da.provider.skeleton.ldif 文件(相关部分)
#
# The following parameterized values must be replaced.
#
# <ugldapbasedn> :: Root suffix for user/group data
# <maildomain_dn> :: Complete dn of the mail domain underneath
# which the provider organization will be
# created.
# <maildomain_dn_str> :: The maildomain dn with all ',' replaced
# by '_'. E.g.
# dn --\> o=siroe.com,o=SharedDomainsRoot,
# o=Business,dc=red,dc=iplanet,dc=com
# dn_str --> o=siroe.com_o=SharedDomainsRoot_
# o=Business_dc=red_dc=iplanet_dc=com
# <providerorg> : Organization value for provider node.
# <servicepackage> :: One for each service package to include.
# All service packages in the system
# may be assigned by leaving this value empty.
# <domain_name> :: One for each DNS name which may be assigned
# to a subordinate organization.
# These names form a proper subset (some or
# all) of the names listed in the <maildomain>
# organization's sunpreferreddomain
# and associateddomain attributes.
# <provider_sub_org> :: Organization value for the shared subordinate
# organization in which the Provider
# Administrator resides.
# <preferredmailhost> :: Name of the preferred mail host for the
# provider's subordinate organization.
# <available_domain_name> :: one for each DNS name that an organization
# allows an organization admin to use when
# creating a user's mail address. This is
# a proper subset of the values given for
# <domain_name> (sunAssignableDomains attribute).
# <available_services> :: One for each service packags available to an
# organization (sunAvailableServices attribute).
# These service packages form a proper subset
# of the ones assigned to a provider organization
# - <servicepackage> (sunIncludeServices
# attribute). Form is
# <service package name>:<count>
# where count is an integer. If count is absent
# then default is unlimited.
# <spa_uid> :: The uid for the service provider administrator.
# <spa_password> :: The password for the service provider
# administrator.
# <spa_firstname> :: First name of the service provider
# administrator.
# <spa_lastname> :: Last name of the service provider
# administrator.
# <spa_servicepackage> :: Service package assigned to the service
# provider administrator.
# <spa_mailaddress> :: The spa's mail address. The domain part of the
# mail address must be one of the values used for
# <available_domain_name>.
#
#
# Provider Organization
#
dn: o=<providerorg>,<maildomain_dn>
changetype: add
o: <providerorg>
objectClass: top
objectClass: sunismanagedorganization
objectClass: sunmanagedorganization
objectClass: organization
objectClass: sunManagedProvider
sunAllowBusinessOrgType: full
sunAllowBusinessOrgType: shared
sunBusinessOrgBase: o=<providerorg>domainsroot,<ugldapbasedn>
sunIncludeServices: <servicepackage>
sunAssignableDomains: <domain_name>
sunAllowMultipleDomains: true
sunAllowOutsideAdmins: false
sunProviderOrgDN: o=<provider_sub_org>,o=<providerorg>,<maildomain_dn>
# .
# .
# [Entries and ACIs required by Access Manager]
# .
# .
#
# Full Organizations node
#
dn: o=<providerorg>DomainsRoot,<ugldapbasedn>
changetype: add
o: <providerorg>DomainsRoot
objectClass: top
objectClass: organization
objectClass: sunmanagedorganization
# .
# .
# [Entries and ACIs required by Access Manager]
# .
# .
#
# Provider Admin Role shared organizations
#
dn: cn=Provider Admin Role,o=<providerorg>,<maildomain_dn>
changetype: add
cn: Provider Admin Role
objectClass: ldapsubentry
objectClass: nssimpleroledefinition
objectClass: nsroledefinition
objectClass: nsmanagedroledefinition
objectClass: iplanet-am-managed-role
objectClass: top
iplanet-am-role-description: Provider Admin
#
# Provider Admin Role full organizations
#
dn: cn=Provider Admin Role,o=<providerorg>DomainsRoot,<ugldapbasedn>
changetype: add
cn: Provider Admin Role
objectClass: ldapsubentry
objectClass: nssimpleroledefinition
objectClass: nsroledefinition
objectClass: nsmanagedroledefinition
objectClass: iplanet-am-managed-role
objectClass: top
iplanet-am-role-description: Provider Admin
#
# Shared Subordinate Organization. Includes 1 user who is
# the Provider Administrator.
#
dn: o=<provider_sub_org>,=<providerorg>,<maildomain_dn>
changetype: add
preferredMailHost: <preferredmailhost>
sunNameSpaceUniqueAttrs: uid
o: <provider_sub_org>
objectClass: inetdomainauthinfo
objectClass: top
objectClass: sunismanagedorganization
objectClass: sunnamespace
objectClass: sunmanagedorganization
objectClass: organization
objectClass: sunDelegatedOrganization
objectClass: sunMailOrganization
sunAvailableDomainNames: <available_domain_name>
sunAvailableServices: <available_services>
sunOrgType: shared
sunMaxUsers: -1
sunNumUsers: 1
sunMaxGroups: -1
sunNumGroups: 0
sunEnableGAB: true
sunAllowMultipleServices: true
inetDomainStatus: active
sunRegisteredServiceName: GroupMailService
sunRegisteredServiceName: DomainMailService
sunRegisteredServiceName: UserMailService
sunRegisteredServiceName: iPlanetAMAuthService
sunRegisteredServiceName: UserCalendarService
sunRegisteredServiceName: iPlanetAMAuthLDAPService
sunRegisteredServiceName: DomainCalendarService
# .
# .
# [Entries and ACIs required by Access Manager]
# .
# .
dn: ou=People,o=<provider_sub_org>,o=<providerorg>,<maildomain_dn>
changetype: add
ou: People
objectClass: iplanet-am-managed-people-container
objectClass: organizationalUnit
objectClass: top
dn: ou=Groups,o=<provider_sub_org>,o=<providerorg>,<maildomain_dn>
changetype: add
ou: Groups
objectClass: iplanet-am-managed-group-container
objectClass: organizationalUnit
objectClass: top
# .
# .
# [Entries and ACIs required by Access Manager]
# .
# .
#
# User - provider administrator
#
dn: uid=<spa_uid>,ou=People,o=<provider_sub_org>,o=<providerorg>, \
<maildomain_dn>
changetype: add
sn: <spa_lastname>
givenname: <spa_firstname>
cn: <spa_firstname> <spa_lastname>
uid: <spa_uid>
iplanet-am-modifiable-by: cn=Top-level Admin Role,<ugldapbasedn>
objectClass: inetAdmin
objectClass: top
objectClass: iplanet-am-managed-person
objectClass: iplanet-am-user-service
objectClass: iPlanetPreferences
objectClass: person
objectClass: organizationalPerson
objectClass: inetuser
objectClass: inetOrgPerson
objectClass: ipUser
objectClass: inetMailUser
objectClass: inetLocalMailRecipient
objectClass: inetSubscriber
objectClass: userPresenceProfile
objectClass: icsCalendarUser
mailhost: <preferredmailhost>
mail: <spa_mailaddress>
maildeliveryoption: mailbox
mailuserstatus: active
inetCos: <spa_servicepackage>
inetUserStatus: Active
nsroledn: cn=Provider Admin Role,o=<providerorg>,<maildomain_dn>
userPassword: <spa_password>