| Previous Contents Index Next |
| iPlanet Messaging Server 5.2 Provisioning Guide |
Chapter 4 Provisioning Users
This section describes how to create user entries for the iPlanet Messaging Server. As installed, user entries are created in the Organization Tree and our examples will reflect this. Note that attribute descriptions in this guide are overviews. Full attribute descriptions are available in the iPlanet Schema Reference Manual. This chapter consists of the following sections:
"Creating User Entries""
"Activating/Deactivating Users""
"Setting a User Vacation Message""
"Adding/Removing Allowed Mail Services""
"Adding or Changing Incoming Mail Delivery Options""
"Setting User Message Filters""
"Changing A User's Mail Server""
"Adding Mailing List Creation Privileges""
"Limiting Received Message Size""
Creating User Entries
sesta.com email users are in ou=people,o=sesta.com,o=isp in the Organization Tree. Each entry contains attribute information about the user. An LDIF example is shown below.
User Entry Object Classes and Attributes
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
objectClass: person
- The distinguished name of the user Otis Fanning. Note that the following characters cannot be used for uid: $ ~ = # * + % ! @ , { } ( ) / \ < > ; : " ` [ ] & ? DEL TAB and characters with the top bit set and any control character.
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetUser
objectClass: ipUser
objectClass: inetMailUser
objectClass: inetLocalMailRecipient
objectClass: nsManagedPerson
objectClass: userPresenceProfile
- These are the user entry object classes. inetOrgPerson is the core object class, and it inherits from organizationalPerson and person (these two classes are shown for clarification even though it is not necessary to include them in an LDAP add statement if you are provisioning).
- inetUser, inetMailUser and ipUser provide attributes for creating a mail user account. They provide attributes such as UID, user password, public address book information, and mail delivery information.
- inetLocalMailRecipient provides local routing information.
- userPresenceProfile supports vacation attributes.
- nsManagedPerson provides iPlanet Delegated Administrator for Messaging support attributes.
cn: Otis Fanning
sn: Fanning
- cn (commonname) is the user's full name and is inherited from the person object class.
initials: OTF
- sn (surname) is the user's last or family name and is inherited from the person object class.
givenName: Otis
- initials contains the initials of some or all of an individuals names. In this example OTF stands for Otis Tiberus Fanning.
mail: otis.fanning@sesta.com
- givenName is the first name of the user.
- The user's advertised e-mail address (RFC 822 format).
uid: fanning
userPassword: secret
- uid is the user's login identification. This attribute must be unique within the domain.
inetUserStatus: active
- userPassword is the string representing the user's password for accessing his account to read and send mail.
- Global status of the user for all directory-enabled server. Values: active, inactive, deleted. Missing value implies status is active. An illegal value is treated as inactive.
ipUser
This core object class supports internet services like mail and calendar. It provides attributes for the personal address book store and class of service features.
pabURI: ldap://ldap.siroe.com:389/ou=fanning,ou=people, o=sesta.com,o=isp,o=pab
- LDAP URI specifying the container of the personal address book entries for this user. Typically this is set by the server when the user creates personal address book entries; however if you want to force the server to use a different LDAP server for the address book, then you would use this attribute and provision the appropriate values.
dataSource: iPlanet Messaging Server 5.0 @(#)ims50users.sh
mailDeliveryOption: mailbox
- Text field to store a tag or identifier.
mailUserStatus: active
- Mail delivery option(s) to be used for the recipient. mailDeliveryOption can be multi-valued. Possible values are mailbox, native|unix, autoreply, program, and forward.
mailQuota: -1
- Single valued attribute. Stores one of the following mail user states: active, inactive, deleted, hold. hold specifies that all mail for the user's inbox is sent to the hold queue and all access to the mailbox over IMAP and POP is disallowed. Missing value implies status is active. An illegal value is treated as inactive.
mailMsgQuota: 100
- Disk space allowed for the user's mailbox in bytes. Value of 0 (or not specified) means system default quota (defined through iPlanet Console) and -1 means no limit on space usage.
- Maximum number of messages permitted for a user. This is a cumulative count for all folders in the store. Value of 0 (or not specified) means system default quota and -1 (defined through iPlanet Console or iPlanet Delegated Administrator for Messaging) means no limit on number of messages.
mailHost: manatee.siroe.com
mailAlternateAddress: ofanning@sesta.com
- Fully-qualified hostname of the MTA that is the final SMTP destination of messages to this group.
- Alternate RFC 822 e-mail address of this user.
userPresenceProfile
Supports vacation attributes. See iPlanet Schema Reference Manual for details.
nsManagedPerson
Supports attributes for iPlanet Delegated Administrator for Messaging.
Mail User Tasks
This section consists of the following subsections:
"Activating/Deactivating Users""
"Setting a User Vacation Message""
"Adding/Removing Allowed Mail Services""
"Adding or Changing Incoming Mail Delivery Options""
"Setting User Message Filters""
"Changing A User's Mail Server""
Activating/Deactivating Users
The iPlanet Messaging Server honors two different status attributes for user activation/deactivation, inetUserStatus and mailUserStatus. The inetUserStatus attribute holds the global user status for all services (mail, calendar, etc.) and overrides the status set in mailUserStatus. mailUserStatus sets the status for mail service only. It may have the values active, inactive, or deleted. Setting inetUserStatus to deleted marks the entry for deletion during next purge cycle.mailUserStatus sets the status for individual users with one of the following mail user states: active, inactive, deleted, hold. mailUserStatus=hold implies ALL mail for the users inbox is sent to the hold queue and all access to the mailbox over IMAP and POP is disallowed. Setting mailUserStatus to delete marks the entry for removal.
The following LDIF update statement disables a user's ability to use any services. If mail is sent to an inactive user, a transient failure is returned to the sending MTA.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
replace: inetUserStatus
inetUserStatus: inactiveThe following LDIF update statement disables only the mail service for that user. If other services, like calendar, are provisioned for that user, they continue to be active.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
replace: mailUserStatus
mailUserStatus: inactiveThe following update statement redirects messages for the user into the hold queue. This may be used when moving users from one mail server to another. Inbound messages for users are redirected to the hold queue. To start mail delivery for the user again, mailUserStatus must be set back to active.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
replace: mailUserStatus
mailUserStatus: hold
Changing a User Password
You can change the user's password by changing the userPassword attribute. This can be changed with the following LDIF:dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
replace: userPassword
userPassword: PAssWoRd
Setting a User Vacation Message
Vacation messages are set using attributes from object class userPresenceProfile (attributes: vacationStartDate and vacationEndDate) and inetMailUser (attributes: mailAutoreplyMode, mailAutoreplyTimeout, mailAutoreplySubject, mailAutoreplyText, mailAutoreplyTextInternal and mailDeliveryOption).Please refer to the iPlanet Schema Reference Manual for the detailed semantics for each attribute.
The example LDIF file below sets a vacation message for a user starting 15th February 2001 and ending 20th February 2000, with auto reply time-out of 2 days and a vacation message subject of I am on vacation and a body text (both internal to the same domain and external to all other users) of Please contact me later.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
add: mailDeliveryOption
mailDeliveryOption: autoreply
-
replace: mailAutoreplyMode
mailAutoreplyMode: reply
-
replace: vacationStartDate
vacationStartDate: 20010215000000Z
-
replace: vacationEndDate
vacationEndDate: 20010220000000Z
-
replace: mailAutoreplyTimeout
mailAutoreplyTimeout: 48
-
replace: mailAutoreplySubject
mailAutoreplySubject: I am on vacation-
replace: mailAutoreplyTextInternal
mailAutoreplyTextInternal: Please contact me later.
-
replace: mailAutoreplyText
mailAutoreplyText: Please contact me later.Note that the date settings are Universal Time Coordinated (UTC), the international time standard formerly known as Greenwich Mean Time, or GMT. If you are in a different time zone, you need to set the UTC equivalent time. For example, subtract 8 hours if you want to set the vacation to midnight 2/15/2001 Pacific Standard Time.
Adding/Removing Allowed Mail Services
Allowed mail services are set with the mailAllowedServiceAccess attribute. The allowed values are imap, imaps, pop3, http. The format is as follows:mailAllowedServiceAccess: +<Allowed Services>:*
(See the Filter Syntax section inthe iPlanet Message Server Administration Guide for allowed services syntax.) The following LDIF modify code adds IMAP, POP3 and HTTP (Messenger Express) support for Otis Fanning.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
replace: mailAllowedServiceAccess
mailAllowedServiceAccess: +smtp:ALL$+imap:ALL$+pop:ALL$+http:ALL
Adding or Changing Incoming Mail Delivery Options
The mailDeliveryOption attribute controls whether incoming messages are sent to the message store (mailbox), /var/mail (native), to an autoreply facility (autoreply), forwarded to another mail address (forward), or to an approved mail processing program (program). Note that this attribute can take multiple values. If mailDeliveryOption is set to program, then mailProgramDeliveryInfo has to be set (see the iPlanet Message Server Administration Guide for details on program delivery).The LDIF data below sends messages to /var/mail as well as the message store.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
add: mailDeliveryOption
mailDeliveryOption: native
Setting User Message Filters
The iPlanet Messaging Server supports the SIEVE mail filtering language for creating message filters that can block, store, or redirect mail messages containing a specified string or exceeding specified lengths. Users can specify filtering rules and actions through the iPlanet Delegated Administrator for Messaging and also through LDAP using the attribute mailSieveRuleSource. Note, however, that message filters created by adding the mailSieveRuleSource with LDAP cannot be modified using iPlanet Delegated Administrator for Messaging. The iPlanet Delegated Administrator for Messaging can view and delete these LDAP created message filters, but it cannot edit them. The iPlanet Messaging Server supports the SIEVE rules as specified in the Internet draft "Sieve: A Mail Filtering Language", T. Showalter, draft 9 (http://docs.iplanet.com/docs/sieve). Below is an example of a mail filter using SIEVE.
In this example, the value of mailSieveRuleSource is stored in a file and the value is encoded by entering the -b flag in the ldapmodify command.
The modify entry file modfanning.ldif contains the following:
mailsievesource.txt contains the following:
- dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
add: mailSieveRuleSource
mailSieveRuleSource: /export/example/mailsievesource.txt
The modify command is as follows:
- require ["fileinto", "reject"];
if header :contains "Subject" "New Rules Suggestion"
{redirect "rules@sesta.com" # Forward message }
elsif header :contains "Sender" "porn.com"
{discard text:
Your message has been rejected. Please remove this address from
your mailing list. # Reject message, send reply message
.
;}
elsif size :over 1M
{ reject text:
Please do not send me large attachments.
Put your file on a server and send me the URL.
Thank you. # Discard message, send reply message
.
;}
elsif header :contains "Sender" "barkley@sesta.com"
{ fileinto "complaints.refs"; # file message}
- ldapmodify -D "cn=Directory Manager" -w password -b -f modfanning.ldif
Mail and Message Quotas
A user's mailbox disk space quota is set by specifying the mailQuota attribute in bytes. (The maximum number of messages a user is permitted is set with mailMsgQuota.) Value of mailQuota=-2 or attribute not defined specifies that the system default quota (set via the iPlanet Console or the variable store.defaultmessagequota) is used. A value of mailQuota=-1 means no limit on number of messages. A value of mailQuota=0 means no messages may be stored.The following LDIF modify code sets this user's mail quota to unlimited space and message quota to 2000.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
replace: mailQuota
mailQuota: -1
-
replace: mailMsgQuota
mailMsgQuota: 2000
Mail Forwarding
To forward mail set mailDeliveryOption to forward and set mailForwardingAddress to the desired email address. mailForwardingAddress can have multiple values. The following example sends mail to the user's mailbox as well as forwards mail to fastjonny@varrius.com and John@florizel.net. Note that the message will also be delivered to the users inbox because mailDeliveryOption is also set to mailbox.dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
add: mailDeliveryOption
mailDeliveryOption: forward
-
replace: mailForwardingAddress
mailForwardingAddress: fastjonny@varrius.com
mailForwardingAddress: John@florizel.net
New Mail Aliases
A user can have multiple alternate email addresses for a mail account by setting these alternate names to mailAlternateAddress. A catch-all mail address (an address that will receive any message to an address in a domain if the MTA does not find an exact match for the address) can be created by setting the attribute to @<domain_name>.The modify statement below adds an alternative address for Otis Fanning.
dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
replace: mailAlternateAddress
mailAlternateAddress: ofanning@sesta.com
Changing A User's Mail Server
Change the user's mail server (fully-qualified hostname of the MTA that is the final SMTP destination of messages to this recipient) by specifying the new server to mailhost.dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
replace: mailhost
mailhost: buffalo.siroe.com
Adding Mailing List Creation Privileges
Add the attribute value-pair nsDACapability: mailListCreate to a user's entry to allow mailing list creation.dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
add: nsDACapability
nsDACapability: yes
Limiting Received Message Size
To limit the size of a message that a user or group can receive, use the attribute mailMsgMaxBlocks. Message size is set in MTA block size (default is 1024 bytes). Note that this attribute overrides mailDomainMsgMaxBlocks. The example below sets a limit of one megabyte.dn: uid=fanning,ou=people,o=sesta.com,o=ISP
changetype: modify
add: mailMsgMaxBlocks
mailMsgMaxBlocks: 1000
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated February 13, 2002