Create an Identity Manager service account to connect to Communications Services, rather than using the administrator account CN=Directory Manager. Use your Directory Server management tool to set permissions through an ACI (access control instructions) at each base context.
Set the permissions in the ACI based on the source. If the adapter is connecting to an authoritative source, then set read, search, and possibly compare permissions only. If the adapter is used to write back, then you will need to set write and possibly delete permissions.
If the account will be used for monitoring the changelog, an ACI should also be created on cn=changelog. The permissions should be set to read and search only, because you cannot write or delete changelog entries.
The sources.ResourceName.hosts property in the waveset.properties file can be used to control which host or hosts in a cluster will be used to execute the synchronization portion of an Active Sync resource adapter. ResourceName must be replaced with the name of the Resource object.
The Sun Communications Services resource adapter does not perform before or after actions. Instead, you may use the Action Proxy Resource Adapter field in the Resource Wizard to designate a proxy resource adapter that has been configured to run actions.
The following example script could be run on the proxy resource after creating a user:
SET PATH=c:\Sun\Server-Root\lib SET SYSTEMROOT=c:\winnt SET CONFIGROOT=C:/Sun/Server-Root/Config mboxutil -c -P user/%WSUSER_accountId%.*
The following example script will delete the user’s mailboxes when the user is deleted.
SET PATH=c:\Sun\Server-Root\lib SET SYSTEMROOT=c:\winnt SET CONFIGROOT=C:/Sun/Server-Root/Config mboxutil -d -P user/%WSUSER_accountId%.*