UID.

Example

uid:jdoe

OID

0.9.2342.19200300.100.1.1

un

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

pabPerson, pabGroup, pab

Definition

Unique name assigned to PAB entry. This is also the naming attribute for entries created by this object class and is used to form the DN of all PAB entries, irrespective of the type (pab, pabPerson, or pabGroup).

Example

un:Nick

OID

2.16.840.1.113730.3.1.717

uniqueMember

Origin

Messaging Server 5.0

Syntax

dn, multi-valued

Object Classes

groupOfUniqueNames

Definition

Identifies a member of a static group. Each member of the group is listed in the group’s LDAP entry using this attribute.

Example

uniqueMember: uid=jdoe,ou=People,o=sesta.com,o=basedn
uniqueMember: uid=rsmith,ou=People,o=sesta.com,o=basedn

OID

2.5.4.50

userId (see uid)

userPassword

Origin

Messaging Server 5.0

Syntax

bin, single-valued

Even though RFC 2256 defines this attribute as multi-valued, for Sun Java™ System products, only one value is allowed.

Object Classes

inetUser, domain, organization, organizationalUnit

Definition

This attribute identifies the entry’s password and encryption method in the following format:

{encryption method}encrypted password

Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality. Transfer of cleartext may result in disclosure of the password to unauthorized parties.

Example

userPassword:{sha}FTSLQhxXpA05

OID

2.5.4.35

vacationEndDate

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

userPresenceProfile

Definition

Vacation end date and time. Date is in the following format: YYYYMMDDHHMMSSZ; where YYYY is the four digit year, MM is the two digit month, DD is the two digit day, HH is the two digit hour, and SS is the two digit second. Time is normalized to GMT. Z is the character Z.

When the current date falls outside the range of dates specified by the attributes vacationStartDate and vacationEndDate, then any delivery options (in the DELIVERY_OPTIONS list) prefixed with “^” are removed from the active set of options. For example, if one of the DELIVERY_OPTIONS is “^*autoreply” and today’s date falls outside the vacation date range, then the option is removed from the active options list. Otherwise, the autoreply delivery option is activated.

Example

vacationEndDate:20000220000000Z

OID

2.16.840.1.113730.3.1.708

vacationStartDate

Origin

Messaging Server 5.0

Syntax

cis, single-valued

Object Classes

userPresenceProfile

Definition

Vacation start date and time. Date is in the following format: YYYYMMDDHHMMSSZ; where YYYY is the four digit year, MM is the two digit month, DD is the two digit day, HH is the two digit hour, and SS is the two digit second. Time is normalized to GMT. Z is the character Z.

Example

vacationStartDate:20000215000000Z

OID

2.16.840.1.113730.3.1.707

mgrpErrorsTo

Origin

Messaging Server

Syntax

cis, single-valued

Object Classes

inetMailGroup

Definition

The mgrpErrorsTo attribute specifies either an email address or a URL,which is resolved to produce an address. The address is placed in the MAIL FROM (envelope from) field of all messages the list produces. Additionally, the presence of the mgrpErrorsTo attribute causes the MTA to treat the group as a full-fledged mailing list and not as a simple autoforwarder. The basic purpose of the MAIL FROM address is to create a place to send reports of message delivery problems. As such, the main effect of mgrpErrorsTo is to cause errors delivering list mail to be directed to the mgrpErrorsTo address.

Example

mgrpErrorsTo=mgrperrors.log@siroe.com

OID

2.16.840.1.113730.3.1.26



Previous      Contents      Index      Next     

Copyright 2005 Sun Microsystems, Inc. All rights reserved.