Sun Java System Communications Services 6 2004Q2 Schema Reference |
Chapter 5
iPlanet Delegated Administrator for Messaging Classes and AttributesThis chapter describes LDAP object classes and attributes for iPlanet Delegated Administrator for Messaging implementing LDAP Schema 1. The objects and attributes are listed alphabetically.
The chapter is divided into two sections:
Object ClassesThis chapter describes the following object classes used by Delegated Administrator and those object classes only used in LDAP Schema 1.
inetDomainOrgSupported by
Messaging Server 5.0
Definition
Used for LDAP Schema 1. Auxiliary class for supporting a Delegated Manager for Messaging managed domain organization.
This object class is used in conjunction with the structural class organization to define a domain organization. A domain organization is usually created as a way of introducing hierarchy beneath a customer subtree and assigning administrators for that domain organization. To create a suborganization beneath the parent tree and designate a set of administrators for that suborganization, you would create a domain organization node by using organizationalUnit and inetDomainOrg object classes. For example, siroe.com could have a customer subtree with the DN:
ou=east,o=siroe.com,o=basedn.
How to provision a domain organization for LDAP Schema 1 is described in the iPlanet Messaging Server 5.2 Provisioning Guide.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.132
Required Attributes
N/A
Allowed Attributes
domOrgMaxUsers, domOrgNumUsers
inetMailGroupManagementSupported by
Messaging Server 5.0
Definition
Used for LDAP Schema 1 only. Used to extend the base entry created by groupOfUniqueNames. inetMailGroupManagement is used to store attributes for managing a distribution list by using Delegated Administrator for Messaging. This object class is used in conjunction with inetMailGroup and inetLocalMailRecipient. The attributes in this object class have no operational impact on the messaging server’s MTA or message access/message store.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.149
Required Attributes
N/A
Allowed Attributes
mgrpAddHeader, mgmanDenySubscribe, mgmanGoodbyeText, mgmanHidden, mgmanIntroText, mgmanJoinability, mgmanMemberVisibility, mgmanVisibility, multiLineDescription
inetManagedGroupSupported by
Messaging Server 5.0
Definition
Used to define a managed group. If a managed group is just a department or family group, then the structural class to use is top, but it can also be used to make a statically defined group (from groupOfUniqueNames) and make that a managed group.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.137
Required Attributes
Allowed Attributes
description, mnggrpAdditionPolicy, mnggrpBillableUser, mnggrpCurrentUsers, mnggrpDeletionPolicy, mnggrpMailQuota, mnggrpMaxUsers, mnggrpStatus, mnggrpUserClassOfServices, nsdaModifiableBy, owner
nsManagedDeptSupported by
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Definition
This object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Stores information for a non-administrator group.
Superior Class
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.88
Required Attributes
N/A
Allowed Attributes
nsMaxDepts, nsMaxUsers, nsNumDepts, nsNumUsers, nsdaModifiableBy, owner
nsManagedDeptAdminGroupSupported by
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Definition
This object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Stores information for a group of administrators for iPlanet Delegated Administrator.
Superior Class
top
Object Class Type
OID
2.16.840.1.113730.3.2.111
Required Attributes
Allowed Attributes
N/A
nsManagedDomainSupported by
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Definition
This object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Used only for versions of Messaging Server using iPlanet Delegated Administrator. It contains information necessary to administer domains.
Superior Class
top
Object Class Type
OID
2.16.840.1.113730.3.2.86
Required Attributes
Allowed Attributes
nswcalDisallowAccess, nsMaxDepts,nsMaxDomains, nsMaxMailLists, nsMaxUsers, nsNumDepts, nsNumDomains, nsNumMailLists, nsNumUsers, nsdaModifiableBy, owner
nsManagedFamilyGroupSupported by
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2
Definition
This object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Stores information for a family group managed by a delegated administrator. The family group is like a Group, with a few differences. It was added primarily to support Delegated Administrator deployments using Sun Internet Message Service (SIMS) 4.0.
Superior Class
top
OID
2.16.840.1.113730.3.2.89
Required Attribute
Allowed Attributes
nsMaxUsers, nsNumUsers, nsdaModifiableBy, owner
nsManagedISPSupported by
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2
Definition
This object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Tracks the number of sub-organizations that can be created under this object.
Superior Class
top
OID
2.16.840.1.113730.3.2.85
Required Attribute
Allowed Attributes
nsManagedMailListSupported by
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2
Definition
This object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Stores information for a mail list created by enabled users. A mail list must contain this object class in order to be managed by Delegated Administrator.
Superior Class
top
Object Class Type
OID
2.16.840.1.113730.3.2.90
Required Attributes
Allowed Attributes
nsMaxUsers, nsNumUsers, nsdaModifiableBy, owner
nsManagedOrgUnitSupported by
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Definition
This object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Stores information for a Delegated Administrator managed organizational unit.
Superior Class
top
OID
2.16.840.1.113730.3.2.87
Required Attributes
Allowed Attributes
nsManagedPersonSupported by
Messaging Server 5.0; deprecated for Messaging Server 6.0 with LDAP Schema 2
Definition
This object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Stores information about a user. A user entry must contain this object class in order to be managed by Delegated Administrator.
Superior Class
top
Object Class Type
OID
2.16.840.1.113730.3.2.91
Required Attributes
Allowed Attributes
memberOf, nsdaCapability, nsdaDomain, nsSearchFilter, nsdaModifiableBy, owner
nsUniquenessDomainSupported by
Messaging Server 5.0; deprecated for Messaging Server 6.0 with LDAP Schema 2
Definition
LDAP Schema 1 object class in support of Delegated Administrator for Messaging. If you are still using LDAP Schema 1, then this object is still valid; otherwise it is deprecated.
This object class is a marker to identify the subtree where the uniqueness of uid should be enforced. The uid uniqueness plugin used this to determine the scope or sphere of influence for enforcing uniqueness.
Superior Class
top
OID
2.16.840.1.113730.3.2.115
Required Attributes
Allowed Attributes
N/A
Attributes
domainUidSeparatorOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute is used only for LDAP Schema 1.
This attribute is used by the messaging server to override the default mailbox (MB) home. When present, this attribute specifies that compound user identifications (UIDs) are used in this domain and this attribute specifies the separator. For instance, if + is the separator, the mailbox names in this domain are obtained by replacing the right most occurrence of + in the uid with @. To map an internal mailbox name to the UID, the right most occurrence of @ is replaced with a + in the mailbox name.
While substitution of an @ for the UID separator is sufficient to generate a mailbox name, this may not be the same as any of the user’s actual email addresses.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_UID_SEPARATOR.
Example
domainUIDSeparator: #
OID
2.16.840.1.113730.3.1.702
domOrgMaxUsersOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute is used only for LDAP Schema 1.
Maximum number of user entries in a domain organization.
Example
domOrgMaxUser: 500
OID
2.16.840.1.113730.3.1.697
domOrgNumUsersOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Number of current user entries in a domain organization.
Example
domOrgNumUsers: 345
OID
2.16.840.1.113730.3.1.698
memberOfManagedGroupOrigin
Messaging Server 5.0
Syntax
dn, single-valued
Object Classes
Definition
Family accounts are not supported in LDAP Schema 2. Use this only if you are using LDAP Schema 1.
Specifies the DN of the family account of which this user is a member.
Example
memberOfManagedGroup: cn=Addams Family, ou=groups,o=sesta.com,o=isp
OID
2.16.840.1.113730.3.1.704
mgmanAllowSubscribeOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Domain name(s) or email addresses of users allowed to subscribe to this mailing list.
Example
mgmanAllowSubscribe:sesta.com (Every user at sesta.com would be able to subscribe to the list.)
OID
2.16.840.1.113730.3.1.790
mgmanDenySubscribeOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Domain name(s) or email addresses of users not allowed to subscribe to this list. The mgmanDenySubscribe attribute takes precedence over mgmanAllowSubscribe.
Example
mgmanDenySubscribe:siroe.com
OID
2.16.840.1.113730.3.1.791
mgmanGoodbyeTextOrigin
Messaging Server 5.0
Syntax
cis, single valued
Object Classes
Definition
Reserved.
Example
TBD.
OID
2.16.840.1.113730.3.1.797
mgmanHiddenOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Used with iPlanet Delegated Administrator for Messaging only.
A boolean flag specifying whether or not the group should appear in lists that are requested by people other than the group owners. A value of true corresponds with a hidden group, that is, the list is not visible. A value of false means that the list is visible. A missing value is the same as a value of false.
Example
mgmanHidden:true
OID
2.16.840.1.113730.3.1.792
mgmanIntroTextOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Reserved.
Example
TBD.
OID
2.16.840.1.113730.3.1.796
mgmanJoinabilityOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Used for LDAP Schema 1 only. Specifies who can subscribe to the group. The allowed values are ANYONE, ALL, and NONE (If this attribute is not specified, the default is NONE):
Example
mgmanJoinability:All
OID
2.16.840.1.113730.3.1.793
mgmanMemberVisibilityOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Only used in LDAP Schema 1 with iPlanet Delegated Administrator for Messaging.
Defines who has rights to view the group membership list (expand the group). This attribute has the keyword values: none, all, true ,anyone. No matter what the setting of this attribute, group owners always retain the right to view (and modify) membership.
However, if this attribute is checked in the case of group expansion as part of an SMTP EXPN command (that is, not as part of an administrative tool that can easily identify whether or not the client is the group owner), then a value of none ends up operating as if the list is unconditionally disabled. This is because SMTP doesn’t provided a means of establishing a client’s identity, such as “owner”.
The following table lists the keywords and gives a description of each:
Unrecognized values are interpreted as none.
If the attribute is not present, the MTA option EXPANDABLE_DEFAULT controls whether the expansion is allowed.
Note
LDAP_EXPANDABLE is the MTA option used to specify a different attribute name for this function.
Example
mgmanMemberVisibility:all
OID
2.16.840.1.113730.3.1.795
mgmanVisibilityOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Example
OID
2.16.840.1.113730.3.1.794
mnggrpAdditionPolicyOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Reserved.
Example
TBD.
OID
2.16.840.1.113730.3.1.710
mnggrpBillableUserOrigin
Messaging Server 5.0
Syntax
dn, single-valued
Object Classes
Definition
DN of the user who is responsible for paying the bills for this family account or group of users.
Example
mnggrpBillableUser: uid=John,ou=people,o=sesta.com,o=isp
OID
2.16.840.1.113730.3.1.711
mnggrpCurrentUsersOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Current number of users allowed in the managed group. Intended for reporting purposes only. No operational impact.
Example
mnggrpCurrentUsers: 20
OID
2.16.840.1.113730.3.1.714
mnggrpDeletionPolicyOrigin
Messaging Server 5.0
Syntax
cis, single valued
Object Classes
Definition
Reserved.
Example
TBD.
OID
2.16.840.1.113730.3.1.709
mnggrpMailQuotaOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Cumulative disk quota allowed for all users in the managed group. A value of -1 specifies that there is no limit on space used by users in the managed group. Intended for reporting purposes only. No operational impact.
Example
mnggrpMailQuota:-1
OID
2.16.840.1.113730.3.1.715
mnggrpMaxUsersOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Maximum number of users allowed in the managed group.
Example
30
OID
2.16.840.1.113730.3.1.713
mnggrpStatusOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Reserved.
Example
TBD.
OID
2.16.840.1.113730.3.1.712
mnggrpUserClassOfServicesOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Reserved.
Example
TBD.
OID
2.16.840.1.113730.3.1.716
nsDefaultMaxDeptSizeOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Specifies the default size (in number of users) of a newly created department managed by Delegated Administrator.
Example
nsDefaultMaxDeptSize:20
OID
2.16.840.1.113730.3.1.562
nsMaxDeptsOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Used with Delegated Administrator. Specifies the maximum number of group entries that can be created under this object.
Example
nsMaxDepts:200
OID
2.16.840.1.113730.3.1.557
nsMaxDomainsOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
For use with Delegated Administrator. Specifies the maximum number of suborganizations allowed to be created under this object.
Example
nsMaxDomains:50
OID
2.16.840.1.113730.3.1.561
nsMaxMailListsOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
For use with Delegated Administrator. Specifies the maximum number of mailing lists that can be created under this entry.
Example
nsMaxMailLists:200
OID
2.16.840.1.113730.3.1.559
nsMaxUsersOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
For use with Delegated Administrator. Specifies the maximum number of users that can be created under this entry.
Example
nsMaxUsers:750
OID
2.16.840.1.113730.3.1.555
nsNumDeptsOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
For use with Delegated Administrator. Tracks the number of nested departments that exist under this object.
Example
nsNumDepts:35
OID
2.16.840.1.113730.3.1.556
nsNumDomainsOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Used by Delegated Administrator. Tracks the number of suborganizations that exist under this object.
Example
nsNumDomains:5
OID
2.16.840.1.113730.3.1.560
nsNumMailListsOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Used by Delegated Administrator. Tracks the number of mail lists that exist under this object.
Example
nsNumMailLists:200
OID
2.16.840.1.113730.3.1.558
nsNumUsersOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
int, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Tracks the number of users that can be created under this object.
Example
nsNumUsers:2000
OID
2.16.840.1.113730.3.1.554
nsSearchFilterOrigin
Not currently used; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
cis, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Reserved for future development for Delegated Administrator.
Example
OID
2.16.840.1.113730.3.1.564
nsdaCapabilityOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
cis, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Specifies whether a user can create a mail list. Supports Delegated Administrator.
Example
OID
2.16.840.1.113730.3.1.563
nsdaDomainOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
cis, single
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Specifies the user’s organization, for Delegated Administrator.
Example
OID
2.16.840.113730.3.1.600
nsdaModifiableByOrigin
Messaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2.
Syntax
dn, single-valued
Object Classes
Definition
This attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1.
Used by Delegated Administrator. Specifies who has modify access to the object in which this attribute appears. DN of the administrator’s group used with ACIs to grant rights to manage other groups.
Example
nsdaModifiableBy: cn=service administrators,ou=group,o=isp
OID
2.16.840.1.113730.3.1.565
preferredMailMessageStoreOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Used by Messaging Server Delegated Administrator for LDAP Schema 1 only.
Used to set the mailMessageStore attribute of newly created users. If missing, Delegate Administrator leaves the mailMessageStore attribute empty and the access server assumes that the user’s mailbox is in the default partition of the server instance.
Example
preferredMailMessageStore: primary
OID
2.16.840.1.113730.3.1.762