Sun Java System Communications Services 6 2005Q1 Schema Reference Guide |
Chapter 5
Classes and Attributes Used by Communications Services Delegated Administrator (Schema 2)This chapter describes LDAP Schema 2 object classes and attributes used by Communications Services 6 2005Q1 Delegated Administrator.
Communications Services 6 2005Q1 Delegated Administrator provides a console and a command-line utility (commadmin) for provisioning Messaging Server users in an LDAP Schema 2 directory.
Note
To provision Messaging Server users in an LDAP Schema 1 directory, you must use iPlanet Delegated Administrator, a deprecated tool. For information about object classes and attributes used by iPlanet Delegated Administrator, see Chapter 6, "Classes and Attributes Used by iPlanet Delegated Administrator (Schema 1)."
The chapter is divided into two sections:
The object classes and attributes are listed alphabetically.
Object ClassesThe following object classes are used by Delegated Administrator to provision users in an LDAP Schema 2 directory:
sunDelegatedOrganizationSupported by
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Definition
Object class that defines the properties of a business organization. For example, one property of sunDelegatedOrganization can designate a list of domain names the business organization can use for its users. Also, it can define the list of services designated by the provider organization, as available to the business organization, to be assigned to the users.
Superior Class
top
Object Class Type
auxiliary
OID
oid-sunDelegatedOrganization
Required Attributes
sunOrgType
Allowed Attributes
sunAvailableServices, sunAvailableDomainNames, sunMaxUsers, sunNumUsers, sunMaxGroups, sunNumGroups, sunEnableGAB, sunAllowMultipleServices, sunOrganizationSkin
sunMailOrganizationSupported by
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Definition
Object class to be added to a shared business organization that has mail service. sunMailOrganization adds two attributes (preferredMailHost and preferredMailMessageStore) that specify the mail host and message store partition where mail is stored for all users in the business organization.
You can only add the sunMailOrganization object class to a shared business organization (defined as shared with the sunOrgType attribute).
Do not add sunMailOrganization to a full domain business organization (defined as full with the sunOrgType attribute). For a full domain business organization, add the mailDomain object class, which also uses the preferredMailHost and preferredMailMessageStore attributes for provisioning the preferred mail host and message store for the domain.
Superior Class
top
Object Class Type
auxiliary
OID
oid-sunMailOrganization
Required Attributes
none
Allowed Attributes
preferredMailHost, preferredMailMessageStore
sunManagedLocationSupported by
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Definition
Object class to be added to the user/group root suffix. This class maintains a pointer (in the form of a DN) to the location of the Business Organization Tree and Residential Tree. For example, o=Business and o=Residential, respectively.
Superior Class
top
Object Class Type
auxiliary
OID
oid-sunManagedLocation
Required Attributes
none
Allowed Attributes
sunBusinessRoot, sunResidentialRoot, sunServicesRoot
sunManagedProviderSupported by
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Definition
Object class used for storing the properties of a provider organization. Following are some of the properties maintained by sunManagedProvider:
Superior Class
top
Object Class Type
auxiliary
OID
oid-sunManagedProvider
Required Attributes
None
Allowed Attributes
sunAllowBusinessOrgType, sunBusinessOrgBase, sunIncludeServices, sunExcludeServices, sunAssignableDomains, sunAllowMultipleDomains, sunProviderOrgDN
sunSharedDomainSupported by
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Definition
Object class to designate a domain that can be shared across multiple business organizations (such as sesta.com).
The sunSharedDomain object class can designate a hosted domain as a shared domain. Underneath this shared domain, there can be multiple Provider Organizations. Under the Provider Organizations you can create multiple Business Organizations, all sharing the same namespace as the shared domain.
Superior Class
top
Object Class Type
auxiliary
OID
oid-sunSharedDomain
Required Attributes
none
Allowed Attributes
none
AttributesThe following attributes are used by Delegated Administrator to provision users in an LDAP Schema 2 directory:
mailParentalControlOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, single-valued
Object Class
Definition
Set to true when parental control is enabled for a user.
Messaging Server uses sieve rules to implement parental control (the ability of a family administrative account to specify mail delivery rules for one or more sub-accounts).
Parental control rules are stored in the family group entry (implemented by using mailSieveRuleSource as an attribute of the inetManagedGroup object class). When a head of family specifies parental control rules, the rules are transformed to sieve rules and stored in the family group entry.
When a sub-account is tagged for parental control, the DN of the family group entry is stored in the sub-account’s user entry (implemented with the mailSieveRuleRef attribute). In addition, the mailParentalControl attribute is set to true.
Allowed values: true, false
Default value: false
Example
mailParentalControl: true
OID
oid-mailParentalControl
mailSieveRuleRefOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
dn, single-valued
Object Class
Definition
Specifies the DN of an LDAP entry. The referenced LDAP entry can contain additional mail filters in the entry’s mailSieveRuleSource attribute. Sieve rules specified in the referenced LDAP entry are applied before sieve rules specified in this user entry. This reference is used only when the mailParentalControl attribute is set to true.
Example
mailSieveRuleRef: cn=Sample Family Group,o=groups,
o=Residential,o=userGroupRootOID
oid-mailSieveRuleRef
preferredMailHostOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, single-valued
Object Classes
Definition
If you are provisioning an LDAP Schema 2 directory with Communications Services 6 2005Q1 Delegated Administrator, use the following definition:
Sets the mail host name for new users in this business organization. When a user is created, the mailHost attribute of the user entry is filled by the value of preferredMailHost.
The preferredMailHost attribute is required when the business organization has a mail service.
If this is a full business organization, preferredMailHost is an attribute of the mailDomain object class. If this is a shared business organization, preferredMailHost is an attribute of the sunMailOrganization object class.
If you are provisioning an LDAP Schema 1 directory with iPlanet Delegated Administrator:
See preferredMailHost for a definition of how to use this attribute with Schema 1.
Example
preferredMailHost: mail.siroe.com
OID
2.16.840.1.113730.3.1.761
preferredMailMessageStoreOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, single-valued
Object Classes
Definition
If you are provisioning an LDAP Schema 2 directory with Communications Services 6 2005Q1 Delegated Administrator, use the following definition:
Sets the message store partition name for new users in this business organization. When a user is created, the mailMessageStore attribute of the user entry is filled by the value of preferredMailMessageStore.
If the preferredMailMessageStore attribute is missing, Delegate Administrator leaves the mailMessageStore attribute empty and the access server assumes that the user’s mailbox is in the default partition of the server instance.
If this is a full business organization, preferredMailMessageStore is an attribute of the mailDomain object class. If this is a shared business organization, preferredMailMessageStore is an attribute of the sunMailOrganization object class.
If you are provisioning an LDAP Schema 1 directory with iPlanet Delegated Administrator:
See preferredMailMessageStore for a definition of how to use this attribute with Schema 1.
Example
preferredMailMessageStore: primary
OID
2.16.840.1.113730.3.1.762
psIncludeInGABOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, single-valued
Object Class
Definition
Includes this user in the Global Address Book (GAB) and gives this user access to the Global Address Book.
Allowed values: true, false
Default value: true
Example
psIncludeInGAB: false
OID
oid-psIncludeInGAB
sunAllowBusinessOrgTypeOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, multivalued
Object Class
Definition
Defines the types of business organizations this provider administrator can create.
This is a required attribute.
Allowed values:
- shared —Designates a business organization that is assigned to a shared domain. Multiple business organizations can be part of a shared domain. The business organization being created shares its namespace with the other organizations in the domain.
- full —Designates a business organization that is a full-fledged domain with an authorized domain name and its own unique namespace.
The sunAllowBusinessOrgType attribute can enable the provider to create
Example
sunAllowBusinessOrgType: shared
sunAllowBusinessOrgType: fullOID
oid-sunAllowBusinessOrgType
sunAllowMultipleDomainsOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, single-valued
Object Class
Definition
Determines whether this provider organization can create business organizations that permit multiple domain names or a single domain name for their users.
The sunAllowMultipleDomains attribute applies only to business organizations created in shared domains. If a business organization is created as a domain with its own namespace, it can always have multiple domain names specified with the associatedDomain attribute.
If the sunAllowMultipleDomains attribute is not present, the LDAP semantics allow multiple domain names for the users of the business organizations. (The default value is true.)
Allowed values: true, false
Example
sunAllowMultipleDomains: true
OID
oid-sunAllowMultipleDomains
sunAllowMultipleServicesOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, single-valued
Object Class
Definition
NOTE: This attribute is not being used for this release.
Enables you to assign multiple classes-of-service to users in this business organization.
Allowed values: true, false
Default value: true
If sunAllowMultipleServices has a value of false, users in this business organization can have at most one class-of-service.
Example
sunAllowMultipleServices: false
OID
oid-sunAllowMultipleServices
sunAssignableDomainsOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, multivalued
Object Class
Definition
Specifies a list of domain names the provider administrator can choose from when assigning domains to business organizations in this provider organization. This list is derived from the domain names specified in the sunPreferredDomain and associatedDomain attributes of the parent or ancestor shared domain node.
If the sunAssignableDomains attribute is not present, all of the sunPreferredDomain and associatedDomain attributes are available to be assigned to business organizations by this provider.
Example
sunAssignableDomains: sesta.com
sunAssignableDomains: siroe.com
sunAssignableDomains: varius.comOID
oid-sunAssignableDomains
sunAvailableDomainNamesOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, multivalued
Object Class
Definition
Specifies a list of domain names available for use by the business organization. This list is a subset of domain names derived from the sunAssignableDomains attribute in the provider organization.
If the sunAvailableDomainNames attribute is not present, all domains from the sunAssignableDomains attribute in the provider organization are available for use by this business organization.
Example
sunAvailableDomainNames: sesta.com
sunAvailableDomainNames: siroe.comOID
oid-sunAvailableDomainNames
sunAvailableServicesOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, multivalued
Object Class
Definition
Specifies a list of classes-of-service available to the business organization for its users. Also specifies the number of instances of each named class-of-service.
This is a required attribute.
Format
servicename:number
or
servicename
If you specify servicename only—if you do not specify the number of services—an unlimited number of that service is available to the business organization.
Example
sunAvailableServices: Gold:10
sunAvailableServices: SilverIn this example, 10 Gold services and an unlimited number of Silver services are available to the business organization.
OID
oid-sunAvailableServices
sunBusinessOrgBaseOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
dn, single-valued
Object Class
Definition
Contains the DN for the node underneath which all full domains for this provider organization are to be created.
You can assign this attribute only if the sunAllowBusinessOrgType attribute was provisioned to allow full domains (sunAllowBusinessOrgType: full).
Example
sunBusinessOrgBase: o=providerorgDomainsRoot,o=Business,
o=userGroupRootOID
oid-sunBusinessOrgBase
sunBusinessRootOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
dn, single-valued
Object Class
Definition
Holds the DN of the root entry that contains the business organization tree.
Example
sunBusinessRoot: o=Business,o=userGroupRoot
OID
oid-sunBusinessRoot
sunEnableGABOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, single-valued
Object Class
Definition
Enables use of a global address book for this business organization.
Allowed values: true, false
Default value: false
Example
sunEnableGAB: true
OID
oid-sunEnableGAB
sunExcludeServicesOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, multivalued
Object Class
Definition
Specifies a list of classes-of-service that will be excluded from the business organizations in this provider organization.
If both the sunIncludeServices and sunExcludeServices attributes are specified, only sunIncludeServices takes effect. If neither attribute is present, all classes-of-service found underneath the container specified with the sunServicesRoot attribute will also be available to the business organizations in this provider organization.
Example
sunExcludeServices: Bronze
OID
oid-sunExcludeServices
sunIncludeServicesOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, multivalued
Object Class
Definition
Specifies a list of the classes-of-service available to business organizations in this provider organization.
The complete list of classes-of-service available in this directory is found underneath the container specified with the sunServicesRoot attribute.
If the sunIncludeServices attribute is not present, all classes-of-service specified underneath the class-of-service container will also be available to the business organizations in this provider organization.
Example
sunIncludeServices: Gold
OID
oid-sunIncludeServices
sunMaxGroupsOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
int, single-valued
Object Class
Definition
Specifies the maximum number of groups that can be created in this business organization.
To enable the business organization to contain an unlimited number of groups, specify a value of -1.
Allowed values are integers.
Example
sunMaxGroups: 20
OID
oid-sunMaxGroups
sunMaxUsersOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
int, single-valued
Object Class
Definition
Specifies the maximum number of users who can be created in this business organization.
To enable the business organization to contain an unlimited number of users, specify a value of -1.
Allowed values are integers.
Example
sunMaxUsers: 50
OID
oid-sunMaxUsers
sunNumGroupsOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
int, single-valued
Object Class
Definition
Specifies the current number of groups in this business organization.
Allowed values are integers.
Example
sunNumGroups: 8
OID
oid-sunNumGroups
sunNumUsersOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
int, single-valued
Object Class
Definition
Specifies the current number of users in this business organization.
Allowed values are integers.
Example
sunNumUsers: 12
OID
oid-sunNumUsers
sunOrganizationSkinOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, multivalued
Object Class
Definition
This attribute is not currently implemented.
Enables this business organization to use a specified customization of the user interface (UI) to provide a specific look and feel for users in the organization.
The sunOrganizationSkin attribute is specified with a key-value pair. The key is the name of a skin to be used for the organization’s customized UI. The value identifies the jar file containing the skin.
Format
skinname:jarfile
Examples
sunOrganizationSkin: classic: classiclookandfeel.jar
sunOrganizationSkin: modern: modernlookandfeel.jarOID
oid-sunOrganizationSkin
sunOrgTypeOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
cis, single-valued
Object Class
Definition
Determines whether this business organization is part of a shared domain (shared) or is a full-fledged domain with its own namespace (full).
This is a required attribute.
Allowed values:
- shared —Designates a business organization that is assigned to a shared domain. Multiple business organizations can be part of a shared domain. This business organization shares its namespace with the other organizations in the domain.
- full —Designates a business organization that is a full-fledged domain with an authorized domain name and its own unique namespace.
Example
sunOrgType: shared
OID
oid-sunOrgType
sunProviderOrgDNOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
dn, single-valued
Object Class
Definition
Contains the base DN that points to the business organization for this provider organization. The users of this provider organization are created in this business organization.
The provider organization cannot have any user entries directly under the provider organization node. All users in the provider organization must be managed in the separate business organization identified by the sunProviderOrgDN attribute. This business organization is like any other business organization.
Example
sunProviderOrgDN: o=providerorg,o=sesta.com,o=sharedDomainsRoot,
o=BusinessOID
oid-sunProviderOrgDN
sunResidentialRootOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
dn, single-valued
Object Class
Definition
Holds the DN of the root entry that contains the residential tree.
Example
sunResidentialRoot: o=Residential,o=userGroupRoot
OID
oid-sunResidentialRoot
sunServicesRootOrigin
Messaging Server 6 2005Q1; Communications Services 6 2005Q1 Delegated Administrator
Syntax
dn, single-valued
Object Class
Definition
Specifies the DN of the container of all the class-of-service definitions available to provider organizations in the directory.
Example
sunServicesRoot: o=Services,o=Business,o=userGroupRoot
OID
oid-sunServicesRoot