When a user attempts to log in to a Java ES service, the service performs LDAP authentication to determine whether the user is authorized to use the service. LDAP authentication examines the user’s LDAP data for the specific object classes and attributes that indicate that the user is authorized to access the service.
If the user’s LDAP data contains those specific object classes and attributes the user is logged in.
If the user’s LDAP data does not contain those object classes and attributes, the user’s login is rejected.
Each Java ES service has its own set of object classes and attributes for authentication.
Adding attributes and object classes is known as extending the schema. For the evaluation solution, the LDAP object classes and attributes used to authenticate mail and calendar services are added to the o=examplecorp.com,o=examplecorp organization before a test user account is created in the organization.
This section describes how to extend your LDAP organization’s schema with the object classes and attributes used to authenticate messaging, calendar, and portal services.
This procedure shows you how to add the LDAP attributes and object classes needed for mail and calendar authentication to the o=examplecorp.com,o=examplecorp organization. For a summary of the command syntax, see Delegated Administrator Command Line Details.
Change directory to the Delegated Administration Utility directory:
cd /opt/SUNWcomm/bin |
Use the commadmin domain modify command to extend your LDAP organization:
./commadmin domain modify -D admin -w password -d examplecorp.com -S mail -H evaluation_host -S cal -B evaluation_host -P allowProxyLogin:yes -T America/Los_Angeles |
You might be prompted to Enter DNS Domain Name. If this happens, type your evaluation_domain and press Enter.