Previous
Contents
Index
Next
|
| Sun One Messaging and Collaboration Schema Reference Manual |
Chapter 3 Attributes
This chapter describes attributes required or allowed by LDAP object classes for Sun™ ONE/iPlanet™ products. The attributes are listed alphabetically.
List of Attributes
This chapter describes the following attributes for Sun ONE Messaging and Collaboration products:
Attribute Definitions
Origin
iPlanet Messaging Server 5.0
Object Classes
inetAdmin
Definition
Specifies the administrator role for this administrator entry.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomainAlias
Definition
Used by the directory server to identify alias entries in the directory. Contains the distinguished name of the entry for which it is an alias.
Example
aliasedObjectName= cn=jdoe, o=sesta.com
Origin
iPlanet Messaging Server 5.0
Object Classes
groupOfUniqueNames
Definition
Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level.
Example
businessCategory = Engineering
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson
Definition
Contains URI to user's entire default calendar. For details see RFC 2739.
Example
Varies according to the version of calendar server implemented. For details see RFC 2739.
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson
Definition
URL to the user's default busy time data. For details see RFC 2739.
Example
Varies according to the version of calendar server implemented. For details see RFC 2739.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarResource, icsCalendarUser, inetResource
Definition
For users, full name of person. For resources, a unique identifier. In either case, it may contain spaces and special characters. Abbreviation for commonName.
Example
For a user: cn = John Doe. For a resource: cn = Conference Room #3
commonName = John Doe; commonName = Conference Room #3
Object Classes
pabPerson
Definition
Contains the name of a country, using a two character code. Abbreviation for countryName.
The attribute friendlyCountryName is used to spell out the actual country name.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser, inetMailGroup
Definition
Text field to store a tag or identifier. Value has no operational impact.
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson
Definition
Date of birth of the pabPerson. Format is: YYYYMMDD.
Example
dateOfBirth=19740404
(date of birth on April 6, 1974.)
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomainAlias
Definition
The domain component of the domain alias entry.
Example
If the domain alias entry DN is dc=sesta, dc=fr, o=internet, then the value of dc is sesta.
OID
0.9.2342.19200300.100.1.25
Object Classes
icsCalendarDWPHost, icsCalendarResource, groupOfUniqueNames, inetManagedGroup, pab, pabGroup
Definition
Provides a human readable description of the object. For people and organizations, this often includes their role or work assignment.
Example
description = Quality control inspector.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomainAuthInfo
Definition
This attribute is used by the messaging server to override the default mailbox (MB) home. When present, this attribute specifies that compound user identifications (UIDs) are used in this domain and this attribute specifies the separator. For instance, if + is the separator, the mailbox names in this domain are obtained by replacing the right most occurrence of + in the uid with @. To map an internal mailbox name to the UID, the right most occurrence of @ is replaced with a + in the mailbox name.
While substitution of an @ for the UID separator is sufficient to generate a mailbox name, this may not be the same as any of the user's actual email addresses.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomainOrg
Definition
Maximum number of user entries in a domain organization.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomainOrg
Definition
Number of current user entries in a domain organization.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarResource, inetResource
Definition
Fax telephone number for resources.
Object Classes
icsCalendarUser
Definition
Identifies the entry's given name, usually a person's first name.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsAdministrator
Definition
Administrative calendar role that can be assigned to a group.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarResource
Definition
Alias associated with a resource. An alias can make a resource name easier for the end user to work with.
Example
The resource named "halleyscomet" can be aliased as "Halley's Comet".
Syntax
cis, single-valued (see mailAllowedServiceAccess)
Object Classes
icsCalendarDomain, icsCalendarUser
Definition
Specifies which calendar access protocols are allowed using access filters (rules). If no rules are specified, then the user or domain is allowed access to all protocols from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:
Access is granted if the client information matches an allow filter for that service.
Access is denied if the client information matches a deny filter for that service.
If no match is made with any allow or deny filters, access is granted, except in the case where there are allow filters but no deny filters. In this case, a lack of match means access is denied. Rule Syntax
"+" or "-" <daemon_list>":"<client_list>
+ (allow filter) means the daemon list services are being granted to the client list.
- (deny filter) means the services are being denied to the client list.
daemon_list is a comma separated list of services to which access is being granted or denied.
Legal service names are: wcap.
client_list is a comma separated list of clients (domains) to which access is being granted or denied.
Wildcards can be substituted for the client list (domains). The following table shows the legal wildcards and their meanings:
The following wildcards can be used for the daemon list (services): *, ALL.
Except Operator
The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule's daemon list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.
A list is a comma separated list of services or clients.
Example
icsAllowedServiceAccess = +wcap:*
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
A 32-bit integer, evaluated as bit fields that disallow specific user rights. If the field is set (1), the right is not allowed. If the bit is not set (0), the right is allowed.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
Specifies if anonymous users can write events in public calendars.
Example
icsAnonymousAllowWrite = Yes
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
Calendar ID for anonymous users.
Example
icsAnonymousCalendar = Guest1
Object Classes
icsCalendarDomain
Definition
Default calendar set for anonymous users.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
Specifies if anonymous login is allowed.
Example
icsAnonymousLogin = Yes
Object Classes
icsCalendarDomain
Definition
Default calendar set for anonymous users.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarResource, icsCalendarUser
Definition
Default calendar for a user or resource.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarUser
Definition
Default calendar for a user or resource.
Origin
iPlanet Calendar Server 5.1
Object Classes
Definition
Reserved, not implemented.
Example
OID
2.16.840.1.113730.3.1.800
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarResource
Definition
Resource contact name. Reserved, not implemented.
Example
icsContact = John Doe jdoe@sesta.com
Origin
iPlanet Calendar Server 5.1
Object Classes
Definition
Reserved, not implemented.
Default access control applied to this calendar. See "Access Control Entries" in the WCAP Commands chapter of the iPlanet Calendar Server Programmer's Manual for a detailed description of Access Control Entries.
Example
Granting the user both freebusy and scheduling permission for calendar components.
icsDefaultAccess = @sesta.com^c^sf^g
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarUser
Definition
User preference for what calendars to display at login. User's can specify any of their calendar sets (groups they have created) to be displayed at login instead of a single calendar.
Example
icsDefaultSet=MyCalendarGroup
Syntax
cis, single-valued (see mgrpAllowedDomain)
Object Classes
icsCalendarDomain
Definition
What domains are allowed. The value has the following format:
where daemon-list is a blank- or comma-separated list of one or more daemon names or wildcards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wildcards.
The following are the explicit wildcards recognized by the system:
Matches any host whose name does not contain a dot character.
Matches any host whose name or address are unknown. Use this with care.
Matches any host whose name and address are known. Use with care.
There is one operator that can be used in the daemon-list and the client-list:
Matches anything that matches list 1 unless it matches anything in list 2.
The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated.
You can use patterns to distinguish clients by the network address that they can connect to. For example: daemon@host_pattern:client-list.
Example
Allow local access to anyone in the sesta.com domain.
icsDomainAllowed = ALL:sesta.com
Origin
iPlanet Calendar Server 5.1.1
Syntax
cis, multi-valued, ASCII
Object Classes
icsCalendarDWPHost
Definition
Comma-separated list of all the domain names for which this host holds calendars. If the attribute is empty, no domains are allowed. If a domain is allowed, it must be explicitly listed here.
Example
icsDomainNames = sesta.com, company22.com
Origin
iPlanet Calendar Server 5.1
Syntax
cis, single-valued (see mgrpDisallowedDomain)
Object Classes
icsCalendarDomain
Definition
What domains are not allowed. The value has the following format:
where daemon-list is a blank- or comma-separated list of one or more daemon names or wildcards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wildcards.
The following are the explicit wildcards recognized by the system:
Matches any host whose name does not contain a dot character.
Matches any host whose name or address are unknown. Use this with care.
Matches host whose name and address are known. Use with care.
There is one operator that can be used in the daemon-list and the client-list:
Matches anything that matches list 1 unless it matches anything in list 2.
The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated.
Example 1
If you want to allow access to all but a selected few hosts, you can explicitly deny access as in the following example:
Deny access to anyone at the company22.com domain.
icsDomainNotAllowed = ALL:company22.com
In this instance, you would not need to have any specific icsDomainAllowed attributes.
Example 2
If you want to implement a no-access default, a single instance of this attribute will do it. This denies all service to all hosts, unless they are specifically permitted access by icsDomainAllowed attributes.
Example 3
The following example shows how to deny access to any unknown users.
icsDomainNotAllowed = ALL:UNKNOWN@ALL
Origin
Sun ONE Calendar Server 5.1.1
Object Classes
icsCalendarResource, icsCalendarUser
Definition
Not yet implemented.
The function is covered by two ics.conf preferences: resource.allow.doublebook, and user.allow.doublebook. The default setting for resources is "no", meaning resources can not be double booked. The default setting for users is "yes", meaning double booking is allowed on user's calendars.
These settings can be changed by the administrator.
Origin
Sun ONE Calendar Server 5.1.1
Object Classes
icsCalendarDomain
Definition
Stores possible back end hosts.
Example
icsDWPBackEndHosts = machine1, machine2
Machine names can be fully qualified host names.
Origin
iPlanet Calendar Server 5.1.1
Syntax
cis, single-valued, ASCII
Object Classes
icsCalendarDWPHost, icsCalendarResource, icsCalendarUser
Definition
Stores a DWP host name so that the calendar ID can be resolved to the DWP server that stores the calendar and its data.
Origin
Sun ONE Calendar Server 5.1.1
Object Classes
icsCalendarDWPHost
Definition
Extensions for calendar.
Example
OID
2.16.840.1.113730.3.1.738
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
For each preference, there is one instance of this attribute.
Example
icsExtendedDomainPrefs =
Origin
iPlanet Calendar Server 5.1
Object Classes
icsAdministrator
Definition
Extensions for calendar group preferences.
Origin
iPlanet Calendar Server 5.1
Object Classes
Definition
Reserved, not implemented.
Example
OID
2.16.840.1.113730.3.1.741
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarUser
Definition
Extensions for calendar user preferences. The following are the preferences and their values
Preferences
Values
Definitions
Determines what order the three elements of a date (month (M), day (D), and year (Y)) are displayed.
The single character used to delimit displayed date elements (M,D,Y).
Start time hour (expressed as one of 24 hours in a day) for displaying calendar information.
End time hour (expressed as one of 24 hours in a day) for displaying calendar information.
Amount of time before the event an alarm should be sent. Where unit count is any numeric value, and unit type is either M (minutes), H (hours), or D (days).
For a list of time zones, see Standard Time Zones.
Time zone to use when a calendar does not have one assigned to it.
View to be presented at log in.
If this parameter is not present, overview is used as the default.
One of these values:
1) Times New Roman, Times, serif
2) Courier New, Courier, noon
3) PrimaSans BT, Verdana, sans-serif
Three choices of font face to be used in the user interface.
pref_font_size_group_2 (normal)
pref_font_size_group_1 (larger)
pref_font_size_group_3 (smaller)
Defines three font sizes for the user interface. In the interface they are defined as:
normal, larger, smaller.
Defines the time interval to be used when displaying calendar information.
Intervals are: 15 min., 30 min., 1hour, 2 hours, 4 hours.
Email address notifications are mailed to when the calendar receives an invitation to an event.
Enables/disables email notifications being sent when the calendar receives an invitation to an event.
0 = do not sent notifications
1 = send notifications
any valid time zone
For a list of valid time zones, see Standard Time Zones.
Lists the time zone assigned to this calendar.
If the parameter is not sent, the default time zone is used.
Toggle for the user interface display of icon images on the toolbar.
0 = do not display icons,
1 = display icons (default)
Toggle for the user interface display of icon text on the toolbar.
0 = do not display text with the icon
1 = display text with the icon (default)
Example
icsextendeduserprefs= ceClock=12
icsextendeduserprefs= ceColorSet=pref_group_1
icsextendeduserprefs= ceDateOrder=D/M/Y
icsextendeduserprefs= cdDateSeparator=/
icsextendeduserprefs= ceDayHead=10
icsextendeduserprefs= ceDayTail=17
icsextendeduserprefs= ceDefaultAlarmEmail=jdoe@sesta.com
icsextendeduserprefs= ceDefaultAlarmStart=P30H
icsextendeduserprefs= cdDefaultTZID=America/New_York
icsextendeduserprefs= ceDefaultView=groupview
icsextendeduserprefs= ceFontFace=PrimaSans BT,Verdana,sans-serif
icsextendeduserprefs= ceFontSizeDelta=pref_font_size_group_3
icsextendeduserprefs= ceInterval=PT2H0M
icsextendeduserprefs= ceNotifyEmail=jdoe@sesta.com
icsextendeduserprefs= ceNotifyEnable=0
icsextendeduserprefs= ceSingleCalendarTZID=America/Los_Angeles
icsextendeduserprefs= ceToolText=1
icsextendeduserprefs= ceToolImage=1
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarUser
Definition
First day of the week to be displayed on user's calendar.
Range of values: 1-7, with 1 = Sunday, 2 = Monday, 3= Tuesday, 4 = Wednesday,
5 = Thursday, 6 = Friday, 7 = Saturday
Origin
iPlanet Calendar Server 5.1
Object Classes
Definition
Reserved, not implemented.
Example
OID
2.16.840.1.113730.3.1.744
Origin
iPlanet Calendar Server 5.1
Object Classes
Definition
Geographical location of user or resource.Reserved, not implemented.
Example
This class exists only for compliance with the RFC spec and is not used.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
The valid calendar IDs for mandatory subscribed calendars for all users in a domain.
Example
icsMandatorySubscribed = ConfRm1@sesta.com:meetings
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
The mandatory default view for all calendars in a domain. Views are: overview, day, week, month, year, comparison.
Example
icsMandatoryView = overview
Origin
iPlanet Calendar Server 5.1.1
Syntax
cis, single-valued, ASCII
Object Classes
icsCalendarResource, icsCalendarUser
Definition
Reserved. not implemented.
The name of the partition that holds a calendar database. There is no default value.
Example
icsPartition=partition1
Origin
iPlanet Calendar Server 5.1
Object Classes
Definition
Reserved, not implemented.
Specifies the preferred host for this calendar. This attribute is used by clients to retrieve the front-end-host server name.
Example
OID
2.16.840.1.113730.3.1.749
Origin
iPlanet Calendar Server 5.1
Object Classes
Definition
Reserved, not implemented.
Example
OID
2.16.840.1.113730.3.1.748
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
Maximum number of instances created for events and todos with infinite recurrence.
Example
icsRecurrenceBound = 60
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
An ISO8601 date/time string specifying the maximum date for events and todos with infinite recurrence.
Example
icsRecurrenceDate = 20300365T115959Z
Origin
iPlanet Calendar Server 5.1.1
Syntax
ces, multi-valued, UTF8
Object Classes
icsCalendarDWPHost
Definition
Stores regular expressions used to divide the LDAP database between servers.
Example
icsRegularExpressions=A-F,G-L,M-T,U-Z
A-F, G-L, M-T, U-Z are possible values for instances of this attribute and describe a database divided alphabetically between four servers.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
Number of seconds of inactivity before a user session is timed out.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsAnonymousSet,icsCalendarUser,icsDefaultAnonymousSet
Definition
Defines one group of calendars. End users create these groups for various tasks. Each group is represented by one icsSet attribute, that is, for every group the user creates there will be one icsSet attribute. For example, if the user has three groups defined, there will be three icsSet attributes.
The value for this attribute is a six-part string, with each part separated by a dollar sign ($).
The six parts of this attribute's value are:
A semi-colon-separated list of calendar IDs (calid) that comprise this group.
Three possible values: default, inherit, specify. The value that tells where the time zone for this group comes from.
default = take user's default time zone
inherit = take the time zone of the first calendar in the group
specify = take the time zone from the tz value that follows.
A valid time zone for this group. For a list of acceptable values, see Standard Time Zones. Value is optional unless tzmode = specify, then it is required.
A boolean (TRUE/FALSE). The value tells whether to display this group in the Day view (TRUE) or the Comparison view (FALSE)
Example
The value of this attribute should all be on one line or if you wish to break a line, start the next line with a single space or tab.
icsSet = name = GroupName$ calendars = calid1;
calid2; calid3$tzmode = specify$tz = America/
Los_Angeles$mergeInDayView = FALSE$description
= Example group of calendars.
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarDomain
Definition
The alternate location of all client HTML files. A directory path that is relative to the installed client HTML files.
Origin
iPlanet Calendar Server 5.1
Object Classes
Definition
Reserved, not implemented.
Calendar status, with one of these valid values:
The absence of this attribute implies active.
Calendar services evaluate the following status attributes in order:inetDomainStatus, icsStatus (for icsCalendarDomain), either inetResourceStatus or inetUserStatus, and icsStatus (for either icsCalendarResource or icsCalendarUser).
The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Example
OID
2.16.840.1.113730.3.1.755
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarUser
Definition
List of calendar IDs to which this user is subscribed.
The value of this attribute is the calendar ID and optionally, the calendar name, with a dollar sign ($) between them, when present.
Example
icsSubscribed=jdoe$MyHomeCalendar
icsSubscribed=jsmith
Origin
iPlanet Calendar Server 5.1
Object Classes
icsCalendarResource, icsCalendarUser
Definition
The default time zone for this user, resource, or domain. Specifically a valid time zone from the list found in "Object Identifiers".
Example
icsTimezone = America/Chicago
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomainAuthInfo
Definition
This attribute is a fully qualified domain name. If more than one DC node in a DC tree refers to the same organization node in the Organization tree, this attribute is used to specify the canonical domain name used by the mail processes to open users' mailboxes. (There can be only one canonical domain name per organization node, but there can be many DC nodes referring to it.)
This attribute is not necessary if there is only one DC node referring to an organization node. If the attribute is missing, the DC node entry is taken for the canonical domain name.
If this attribute is missing and there are multiple DC nodes referring to the same organization node, the mail processes could possibly use the wrong domain name when trying to open users' mailboxes.
Example
For the corporation sesta.com, if two DC nodes exist, dc=sesta and dc=sesta2, both referring to the organization node o=sesta, then you must specify one of them in the attribute:
inetCanonicalDomainName=sesta.com
dn:dc=sesta,dc=com,o=internet
inetdomainbasedn:o=sesta.com
inetcanonicaldomainname:sesta.com
dn:dc=sesta2,dc=com,o=internet
inetdomainbasedn:o=sesta.com
Origin
iPlanet Messaging Server 5.0
Object Classes
ipUser
Definition
(Organization tree domain) Specifies the name of the class of service (COS) template supplying values for attributes in the user entry. The RDN of the COS template is the value of this attribute. Attribute values provided by the template and any override rules are specified in the COS definition. COS definitions are created by using the object class cosDefinition. The value of attribute cosSpecifier in COS definition entry is set to inetCOS. Create COS definitions and templates in the container ou=COS in the subtree for that domain. See the iPlanet Messaging Server Provisioning Guide for more information.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomain
Definition
(DC tree) DN of the customer's Organization subtree where all user/group entries are stored. This attribute must be present and point to a valid Organization subtree DN. Messaging Server components MUST resolve this DN in order to search for user and group entries that correspond to the hosted organization.
Example
inetDomainBaseDN=o=sesta.com,o=siroe-isp.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomainAuthInfo
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomainAuthInfo
Definition
LDAP search filter to use when searching for users in the subtree specified in inetDomainBaseDN. Used during authentication to map login name in that domain to an LDAP entry. The following variables can be used in constructing the filter:
%U-Name part of the login name (that is, everything before the login separator stored in the servers configuration). If this attribute is missing, it is equivalent to uid=%U. Namespaces where users are provisioned with compound uids, such as uid=john_siroe.com, where john is the userID and siroe.com is the domain, would use a search filter of uid=%U_%V. This maps a login string of john@siroe.com (where @ is the login separator for the service) into a search request by the service for an entry's namespace of siroe.com where uid=john_siroe.com. An alternative example of using this attribute would be for sites wanting to log people in based on their employee identification. Assuming the attribute empID in user entries stores employee identifications, the search filter would be empID=%U.
This attribute must return a unique match for valid users within the inetDomainBaseDN subtree. If this attribute is not set, the uid attribute must be unique in the inetDomainBaseDN subtree.
Example
inetDomainSearchFilter=uid=%U
Origin
iPlanet Messaging Server 5.0
Object Classes
inetDomain
Definition
Specifies the global status of a domain. The intent of this attribute is to allow the administrator to temporarily suspend and then reactivate access, or to permanently remove access, by the domain and all its users to all the services enabled for that domain. This attribute takes one of three values. Supported values are:
Missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Similarly, this attribute is used for calendar services when evaluating status. The status attributes used are: inetDomainStatus, icsStatus (of icsCalendarDomain), either inetResourceStatus or inetUserStatus, and icsStatus (of either icsCalendarResource or icsCalendarUser).
Example
inetDomainStatus=active
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Current status of the mail group: active, inactive, or deleted. Messages are delivered to the members of the mailing list if the status is active. A status of inactive results in a transient failure on messages sent to the mailing list. A status of deleted means that the mailing list can be purged from the directory. Messages sent to this group will return permanent failure messages. A missing value implies status is active. An illegal value is treated as inactive.
There are three status attributes that interact with each other: inetDomainStatus, mailDomainStatus, and inetMailGroupStatus. These are considered in the order just given. The first one with a status of active takes precedence over the setting of all the others.
Example
inetMailGroupStatus=active
Origin
iPlanet Calendar Server 5.1
Object Classes
inetResource
Definition
Current status of resource, with a value of either: active, inactive, or deleted.
There are several status attributes that are evaluated to determine status. They are evaluated in this order: inetDomainStatus, icsStatus (for icsCalendarDomain), inetResourceStatus, icsStatus (for icsCalendarResource). These are considered in the order just given. The first one with a status of active takes precedence over the setting of all the others.
Example
inetResourceStatus = active
Origin
iPlanet Messaging Server 5.0
Object Classes
inetSubscriber
Definition
A unique account ID used for billing purposes.
Example
inetSubscriberAccountId=A3560B0
Origin
iPlanet Messaging Server 5.0
Object Classes
inetSubscriber
Definition
Attribute for storing the challenge phrase used to identify the subscriber. Used in conjunction with the inetSubscriberResponse.
Example
inetSubscriberChallenge=Mother's Maiden Name
Origin
iPlanet Messaging Server 5.0
Object Classes
inetSubscriber
Definition
Attribute for storing the response to the challenge phrase.
Example
inetSubscriberResponse=Mamasita
Origin
iPlanet Messaging Server 5.0
Object Classes
inetUser
Definition
User's primary URL for publishing Web content. This is an informational attribute and may be used in phonebook-type applications. It is not intended to have any operational impact.
Example
inetUserHttpURL=http://www.siroe.com/theotis
Origin
iPlanet Messaging Server 5.0
Object Classes
inetUser
Definition
Specifies the status of a user's account with regard to global server access. This attribute enables the administrator to temporarily suspend, reactivate, or permanently remove access to all services by a specified user account. This attribute takes one of three values:
Missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
For calendar services, the attributes evaluated are: inetDomainStatus, icsStatus (for icsCalendarDomain), inetUserStatus, icsStatus (for icsCalendarUser).
Example
inetUserStatus=inactive
Origin
iPlanet Messaging Server 5.0
Object Classes
inetLocalMailRecipient, icsCalendarResource, icsCalendarUser
Definition
Identifies a user's primary email address (the email address retrieved and displayed by white-pages lookup applications).
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Attribute tells the MMP if the users in this domain have to be preauthenticated. Permitted values are yes or no.
Example
mailAccessProxyPreAuth=yes
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
This attribute tells the Messaging Multiplexor how to reconstruct the login string when replaying the login sequence with the backend mail server. A missing attribute implies that the message access proxies construct the replay string based on the login name used by the client, the domain of the client, and the login separator used for this service. The mailAccessProxyReplay attribute overrides this default behavior when the message access proxy has a different backend server than Sun™ ONE.
The syntax is that of a login string, with the following substitutions:
%U: Login name. That is, the name part of the login string, if it is a {name,domain} compound.
Examples
If the client logs in as hugo and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay=%U@%V, the replayed login string is hugo@yoyo.com.
If the client logs in as hugo, and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay=%[surname]@%V, the replayed login string is the value of the surname attribute of the client.
If the client logs in as hugo+yoyo.com, and the login separator for the service used is +, and mailAccessProxyReplay=%U@%V, the replayed login string is hugo@yoyo.com.
If the client logs in as hugo, and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay is not defined, and the login separator for the service used is +, the replayed login string is hugo+yoyo.com.
OID
2.16.840.1.113730.3.1.763
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailAdministrator
Definition
Specifies the administrative role assigned to the members of the group. The only legal value for this attribute is storeAdmin. The object class that contains this attribute—inetMailAdministrator—is overlaid on a group entry to grant members of a group administrative privileges over part of the mail server. Currently the only privilege group members inherit are rights to perform proxy authentication for any user in the domain. These rights extend over users in the same domain as where the group is defined. To grant such privileges the attribute mailAdminRole must be set to the value storeAdmin.
Example
mailAdminRole=storeAdmin
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Stores access filters (rules). If no rules are specified, then user is allowed access to all services from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:
Access is granted if the client information matches an allow filter for that service.
Access is denied if the client information matches a deny filter for that service.
If no match is made with any allow or deny filters, access is granted, except in the case where there are allow filters but no deny filters. In this case, a lack of match means access is denied. For a full explanation of access filters and an alternate way to control access through the administration console or the config utility, see "Configuring Client Access to POP, IMAP, and HTTP Services" in the iPlanet Messaging Server Administrator's Guide.
Rule Syntax
"+" or "-" <daemon_list>":"<client_list>
+ (allow filter) means the daemon list services are being granted to the client list.
- (deny filter) means the services are being denied to the client list.
daemon_list is a comma separated list of services to which access is being granted or denied.
Legal service names are: imap, imaps, pop, pops, smtp, smtps, and http. Note that the MMP supports imap, imaps, pop, pops, and smtp. The backend supports imap, pop, smtp, and http.
client_list is a comma separated list of clients (domains) to which access is being granted or denied.
Wildcards can be substituted for the client list (domains). The following table shows the legal wildcards and their meanings:
The following wildcards can be used for the daemon list (services): *, ALL.
Except Operator
The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule's daemon list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.
A list is a comma separated list of services or clients.
Example
This example shows a single rule with multiple services and a single wildcard for the client list.
mailAllowedServiceAccess=+imap,pop,http:*
This example shows multiple rules, but each rule is simplified to have only one service name and uses wildcards for the client list.
mailAllowedServiceAccess= +imap:ALL$+pop:ALL$+http:ALL
The second example is probably the most commonly used in Messaging Server LDIF files.
An example of a rule with an EXCEPT operator is:
mailAllowedServiceAccess=-ALL:ALL EXCEPT server1.sesta.com
This example denies access to all services for all clients except those on the host machine server1.sesta.com.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetLocalMailRecipient, pabPerson
Definition
Alternate RFC 822 email address of this recipient. If the MTA receives mail with a "from" header with this email address, it rewrites the header with the value of the mail attribute and routes the email to that inbox. The mailEquivalentAddress attribute works similarly to route the email, but does not rewrite the header.
The local part of the address may be omitted to designate a user/group as the catchall address. A catch-all domain address is an address that will receive mail to a specified domain if the MTA does not find an exact user address match with that domain. Please see details on how a user's primary domain can be overridden by the use of msgVanityDomainUser to designate vanity domains (also known as "lightweight domains") for any user.
Example
mailAlternateAddress=thief@florizel.com
Origin
iPlanet Messaging Server 5.2
Object Classes
inetMailUser
Definition
This attribute can have two values:
spam - When a spam message is found by the anti-UBE service, take the action specified in a system wide configuration option.
virus - When a virus in a message is detected by the anti-UBE service, take the action specified in a system wide configuration option. The customer can choose to use this attribute by specifying in the option.dat file: LDAP_OPTIN=mailAntiUBEService
Example
mailAntiUBEService=virus
Origin
iPlanet Messaging Server 5.0 (for reply mode), iPlanet Messaging Server 5.2 p1 (for echo mode)
Object Classes
inetMailUser
Definition
Specifies the autoreply mode for user mail account. This is one of several autoreply attributes used when autoreply is an active mail delivery option. The two modes for autoreply are:
echo - This mode is not fully implemented (it was partially implemented for iPlanet Messaging Server 5.2 p1) and has been deprecated.
Echo the original message with the added mailAutoReplyText or mailAutoReplyTextInternal to the original sender.
reply - Send a fixed reply, contained in attributes mailAutoReplyText or mailAutoReplyTextInternal, to the original sender.
Example
mailAutoReplyMode=reply
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Subject text of auto-reply response. $SUBJECT can be used to insert the subject of the original message into the response.
Example
mailAutoreplySubject=I am on vacation
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Auto-reply text sent to all senders except users in the recipient's domain. If not specified, external users receive no auto response.
Example
mailAutoreplyText=Please contact me later.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Auto-reply text sent to senders from the recipients domain. If not specified, then internal uses get the mail auto-reply text message.
Example
mailAutoreplyTextInternal=Please contact me later.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Duration, in hours, for successive auto-reply responses to any given mail sender. Used only when mailAutoReplyMode=reply. If value is 0 then a response is sent back every time a message is received. Auto-reply response are sent out only if the recipient is listed in the "to" or "cc:" of the original message.
Example
mailAutoreplyTimeout=48
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
A positive integer value indicating the number of attachments the Messenger Express user can send per message in this domain. A value of -1 means no limit on attachments.
Example
mailClientAttachmentQuota=12
Origin
iPlanet Messaging Server 5.2
Syntax
cis, multi-valued (ASCII string)
Object Classes
inetMailGroup, inetMailUser
Definition
Conversion tags attached to a message to this user or group. Tag specific conversion actions are specified in the MTA configuration.
Origin
iPlanet Messaging Server 5.2
Syntax
cis, single-valued (ASCII string)
Object Classes
inetMailGroup, inetMailUser
Definition
Controls whether or not address expansion of the current user or group entry is performed immediately (value is "No"), or deferred (value is "Yes").
Deferral takes place if the value is "Yes" and the current source channel isn't the reprocess channel. Deferral is accomplished by directing the user or group's address to the reprocess channel. That is, the expansion of the alias is aborted and the original address (user@domain) is queued to the reprocess channel.
This attribute can be set by using the MTA option LDAP_REPROCESS.
If this attribute does not exist, the setting of the deferred processing flag associated with delivery options processing is checked. If it is set, processing is deferred. If is not set, the default for users is to process immediately (as if the value is "No"). The default for groups (such as mailing lists) is controlled by the MTA option DEFER_GROUP_PROCESSING, which defaults to 1 (yes).
Example
mailDeferProcessing=No
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Fully qualified local path of file to which all messages sent to the mailing list are appended. Used in conjunction with mailDeliveryOption=file.
Example
mailDeliveryFileURL=/home/dreamteam/mail_archive
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup, inetMailUser
Definition
Specifies delivery options for the mail recipient. One or more values are permitted on a user/group entry, supporting multiple delivery paths for inbound messages. Values will apply differently depending on whether the attribute is used in inetMailGroup or inetMailUser. Valid values are:
autoreply - Specifies autoreply is turned on for the user. Messages on which the recipient is listed in the "To:" or "Cc:" header fields of the message are sent to the autoreply channel where an autoreply message is generated and sent to the original sender.
forward - Specifies that messages will be forwarded. The forwarding address is specified in the attribute mailForwardingAddress.
hold - A recipient is temporarily halted from receiving messages.
mailbox - Deliver messages to the user's IMAP/POP store.
native - Deliver messages to the user's /var/mail store INBOX. The store is in Berkeley mailbox format. inetMailGroup:
file - Messages are appended to the file specified in the attribute mailDeliveryFileURL.
members - Messages are sent to members of the mailing list. If missing, default=members is assumed.
members_offline - To defer processing for this group, set the attribute to this value, and set the option.dat file option DEFER_GROUP_PROCESSING to zero (0). Both inetMailUser and inetMailGroup:
program - Messages are delivered to a program, which is on the approved list of programs (specified in MTA's configuration). The name of the program is specifed in the attribute mailProgramdeliveryInfo.
Example
mailDeliveryOption=mailbox
mailDomainAllowedServiceAccess
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Stores access filters (rules). If no rules are specified, then domain is allowed access to all services from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:
Access is granted if the client information matches an allow filter for that service.
Access is denied if the client information matches a deny filter for that service.
If no match is made with any allow or deny filters, access is granted, except in the case where there are allow filters but no deny filters. In this case, a lack of match means access is denied. For a full explanation of access filters and an alternate way to control access through the administration console or the config utility, see "Configuring Client Access to POP, IMAP, and HTTP Services" in the iPlanet Messaging Server Administrator's Guide.
Rule Syntax
"+" or "-" <daemon_list>":"<client_list>
+ (allow filter) means the daemon list services are being granted to the client list.
- (deny filter) means the services are being denied to the client list.
daemon_list is a comma separated list of services to which access is being granted or denied.
Legal service names are: imap, imaps, pop, pops, smtp, smtps, and http. Note that the MMP supports imap, imaps, pop, pops, and smtp. The backend supports imap, pop, smtp, and http.
client_list is a comma separated list of clients (domains) to which access is being granted or denied.
Wildcards can be substituted for the client list (domains). The following table shows the legal wildcards and their meanings:
The following wildcards can be used for the daemon list (services): *, ALL.
Except Operator
The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule's daemon list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.
A list is a comma separated list of services or clients.
Example
This example shows a single rule with multiple services and a single wildcard for the client list.
mailDomainAllowedServiceAccess=+imap,pop,http:*
This example shows multiple rules, but each rule is simplified to have only one service name and uses wildcards for the client list.
mailDomainAllowedServiceAccess= +imap:ALL$+pop:ALL$+http:ALL
The second example is probably the most commonly used in Messaging Server LDIF files.
An example of a rule with an EXCEPT operator is:
mailDomainAllowedServiceAccess=-ALL:ALL EXCEPT server1.sesta.com
This example denies access to all services for all clients except those on the host machine server1.sesta.com.
Origin
iPlanet Messaging Server 5.2
Syntax
cis, single-valued (RFC 822 mailbox)
Object Classes
mailDomain
Definition
Specifies an address to be substituted for any address in the domain that doesn't match any user or group in the domain.
Origin
iPlanet Messaging Server 5.2
Syntax
cis, multi-valued (ASCII string)
Object Classes
mailDomain
Definition
One or more conversion tags attached to messages to any user in the domain. Tag specific conversion actions are specified in the MTA configuration. .
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Used for internal monitoring only. Disk quota, for all users in the domain, in bytes. This is used in quota reporting tools and not used for enforcing domain wide quota restrictions.
Example
mailDomainDiskQuota=50000000000
Origin
iPlanet Messaging Server 5.2
Definition
Imposes a size limit in units of MTA blocks on all messages sent to addresses in this domain. This limit doesn't apply to messages sent by users from this domain.
The value of this attribute is overridden by the value of mailMsgMaxBlocks, if set.
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Quota of number of messages permitted for all users in this domain. This is used in quota reporting tools and not for enforcing domain wide quota restrictions.
Example
mailDomainMsgQuota=2000000
Origin
iPlanet Messaging Server 5.2
Syntax
cis, single-valued (RFC 822 mailbox)
Object Classes
mailDomain
Definition
This value is used as the header From: address in DSNs reporting problems associated with recipient addresses in the domain. It is also used when reporting problems to users within the domain regarding errors associated with nonlocal addresses.
If this attribute is not set, the reporting address will default to "postmaster@domain."
Origin
iPlanet Messaging Server 5.2
Syntax
cis, single-valued (RFC 3028 sieve filter)
Object Classes
mailDomain
Definition
Sieve filter for all users in the domain.
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Current status of the mail domain. Can be one of the following values: active, inactive, deleted, or hold. This attribute is the mail service domain status. Missing value implies status is active. An illegal value is treated as inactive.:
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Example
mailDomainStatus=active
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Welcome message sent to new users added to this domain. `$' is a carriage return. BNF syntax of this attribute is:
value:: <subjectline>'$'[<opt_headers>]'$$'<body>
subjectline:: 'Subject:'[<TEXT>]
opt_headers::<header_line>'$'[<opt_headers>]
header_line:: <header_name>':'<TEXT>
header_name:: <TEXT>
body:: [<lines>]
lines:: <line>'$'[<lines>]
line:: <TEXT>
Example
mailDomainWelcomeMessage=Subject: Welcome!!$X-Endorsement: We're good. $$Welcome to the mail system.
Origin
iPlanet Messaging Server 5.2
Syntax
cis, multi-valued (RFC 822 addr-spec)
Object Classes
inetMailGroup, inetMailUser
Definition
Equivalent to mailAlternateAddress in regard to mail routing, except with this attribute, the addresses don't get rewritten to the primary mail address in the header.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
This attribute stores one or more forwarding addresses for inbound messages. Addresses are specified in RFC 822 format. Messages are forwarded to the listed address when mailDeliveryOption=forward is set.
Example
mailForwardingAddress=kokomo@sesta.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetLocalMailRecipient
Definition
Fully qualified host name of the MTA that is the final destination of messages sent to this recipient.
Example
mailHost=mail.siroe.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Specifies the message store partition name for the user. The mapping between the partition name and the file system location of the store is kept in the message store configuration. If not specified, the default store partition specified in the server configuration is used.
Example
mailMessageStore=secondary
Origin
iPlanet Messaging Server 5.2
Object Classes
inetMailGroup, inetMailUser
Definition
The size in units of MTA blocks of the largest message that can be sent to this user or group. The limit doesn't apply to messages sent by the user.
If this attribute is set, it overrides the value of mailDomainMsgMaxBlocks.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Maximum number of messages permitted for a user is set with mailMsgQuota. This is a cumulative count for all folders in the store. Value of 0 (or not specified) means system default quota, -1 means no limit on number of messages. During server configuration, quota enforcement must be turned on for mailMsgQuota to take effect. Both soft and hard quotas can be set (See iPlanet Message Server Administration Guide).
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup,inetMailUser
Definition
Specifies one or more programs used for program delivery. These programs have to be on the approved list of programs that the messaging server is permitted to execute for a domain. The attribute value specifies a reference to a program. That reference is resolved from the approved list of programs. Resolved reference also provides the program parameters and execution permissions. Used in conjunction with the mailDeliveryOption=program. The program approval process is documented further in the iPlanet Messaging Server Administrator's Guide, Chapter 3.
Example
mailProgramDeliveryInfo=procmail
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser, mailDomain
Definition
Specifies, in bytes, the amount of disk space allowed for the user's mailbox. A value of negative one (-1) means no limit on space usage. A value of zero (0) means no disk space allowed for the user's mailbox.
If the value is not specified (the value is a blank), the system default quota is used.The system default is specified in the server configuration parameter store.defaultmailboxquota. Setting the configuration parameter store.quotaenforcement to `on' causes the message store to enforce the quota.
Note In older versions of the Messaging Server, -2 could be used to designate the system default quota. This is no longer the recommended method of specifying the system default quota.
or for the system default quota:
Definition
The first line of text stored in the first value of this attribute is saved. This text is returned if any of the authentication attributes cause the message to be rejected. Since text can appear in SMTP responses, the value is limited to US-ASCII characters in order to comply with messaging standards.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetLocalMailRecipient
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Fully qualified host name of the MTA responsible for making routing decisions for user in this (and all contained) domain(s). Unspecified attribute implies all MTAs must route messages for the users/groups of this (and contained) domain(s).
This attribute is used by the system only if the domain it cares about it listed in the attribute, otherwise it is ignored.
Example
mailRoutingHosts=mail.siroe.com
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Fully qualified host name of a mail server responsible for handling mail for users not found in the local directory. Messages sent to users not found in the messaging server's directory are forwarded to the mail server specified in this attribute. This is useful when making a transition from one mail system to another and all users have not yet been moved over to the messaging server directory. An empty or missing attribute implies the local MTA is responsible for routing and delivering all messages for users in that domain.
This attribute is used by the system only if the domain it cares about is listed in the attribute, otherwise, it is ignored.
Example
mailRoutingSmartHost=mail.siroe.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
The iPlanet Delegated Adminstrator for Messaging provides an interface for modifying this attribute. However, if you add a SIEVE rule without using iPlanet Delegated Adminstrator for Messaging, subsequent use to create/modify SIEVE rules for that user may produce unstable SIEVE rules.
There are two possible forms for the value of this attribute: a single value that contains the complete sieve script (RFC 3028 compliant), and multiple values, with each value containing a piece of the sieve script (not RFC 3028 compliant). The latter form is produced by the Web filter construction interface. Special code is used to order the values and glue them together properly.
A script has the following form:
require ["fileinto", "reject"];
# $Rule Info: Order=(1-infinity, or 0 for disabled) Template=(template-name) Name=(rule name)
if header :is "Sender" "owner-ietf-mta-filters@imc.org"
{ fileinto "filter"; # move to "filter" folder }
if header :is "Subject" "SPAM!"
{ delete }
Multi-valued Form
Multiple Sieve scripts per user can be stored in LDAP. To enable the user interface to handle several smaller rules scripts, rather than one script containing all the user's rules, this attribute takes multiple values (that is, multiple rules). The server looks at every rule in mailSieveRuleSource.
To provide ordering and possible user interface editing information, there is an optional Sieve comment line in each rule. This line has the following format:
# $Rule Info: Order=(1-infinity, or 0 for disabled) Template=(template-name) Name=(rule name)
Only the Order field is used by the messaging server. The other fields are added as markers for fields that might be useful for the user interface. All rules that have a Rule Info line will be processed first by the messaging server. If Order=0, then this rule is not used in the Sieve evaluation. Otherwise, the rules are processed in the order provided (1 having highest priority). To accommodate Sieve rules that might not have been entered using the Rule Info extension, any other rules found are run by the server, in order received from LDAP after all rules with corresponding order values have been processed.
Example
mailSieveRuleSource:
require ["fileinto", "reject", "redirect", "discard]
if header :contains "Subject" "New Rules Suggestion
{redirect "rules@sesta.com" # Forward message }
if header :contains "Sender" "porn.com"
{discard text:
Your message has been rejected. Please remove this address from your mailing list. # Reject message, send reply message.}
if size :over 1M
{ reject text:
Please do not send me large attachments.
Put your file on a server and send me the URL.
Thank you. # Discard message, send reply message.}
if header :contains "Sender" "barkley@sesta.com
{ fileinto complaints.refs # File message}
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Most commonly, this attribute is a factor involved in setting up guaranteed message delivery, or in setting up other special classes of service. When defined, this attribute tells the MTA to consider the channel named by this attribute to be the effective submission channel, if the SMTP AUTH is successful.
Example
mailSMTPSubmitChannel=tcp_tas
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
Stores one of the following mail user states (missing value implies status is inactive):
Missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Origin
iPlanet Messaging Server 5.0
Object Classes
ipUser
Definition
Specifies the maximum number of personal address book entries users are permitted to have in their personal address book store. A value of -1 implies there is no limit. If this attribute is not present then the system default specified in the personal address book configuration is used.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetAdmin, inetUser
Definition
Specifies the DN of a mailing list to which a user belongs. Indicates group membership as a backpointer.
Example
memberOf=cn=Administrators,ou=groups o=sesta.com,o=siroe-isp.com
Origin
iPlanet Messaging Server 5.0
Object Classes
ipUser
Definition
Specifies the DN of the family account of which this user is a member.
Example
memberOfManagedGroup=cn=Addams Family, ou=groups,o=sesta.com,o=isp
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson, pabGroup
Definition
The unique name (un) of the personal address book(s) in which this entry belongs.
Example
abab=addressbook122FA7
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson
Definition
Unique name of the personal group(s) in which this user belongs.
Example
memberOfPabGroup=testgroup15577F2D
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Definition
Domain name(s) or email addresses of users allowed to subscribe to this mailing list.
Example
mgmanAllowSubscribe=sestsa.com (every user at sesta.com would be able to subscribe to the list)
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Definition
Domain name(s) or email addresses of users not allowed to subscribe to this list. The mgmanDenySubscribe attribute takes precedence over mgmanAllowSubscribe.
Example
mgmanDenySubscribe=siroe.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Definition
A boolean flag specifying whether or not the group should appear in lists that are requested by people other than the group owners. A value of true corresponds with a hidden group, that is, the list is not visible. A value of false means that the list is visible. A missing value is the same as a value of false.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Definition
Specifies who can subscribe to the group. The allowed values are ANYONE, ALL, and NONE (If this attribute is not specified, the default is NONE):
ANYONE - Enables anyone to subscribe.
ALL - Enables anyone authenticated to the directory (or iPlanet Delegated Adminstrator for Messaging) to subscribe.
NONE - Only owner can add members to a closed distribution list.
Example
mgmanJoinability=All
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Definition
Defines who has rights to view the group membership list (expand the group). Like the attribute mgmanJoinability, this attribute has the keyword values: none, all, true ,anyone. No matter what the setting of this attribute, group owners always retain the right to view (and modify) membership.
This attribute is checked in the case of group expansion as part of an SMTP EXPN command.
Unrecognized values are interpreted as none.
Example
mgmanMemberVisibility=all
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Definition
Example
OID
2.16.840.1.113730.3.1.794
Origin
Netscape Messaging Server
Object Classes
inetMailGroup
Definition
Each attribute value specifies a header field that is to be added to the message header if it is present.
For MTA, the values of this attribute are headers. This values of this attribute are used to set header trimming ADD options.
Example
mgrpAddHeader=Reply-To: thisgroup@sesta.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Identifies mail users allowed to send messages to the mail group. The Messaging Server expects this attribute to contain either a distinguished name or an RFC822address using an LDAP URI or a mailto address (see example). If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain and mgrpDisallowedDomain attributes are used.
If multi-valued, each URL is expanded into a list of addresses and each address is checked against the current envelope "from" address. The message is allowed if there is a match.
Example
mgrpAllowedBroadcaster: ldap:///uid=bjensen, o=siroe.com
mgrpAllowedBroadcaster: mailto:sys50@siroe.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Identifies domains (including subdomains) from which users are allowed to send messages to the mail group. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster, and mgrpDisallowedDomain attributes are used.
Example
mgrpAllowedDomain=siroe.com
This matches any user sending from *.siroe.com.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Specifies a password needed to post to the list. The value of this attribute is saved if the mgrpBroadcasterPolicy attribute is set to require a password. It is checked against the Approved: field once the header is available. The Approved: field will be removed from the header once the check is complete.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Policy for determining allowed broadcaster. It specifies the level of authentication requires to access the list of broadcaster addresses. The allowed values are:
AUTH_REQ, SMTP_AUTH_REQUIRED
In order to post to the list, the sender must be authenticated using the SMTP AUTH command.
PASSWORD_REQUIRED, PASSWD_REQUIRED, PASSWD_REQ
All values mean the password to the broadcaster list, specified by the mgrpAuthPassword attribute, must appear in an Approved: header field in the message.
NO_REQUIREMENTS
This value means no special requirements apply.
Example
mgrpBroadcasterPolicy=AUTH_REQ
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Used as an alternative method of specifying mail group membership. The values of this attribute are a list of URLs, which, when expanded, provides mailing list member addresses.
Messaging Server expects this attribute to contain an LDAP URL using the format described in RFC 1959. Any entries returned by the resulting LDAP search are members of the mailing group. This is used to create a dynamic mailing list.
Example
mgrpDeliverTo=ldap:///ou=Accounting,o=Sesta,c=US??sub?
(&(objectClass=inetMailUser)(objectClass=inetOrgPerson))
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Identifies mail users not allowed to send messages to the mail group. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain and mgrpDisallowedDomain attributes are used.
Messaging Server expects this attribute to contain either a distinguished name or an RFC822address. If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. The distinguished name must be represented in the form of an LDAP URL as described in RFC 1959.
If multi-valued, each URL is expanded into a list of addresses and each address is checked against the current envelope "from" address. The message is disallowed if there is a match.
Example
mgrpDisallowedBroadcaster=ldap:///uid=bjensen, o=sesta.com
mgrpDisallowedBroadcaster=mailto:sys50@sesta.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Identifies domains from which users are not allowed to send messages to the mail group. This attribute is a private extension used by Messaging Server to manage mailing lists. If this attribute exists, then messages from listed domains are rejected. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster, and mgrpAllowedDomain attributes are used.
Example
mgrpDisallowedDomain=florizel.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Recipient of error messages generated when messages are submitted to this list. Recipient's address can be specified using the mailto syntax, which includes an RFC 822 email address preceded by the keyword "mailto:" or simply an RFC 822 email address. Also supports LDAP URL syntax. However, if an LDAP URL is used, it must be one that produces a single address.
The envelope originator address is set to the value of this attribute.
Examples:
Example 1: mgrpErrorsTo=mailto:jordan@siroe.com
Example 2: mgrpErrorsTo=ldap:///uid=ofanning,ou=people,o=siroe.com,o=isp
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
LDAP URI or mailto URL identifying the moderators allowed to submit messages to this list. Only those messages that are submitted by the moderator are sent to the members of this list. Messages submitted by others are forwarded to the moderators for approval and resubmitting.
The URLs given as the value of this attribute are expanded into a series of addresses, and then compared with the envelope "from" address. If there is a match, group processing continues. If there is no match, the value of this attribute becomes the group URL, any list of RFC 822 addresses or DNs associated with the group is cleared, the delivery options for the group are set to "members," and there is no further group processing for the failed URL.
Example
mgrpModerator=jordan@sesta.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Maximum message size in bytes that can be sent to the group. Messaging Server expects zero or one instance of this attribute to exist for every mailGroup entry. If no entry exists, then no size limit is imposed on mail to the group.
This attribute is obsolete, but still supported for backwards compatibility. Use mailMsgMaxBlocks instead.
Syntax
UTF-8 text, single-valued
Object Classes
inetMailGroup
Definition
Specifies the text to be added to the beginning of the message text. You must supply the formatting. That is, you must insert CRLF where they belong in the text.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Specifies the error text to use int he event of a group access failure. Because this text may appear in SMTP responses, this restricts the text to a single line of US-ASCII. This is implemented by reading only the first line of text in this attribute and using it only if it contains no 8-bit characters. (This is a limitation of the SMTP protocol.)
Syntax
UTF-8 text, single valued
Definition
Specifies the text to appended to the text message. You must supply the formatting. That is, you must insert any CRLFs (carriage return, line feeds) that belong in the text.
Origin
iPlanet Messaging Server 5.0, not implemented going forward for iPlanet Messaging Server 5.2
Object Classes
inetMailGroup
Definition
This attribute is no longer supported. Duplicate checking is controlled by characteristics of the lists themselves. Some lists combine and some lists don't.
Old definition: Prevents Messaging Server from checking for duplicate delivery to members of the mail group. Prevents multiple deliveries if a user is on multiple lists. No means the system checks for duplicate delivery. Yes means the system does not check for duplicate delivery.
Example
mgrpNoDuplicateChecks=yes
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Each attribute value specifies a header field that is to be removed from the message header if it is present.
For MTA, the values of this attribute are used to set the header trimming MAXLINES=-1 option.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
LDAP URL or mailto identifying the recipient(s) of request-to-be-added messages. A new alias is generated for distribution lists with this attribute. This alias is of the form: distribution_list_name-request@domain and the messages sent to this alias are forwarded to the recipients listed in mgrpRequestsTo.
Example
mgrpRequestsTo=jordan@sesta.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroup
Definition
Identifies recipients of mail sent to mail group. Mail sent to both this attribute and uniqueMember attributes are not members of the mixed-in groupOfUniqueNames. This attribute represents mail recipients that cannot be expressed as distinguished names, or who are to be sent mail from this group but who do not have the full privileges of a unique group member. Messaging Server expects this attribute to contain RFC 822 mail addresses. Generally used for group members who are not in the local directory.
For backwards compatibility, rfc822MailMember is also supported, but only one of these attributes can be used in any given group.
Example
mgrpRFC822MailMember=bjensen@siroe.com
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Definition
DN of the user who is responsible for paying the bills for this family account or group of users.
Example
mnggrpBillableUser:uid=John,ou=people,o=sesta.com,o=isp
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Definition
Current number of users allowed in the managed group. Intended for reporting purposes only. No operational impact.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Definition
Cumulative disk quota allowed for all users in the managed group. A value of -1 specifies that there is no limit on space used by users in the managed group. Intended for reporting purposes only. No operational impact.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Definition
Maximum number of users allowed in the managed group.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Origin
iPlanet Messaging Server 5.0
Object Classes
msgVanityDomainUser
Definition
This attribute and the object class using it are deprecated in the current release, and may not be supported in future releases. Sites should stop using this feature and consider migrating current vanity domains to hosted domains.
Vanity domain name associated with the user. Used only for routing purposes by the MTA. Users still have a primary domain associated with their account and they use that domain to log into the message access services. However, this attribute enables them to have email addresses in the namespace represented by the vanity domain name.
Example
If msgVanityDomain=sesta.com, the user can have an address where the domain part is @sesta.com.
OID
2.16.840.1.113730.3.1.799
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailGroupManagement
Definition
Detailed description of the distribution list. A dollar sign ("$") creates a new line.
Example
multiLineDescription=People who like cats. $And are ambivalent about people.
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson, pabGroup
Definition
Identifies the short name used to locate a pabPerson or a pabGroup entry.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDomain
Definition
Specifies the default size (in number of users) of a newly created department managed by delegated administrator.
Example
nsDefaultMaxDeptSize=20
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDept, nsManagedDomain
Definition
Specifies the maximum number of group entries that can be created under this object.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDomain
Definition
Specifies the maximum number of suborganizations allowed to be created under this object.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDomain
Definition
Specifies the maximum number of mailing lists that can be created under this entry.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDept
Definition
Specifies the maximum number of users that can be created under this entry.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDept, nsManagedDomain
Definition
Tracks the number of nested departments that exist under this object.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDomain
Definition
Tracks the number of suborganizations that exist under this object.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDomain
Definition
Tracks the number of mail lists that exist under this object.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedDept, nsManagedDomain
Definition
Tracks the number of users that can be created under this object.
Object Classes
nsManagedPerson
Definition
Reserved for future development.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedPerson
Definition
Specifies whether a user can create a mail list.
Origin
iPlanet Messaging Server 5.0
Object Classes
nsManagedPerson
Definition
Specifies the user's organization.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup,nsManagedDept, nsManagedDomain
Definition
Specifies who has modify access to the object in which this attribute appears. DN of the administrator's group used with ACIs to grant rights to manage other groups.
Example
nsdaModifiableBy=cn=service administrators,ou=group,o=isp
Origin
Netscape™ Calendar Hosting Server
Object Classes
icsCalendarUser
Definition
Lists the calendar protocols not allowed to be used by this user.
Origin
iPlanet Messaging Server 5.0
Object Classes
inetMailUser
Definition
This attribute holds the pairs that define Messenger Express preferences such as sort order, Mail From address, and so on. Each instance of this attribute is the tuple pref_name=pref_value. This is a proprietary syntax and the example below is for illustrative purposes only.
Example
Example 1: nswmExtendedUserPrefs=meColorSet=4
Example 2: nswmExtendedUserPrefs=meSort=r
Example 3: nswmExtendedUserPrefs=meAutoSign=True
Example 4: nswmExtendedUserPrefs=meSignature=Otis
Fanning$ofanning@sesta.com
Example 5: nswmExtendedUserPrefs=meDraftFolder=Drafts
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson
Definition
Name of the user's company or organization. Abbreviation of organizationName.
Example
organizationName=Company22 Incorporated
Object Classes
inetAdmin, nsManagedDept
Definition
Specifies the objects for this object class.
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson
Definition
Name of the user's company or organization. Same as o.
Example
organizationName = Company22 Incorporated
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson
Definition
Name of the organizational unit to which the user belongs. Abbreviation for organizationalUnitName.
Example
organizationUnitName=docs
Origin
iPlanet Messaging Server 5.0
Object Classes
inetManagedGroup
Definition
Identifies the distinguished name (DN) of the person or group with administrative privileges over the entry.
Example
owner= cn=John Smith, o=Sesta, c=US
Origin
iPlanet Messaging Server 5.0
Object Classes
ipUser
Definition
LDAP URI specifying the container of the personal address book entries for this user. It takes the following form: ldap://server:port/container_dn, where:
server - Host name of the personal address book LDAP server.
port - Port of the personal address book LDAP server.
container_dn - DN of the subtree where all PAB entries for the user are created.
Example
pabURI=ldap://ldap.siroe.com:389/ou=ed,ou=people,o=sesta.com,o=isp,o=pab
Object Classes
icsCalendarResource
Definition
Identifies the entry's mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($).
To represent an actual dollar sign ("$") or back slash ("\") within this text, use the escaped hex values, \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found
in the c:\cost file.
The dollar(\24) value can be found$in the c:\5ccost file.
Example
postalAddress = 123 Oak Street$Anytown, CA$90101
Origin
iPlanet Messaging Server 5.0, iPlanet Calendar Server 5.1
Syntax
RFC 2798, cis, single-valued
Object Classes
icsCalendarUser, mailDomain, inetMailGroup
Definition
Preferred written or spoken language for a person. The value for this attribute should conform to the syntax for HTTP Accept-Language header values.
Example
preferredLanguage = fr, en-gb;q=0.8, en;q=0.7
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Used by Delegated Administrator to set the mailHost attribute of newly created users and groups in this mail domain.
Example
preferredMailHost=mail.siroe.com
Origin
iPlanet Messaging Server 5.0
Object Classes
mailDomain
Definition
Used by Delegated Administrator for Messaging to set the mailMessageStore attribute of newly created users. If missing, Delegate Administrator leaves the mailMessageStore attribute empty and the access server assumes that the user's mailbox is in the default partition of the server instance.
Object Classes
groupOfUniqueNames
Definition
Identifies another LDAP entry that may contain information related to this entry.
Example
seeAlso=cn=Quality Control Inspectors, ou=manufacturing, o=Company22, c=US
Object Classes
icsCalendarUser
Definition
Identifies the entry's surname, also referred to as last name or family name.
Object Classes
domain
Definition
Identifies the entry's phone number.
Example
telephoneNumber = 800-555-1212
Object Classes
icsCalendarResource, icsCalendarUser
Definition
Identifies the entry's userid. Abbreviation of userid.
Origin
iPlanet Messaging Server 5.0
Object Classes
pabPerson, pabGroup, pab
Definition
Unique name assigned to PAB entry. This is also the naming attribute for entries created by this object class and is used to form the DN of all PAB entries, irrespective of the type (pab, pabPerson, or pabGroup).
Origin
iPlanet Messaging Server 5.0
Object Classes
groupOfUniqueNames
Definition
Identifies a member of a group of names where each name was given a uniqueIdentifier to ensure its uniqueness. A value for the uniqueMember attribute is a DN followed by the uniqueIdentifer. (uniqueIdentifers are assigned by the server when a DN has been reused and is intended to detect instances of a reference to a DN that has been deleted.)
Example
In the example below, the uniqueIdentifier is AAAAA.
uniqueMember=cn=Jane Doe, ou=Quality Control, o=Company22, AAAAA
Object Classes
domain
Definition
This attribute identifies the entry's password and encryption method in the following format:
{encryption method}encrypted password
Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality. Transfer of cleartext may result in disclosure of the password to unauthorized parties.
Example
userPassword={sha}FTSLQhxXpA05
Origin
iPlanet Messaging Server 5.0
Object Classes
userPresenceProfile
Definition
Vacation end date and time. Date is in the following format: YYYYMMDDHHMMSSZ; where YYYY is the four digit year, MM is the two digit month, DD is the two digit day, HH is the two digit hour, and SS is the two digit second. Time is normalized to GMT. Z is the character Z.
When the current date falls outside the range of dates specified by the attributes vacationStartDate and vacationEndDate, then any delivery options (in the DELIVERY_OPTIONS list) prefixed with "^" are removed from the active set of options. For example, if one of the DELIVERY_OPTIONS is "^*autoreply" and today's date falls outside the vacation date range, then the option is removed from the active options list. Otherwise, the autoreply delivery option is activated.
Example
vacationEndDate=20000220000000Z
Origin
iPlanet Messaging Server 5.0
Object Classes
userPresenceProfile
Definition
Vacation start date and time. Date is in the following format: YYYYMMDDHHMMSSZ; where YYYY is the four digit year, MM is the two digit month, DD is the two digit day, HH is the two digit hour, and SS is the two digit second. Time is normalized to GMT. Z is the character Z.
Example
vacationStartDate=20000215000000Z
Previous Contents Index Next
Copyright 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated May 08, 2003