Sun Java System Communications Services 6 2004Q2 Schema Reference |
Chapter 3
AttributesThis chapter describes attributes required or allowed by LDAP object classes for Communications Services products. The attributes are listed alphabetically.
Note that attributes used exclusively by Identity Server are covered in Chapter 4, "Sun Java System Identity Server Classes and Attributes." Whereas, attributes used exclusively by iPlanet Delegated Administrator for Messaging are covered in Chapter 5, "iPlanet Delegated Administrator for Messaging Classes and Attributes."
List of AttributesThis chapter describes the following attributes:
Attribute Definitions
aclGroupAddressOrigin
Messaging Server 6.0
Syntax
cis
Object Classes
Definition
Adds a user to a dynamic group specified as an identifier in an ACL entry. Members of the group share the particular access rights defined in the ACL entry. The group is represented by a dynamic mailing list with a filter on the aclGroupAddr attribute.
Example
aclGroupAddr: lee-staff@siroe.com
OID
1.3.6.1.4.1.42.2.27.9.1.686
adminRoleOrigin
Messaging Server 5.0
Syntax
cis
Object Classes
Definition
Specifies the administrator role for this administrator entry.
Example
OID
2.16.840.1.113730.3.1.601
aliasedObjectNameOrigin
Messaging Server 5.0
Syntax
dn
Object Classes
Definition
Used only in compatibility mode (with a DC Tree) for LDAP Schema 2, not in native mode (no DC Tree).
Used by the directory server to identify alias entries in the directory. Contains the distinguished name of the entry for which it is an alias. The domain attribute values are taken only from the referenced domain. So that routing will be identical between these domains.
Example
aliasedObjectName: cn=jdoe,o=sesta.com
OID
2.5.4.1
businessCategoryOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
groupOfUniqueNames, organization, organizationalUnit
Definition
Identifies the type of business in which the entry is engaged. This should be a broad generalization such as is made at the corporate division level.
Example
businessCategory:Engineering
OID
2.5.4.15
calCalURIOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Contains URI to user’s entire default calendar. For details see RFC 2739.
Example
Varies according to the version of calendar server implemented. For details see RFC 2739.
OID
1.2.840.113556.1.4.478
calFBURLOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
URL to the user’s default busy time data. For details see RFC 2739.
Example
Varies according to the version of calendar server implemented. For details see RFC 2739.
OID
1.2.840.113556.1.4.479
cnOrigin
Calendar Server
Syntax
cis, single-valued
Object Classes
icsCalendarResource, icsCalendarUser, inetResource
Definition
For users, full name of person. For resources, a unique identifier. In either case, it may contain spaces and special characters. Abbreviation for commonName.
Example
For a user: cn: John Doe.
For a resource: cn: Conference Room #3
or
commonName: John Doe
commonName: Conference Room #3
OID
2.5.4.3
coOrigin
LDAP
Syntax
cis
Object Classes
Definition
Contains the name of a country, using a two character code. Abbreviation for countryName.
The attribute friendlyCountryName is used to spell out the actual country name.
Example
co:IE
or
countryName:IE
friendlyCountryName:Ireland
OID
2.5.4.4
commonName (see cn)
countryName (see co)
dataSourceOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Text field to store a tag or identifier. Value has no operational impact.
Example
dataSource:1.0
OID
2.16.840.1.113730.3.1.779
dateOfBirthOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Date of birth of the pabPerson. Format is: YYYYMMDD.
Example
dateOfBirth: 19740404
(date of birth on April 6, 1974.)OID
2.16.840.1.113730.3.1.779
dcOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
The domain component of the domain alias entry.
Example
dc=sesta
For example a domain alias entry DN might be:
dn: dc=sesta, dc=fr, o=internet.OID
0.9.2342.19200300.100.1.25
descriptionOrigin
LDAP
Syntax
cis, multi-valued
Object Classes
icsCalendarDWPHost, icsCalendarResource, groupOfUniqueNames, inetOrgPerson, organization, organizationalUnit, pab, pabGroup, sunServiceComponent
Definition
Provides a human readable description of the object. For people and organizations, this often includes their role or work assignment.
Example
description: Quality control inspector.
OID
2.5.4.13
domainUidSeparatorOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute is used only for LDAP Schema 1.
This attribute is used by the messaging server to override the default mailbox (MB) home. When present, this attribute specifies that compound user identifications (UIDs) are used in this domain and this attribute specifies the separator. For instance, if + is the separator, the mailbox names in this domain are obtained by replacing the right most occurrence of + in the uid with @. To map an internal mailbox name to the UID, the right most occurrence of @ is replaced with a + in the mailbox name.
While substitution of an @ for the UID separator is sufficient to generate a mailbox name, this may not be the same as any of the user’s actual email addresses.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_UID_SEPARATOR.
Example
domainUIDSeparator: #
OID
2.16.840.1.113730.3.1.702
domOrgMaxUsersOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute is used only for LDAP Schema 1.
Maximum number of user entries in a domain organization.
Example
domOrgMaxUser: 500
OID
2.16.840.1.113730.3.1.697
domOrgNumUsersOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Number of current user entries in a domain organization.
Example
domOrgNumUsers: 345
OID
2.16.840.1.113730.3.1.698
facsimileTelephoneNumberOrigin
Calendar Server
Syntax
tel, single-valued
Object Classes
icsCalendarResource, inetResource, organization, organizationalUnit
Definition
Fax telephone number for resources.
Example
facsimileTelephoneNumber 1-800-555-1212
OID
2.5.4.23
givenNameOrigin
LDAP
Syntax
cis
Object Classes
Definition
Identifies the entry’s given name, usually a person’s first name.
Example
givenName: John
OID
2.5.4.42
icsAdminRoleOrigin
Calendar Server
Syntax
cis
Object Classes
Definition
Administrative calendar role that can be assigned to a group.
Example
OID
2.16.840.1.113730.3.1.724
icsAliasOrigin
Calendar Server
Syntax
cis, UTF8 encoded
Object Classes
Definition
Alias associated with a resource. An alias can make a resource name easier for the end user to work with.
Example
The resource named “halleyscomet” can be aliased as “Halley’s Comet”.
icsAlias: Halley’s Comet
OID
2.16.840.1.113730.3.1.725
icsAllowedServiceAccessOrigin
Calendar Server 6.0
Syntax
cis, single-valued
Object Classes
icsCalendarDomain, icsCalendarUser
Definition
This attribute is used only if the icsStatus attribute is not set, or in other words, if icsStatus is set, this attribute is ignored.
Use this attribute to disallow calendar services to a user. As a default all users are allowed access with http, but if you specify this attribute as shown in the example, it disallows the user from receiving calendar access (user is disabled):
Any other setting, or absence of the attribute entirely, results in the user having access to http services (user is enabled).
Example
icsAllowedServiceAccess:http
OID
2.16.840.1.113730.3.1.726
icsAllowRightsOrigin
Calendar Server
Syntax
int, single valued
Object Classes
Definition
A numeric string used to hold bit fields, each corresponding to a set of rights. Each bit corresponds to a setting in the ics.conf file. After you have figured out the bit string settings you want, convert the bits to an integer.
If the property is set (1), the right is not allowed. If the bit is not set (0), the right is allowed.
If this attribute does not exist, the corresponding ics.conf default settings are used.
Table 3-1 defines the meaning of each bit position for bits 0-15:
Example
If you decide that you want to disallow the following bits:
then your bit pattern would look like this:
‘00000000000000000000101000000100’
which you would convert into the integer 2564 so that:
icsAllowRights: 2564
OID
2.16.840.1.113730.3.1.727
icsAnonymousAllowWriteOrigin
Calendar Server
Syntax
boolean (yes, no)
Object Classes
Definition
Specifies if anonymous users can write events in public calendars. The value comes from the ics.conf setting service.wcap.anonymousallowpubliccalendarwrite.
Example
icsAnonymousAllowWrite: yes
OID
2.16.840.1.113730.3.1.728
icsAnonymousCalendarOrigin
Calendar Server
Syntax
ces
Object Classes
Definition
Calendar ID for anonymous users. The value is taken from the ics.conf setting calstore.anonymous.calid.
Example
icsAnonymousCalendar: guest1
OID
2.16.840.1.113730.3.1.729
icsAnonymousDefaultSetOrigin
Not implemented.
Syntax
ces, UTF8 encoded
Object Classes
Definition
Default calendar set for anonymous users.
Example
OID
2.16.840.1.113730.3.1.730
icsAnonymousLoginOrigin
Calendar Server
Syntax
boolean (yes, no))
Object Classes
Definition
Specifies if anonymous login is allowed. Value is taken from the ics.conf file setting service.http.allowanonymousLogin.
Example
icsAnonymousLogin: yes
OID
2.16.840.1.113730.3.1.798
icsAnonymousSetOrigin
Not implemented.
Syntax
ces, UTF8 encoded
Object Classes
Definition
Reserved. Not implemented.
Default calendar set for anonymous users.
Example
OID
2.16.840.1.113730.3.1.732
icsCalendarOrigin
Calendar Server
Syntax
ces, single-valued
Object Classes
icsCalendarResource, icsCalendarUser
Definition
The calendar ID (calid) of the default calendar for a user or resource. Required attribute. It is a policy of Calendar Server to construct calids based on the user's uid, since it is guaranteed to be unique.
Example
icsCalendar: jdoe
OID
2.16.840.1.113730.3.1.731
icsCalendarOwnedOrigin
Calendar Server
Syntax
ces, multi-valued
Object Classes
Definition
Calendars owned by this user. At least one instance of this attribute must exist for each user and must be set with the user's default calendar value. Multiple instances of this attribute can be used to specify other calendars the user owns.
Example
icsCalendarOwned: jdoe
icsCalendarOwned: jdoe:BaseballSchedule
icsCalendarOwned: jdoe:Project
icsCalendarOwned: jdoe:HolidaysOID
1.3.6.1.4.1.42.2.27.9.1.6
icsCapacityOrigin
Not implemented.
Syntax
int, single-valued
Object Classes
Definition
Reserved, not implemented.
Example
OID
2.16.840.1.113730.3.1.800
icsContactOrigin
Not implemented.
Syntax
cis, UTF8 encoded
Object Classes
Definition
Reserved, not implemented.
Resource contact name.
Example
icsContact: John Doe jdoe@sesta.com
OID
2.16.840.1.113730.3.1.733
icsDefaultAccessOrigin
Calendar Server
Syntax
cis, single valued
Object Classes
Definition
Default access control string applied to the user’s default calendar. For more information about access control, see “Access Control Entries” in the Sun Java System Calendar Server Programmer’s Manual. If this attribute is not present, the value is taken from the ics.conf file setting calstore.calendar.default.acl.
Example
Granting the user both freebusy and scheduling permission for calendar components.
icsDefaultAccess: @sesta.com^c^sf^g
OID
2.16.840.1.113730.3.1.734
icsDefaultSetOrigin
Calendar Server
Syntax
ces, single-valued
Object Classes
Definition
User preference for what calendars to display at login. User’s can specify any of their calendar sets (groups they have created) to be displayed at login instead of a single calendar.
Example
icsDefaultSet: MyCalendarGroup
OID
2.16.840.1.113730.3.1.735
icsDomainAllowedOrigin
Not implemented.
Syntax
cis, single-valued (see mgrpAllowedDomain)
Object Classes
Definition
What domains are allowed. The value has the following format:
service-list:client-list
where service-list is a blank- or comma-separated list of one or more service names or wildcards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wildcards.
The following are the explicit wildcards recognized by the system:
There is one operator that can be used in the service-list and the client-list:
EXCEPT
Matches anything that matches list 1 unless it matches anything in list 2.
The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated.
You can use patterns to distinguish clients by the network address that they can connect to. For example: service@host_pattern:client-list.
The default value comes from service.http.domainallowed in the ics.conf file.
Example
Allow local access to anyone in the sesta.com domain.
icsDomainAllowed: ALL:sesta.com
OID
2.16.840.1.113730.3.1.736
icsDomainNamesOrigin
Calendar Server.1
Syntax
cis, multi-valued, ASCII
Object Classes
Definition
For cross-domain searching, each external domain to be searched must be listed using this attribute.
Example
icsDomainNames: sesta.com
icsDomainNames: siroe.comOID
1.3.6.1.4.1.42.2.27.9.1.3
icsDomainNotAllowedOrigin
Calendar Server
Syntax
cis, single-valued (see mgrpDisallowedDomain)
Object Classes
Definition
What domains are not allowed. The value has the following format:
service-list:client-list
where service-list is a blank- or comma-separated list of one or more service names or wildcards, and client-list is a blank- or comma-separated list of one or more host names or addresses, patterns or wildcards.
The following are the explicit wildcards recognized by the system:
There is one operator that can be used in the service-list and the client-list:
EXCEPT
Matches anything that matches list 1 unless it matches anything in list 2.
The expected form: list1 EXCEPT list2. List1 and list2 are comma-separated.
The value comes from ics.conf setting service.http.domainnotallowed.
Example 1
If you want to allow access to all but a selected few hosts, you can explicitly deny access as in the following example:
Deny access to anyone at the company22.com domain.
icsDomainNotAllowed: ALL:company22.com
In this instance, you would not need to have any specific icsDomainAllowed attributes.
Example 2
If you want to implement a no-access default, a single instance of this attribute will do it. This denies all service to all hosts, unless they are specifically permitted access by icsDomainAllowed attributes.
icsDomainNotAllowed: ALL:ALL
Example 3
The following example shows how to deny access to any unknown users.
icsDomainNotAllowed: ALL:UNKNOWN@ALL
OID
2.16.840.1.113730.3.1.737
icsDWPBackEndHostsOrigin
Calendar Server 5.1.1
Syntax
cis, multi-valued
Object Classes
Definition
The list of all possible back end hosts used for calendars found in this domain. This attribute is required if the calendar installation is using the Database Wire Protocol (DWP).
Example
icsDWPBackEndHosts: machine1
icsDWPBackEndHosts: machine2OID
1.3.6.1.4.1.42.2.27.9.1.5
icsDWPHostOrigin
Calendar Server.1
Syntax
cis, single-valued, ASCII
Object Classes
icsCalendarDWPHost, icsCalendarResource, icsCalendarUser
Definition
Stores a DWP host name so that the calendar ID can be resolved to the Database Wire Protocol (DWP) server that stores the calendar and its data. When the calendar database is distributed across several back end servers, the attribute value is the DNS name of user’s back end host. Each user’s entire calendar will be on a single back end server. Required if using the Calendar Lookup Database (CLD).
This attribute is required if the Calendar installation is using DWP to distribute calendar data across back end calendar data servers. If DWP is not being used, every user’s calendar will be found on the same host as the calendar server. If an installation initially does not use DWP, but later switches to it, the calendar server will fill in this value based on the default DWP host name found in the domain entry. If there is no value or such entry (calendar server is not in hosted domain mode) then the value will be picked up from the ics.conf configuration file.
Example
icsDWPHost:calserv1
OID
1.3.6.1.4.1.42.2.27.9.1.1
icsExtendedOrigin
Calendar Server 5.1.1
Syntax
cis, multi-valued
Object Classes
Definition
Extensions for calendar. Reserved.
Example
OID
2.16.840.1.113730.3.1.738
icsExtendedDomainPrefsOrigin
Calendar Server
Syntax
cis, multi- valued
Object Classes
Definition
Preferences for calendar domains can be set using the properties found in Table 3-2. Each attribute value is a property-value pair. The default settings for these properties are found in the domain server’s ics.conf file. In the absence of this attribute, the ics.conf settings will be used.
Example
icsExtendedDomainPrefs: createLowerCase=yes
icsExtendedDomainPrefs: domainAccess=@@d^a^slfrwd^g;anonymous^a^r^g;@^a^s^g
In this example, any external domain matching the access rights shown above can search this domain.
OID
2.16.840.1.113730.3.1.739
icsExtendedGroupPrefsOrigin
Calendar Server
Syntax
cis
Object Classes
Definition
Extensions for calendar group preferences.Reserved.
Example
OID
2.16.840.1.113730.3.1.740
icsExtendedResourcePrefsOrigin
Not implemented.
Syntax
cis
Object Classes
Definition
Reserved, not implemented.
Example
OID
2.16.840.1.113730.3.1.741
icsExtendedUserPrefsOrigin
Calendar Server
Syntax
cis, multi-valued
Object Classes
Definition
Extensions for calendar user preferences. The attribute value is a property-value pair. The following are the properties and their values
Table 3-3 Extended User Preferences
Properties
Values
Description
ceAllCalendarTZIDS
a standard time zone
Time zone TZID for this calendar.
ceClock
12, 24
Defines whether a 12- or 24-hour clock is used.
ceColorSet
pref_group1
pref_group2
pref_group3
pref_group4
pref_group7Defines which of the five UI color schemes to use.
ceDateOrder
M/D/Y
D/M/Y
Y/M/DDetermines what order the three elements of a date (month (M), day (D), and year (Y)) are displayed.
ceDateSeparator
Any single printable character. For example: / or -
The single character used to delimit displayed date elements (M,D,Y).
For example, a date can be displayed as: 12/22/2002.
ceDayHead
0–23
Start time hour (expressed as one of 24 hours in a day) for displaying calendar information.
ceDayTail
0–23
End time hour (expressed as one of 24 hours in a day) for displaying calendar information.
cdDefaultAgenda
unused
Not currently implemented.
cdDefaultAlarmEmail
email addresses separated by white space
Email Addresses event alarms sent to.
ceDefaultAlarmStart
P[unit count][unit type]
Amount of time before the event an alarm should be sent. Where unit count is any numeric value, and unit type is either M (minutes), H (hours), or D (days).
For example: P10M
ceDefaultTZID
one of standard time zones
For a list of time zones, see Standard Time Zones.
Time zone to use when a calendar does not have one assigned to it.
ceDefaultView
dayview
weekview
monthview
yearview
groupviewView to be presented at log in.
If this parameter is not present, overview is used as the default.
(groupview is the Comparison view on the user interface)
ceExludeSatSun
boolean (0, 1)
Calendars don’t display if value=1. Default is value=0.
ceFontFace
One of these values:
1) Times New Roman, Times, serif
2) Courier New, Courier, noon
3) PrimaSans BT, Verdana, sans-serifThree choices of font face to be used in the user interface.
ceFontSizeDelta
pref_font_size_
group_2 (normal)pref_font_size_
group_1 (larger)pref_font_size_
group_3 (smaller)Defines three font sizes for the user interface. In the interface they are defined as:
normal, larger, smaller.ceGroupInviteAll
boolean (0, 1)
When creating an invitation while viewing a group, invite all calendars in the group when value=1; default is 1.
ceInterval
PT0H15M
PT0H30M
PT1H0M
PT2H0M
PT4H0MDefines the time interval to be used when displaying calendar information.
Intervals are: 15 min., 30 min., 1hour, 2 hours, 4 hours.ceNotifyEmail
any valid RFC 822 email address
Email address notifications are mailed to when the calendar receives an invitation to an event.
ceNotifyEnable
0, 1
Enables/disables email notifications being sent when the calendar receives an invitation to an event.
0 = do not sent notifications
1 = send notificationsceSingleCalendarTZID
any valid time zone
For a list of valid time zones, see Standard Time Zones.
Lists the time zone assigned to this calendar.
If the parameter is not sent, the default time zone is used.For example: America/Los_Angeles
ceToolImage
0, 1
Toggle for the user interface display of icon images on the toolbar.
0 = do not display icons,
1 = display icons (default)ceToolText
0, 1
Toggle for the user interface display of icon text on the toolbar.
0 = do not display text with the icon
1 = display text with the icon (default)
Example
icsextendeduserprefs: ceClock=12
icsextendeduserprefs: ceColorSet=pref_group_1
icsextendeduserprefs: ceDateOrder=D/M/Y
icsextendeduserprefs: ceDateSeparator=/
icsextendeduserprefs: ceDayHead=10
icsextendeduserprefs: ceDayTail=17
icsextendeduserprefs: ceDefaultAlarmEmail=jdoe@sesta.com
icsextendeduserprefs: ceDefaultAlarmStart=P30H
icsextendeduserprefs: ceDefaultTZID=America/New_York
icsextendeduserprefs: ceDefaultView=groupview
icsextendeduserprefs: ceFontFace=PrimaSans BT,Verdana,sans-serif
icsextendeduserprefs: ceFontSizeDelta=pref_font_size_group_3
icsextendeduserprefs: ceInterval=PT2H0M
icsextendeduserprefs: ceNotifyEmail=jdoe@sesta.com
icsextendeduserprefs: ceNotifyEnable=0
icsextendeduserprefs: ceSingleCalendarTZID=America/Los_Angeles
icsextendeduserprefs: ceToolText=1
icsextendeduserprefs: ceToolImage=1
OID
2.16.840.1.113730.3.1.742
icsFirstDayOrigin
Calendar Server
Syntax
cis, single-valued
Object Classes
Definition
First day of the week to be displayed on user’s calendar.
Range of values: 1–7, with 1 = Sunday, 2 = Monday, 3= Tuesday, 4 = Wednesday,
5 = Thursday, 6 = Friday, 7 = SaturdayExample
icsFirstDay: 1
OID
2.16.840.1.113730.3.1.743
icsFreeBusyOrigin
Not implemented.
Syntax
ces, single-valued
Object Classes
Definition
Reserved, not implemented.
Example
OID
2.16.840.1.113730.3.1.744
icsGeoOrigin
Not implemented.
Syntax
cis single-valued
Latitude; longitude
Object Classes
Definition
Reserved, not implemented.
Geographical location of user or resource.
Example
This class exists only for compliance with the RFC spec and is not used.
OID
2.16.840.1.113730.3.1.745
icsMandatorySubscribedOrigin
Calendar Server
Syntax
ces
Object Classes
Definition
The valid calendar IDs for mandatory subscribed calendars for all users in a domain.
Example
icsMandatorySubscribed: ConfRm1@sesta.com:meetings
OID
2.16.840.1.113730.3.1.746
icsMandatoryViewOrigin
Calendar Server
Syntax
cis
Object Classes
Definition
The mandatory default view for all calendars in a domain. Views are: overview, day, week, month, year, comparison.
Example
icsMandatoryView: overview
OID
2.16.840.1.113730.3.1.747
icsPartitionOrigin
Not implemented.
Syntax
cis, single-valued, ASCII
Object Classes
icsCalendarResource, icsCalendarUser
Definition
Reserved. not implemented.
The name of the partition that holds a calendar database. There is no default value.
Example
icsPartition: partition1
OID
1.3.6.1.4.1.42.2.27.9.1.4
icsPreferredHostOrigin
Not implemented.
Syntax
cis, single-valued
Object Classes
Definition
Reserved, not implemented.
Specifies the preferred host for this calendar. This attribute is used by clients to retrieve the front-end-host server name.
Example
OID
2.16.840.1.113730.3.1.749
icsQuotaOrigin
Not implemented.
Syntax
int, single-valued
Object Classes
Definition
Reserved, not implemented.
Example
OID
2.16.840.1.113730.3.1.748
icsRecurrenceBoundOrigin
Calendar Server
Syntax
int, single-valued
Object Classes
Definition
Maximum number of instances created for events and todos with infinite recurrence. The value is taken from the ics.conf setting calstore.recurrence.bound.
Example
icsRecurrenceBound: 60
OID
2.16.840.1.113730.3.1.750
icsRecurrenceDateOrigin
Calendar Server
Syntax
cis, single-valued
Object Classes
Definition
An ISO8601 date/time string specifying the maximum date for events and todos with infinite recurrence.
Example
icsRecurrenceDate: 20300365T115959Z
OID
2.16.840.1.113730.3.1.751
icsRegularExpressionsOrigin
Calendar Server.1
Syntax
ces, multi-valued, UTF8
Object Classes
Definition
Stores regular expressions used to divide the LDAP database between servers.
Example
icsRegularExpressions: A–F,G–L,M–T,U–Z
A–F, G–L, M–T, U–Z are possible values for instances of this attribute and describe a database divided alphabetically between four servers.
OID
1.3.6.1.4.1.42.2.27.9.1.2
icsSessionTimeoutOrigin
Calendar Server
Syntax
int, single-valued
Object Classes
Definition
Number of seconds of inactivity before a user session is timed out. Read from ics.conf setting service.http.idletimeout.
Example
icsSessionTimeout: 600
OID
2.16.840.1.113730.3.1.752
icsSetOrigin
Calendar Server
Syntax
cis, multi-valued
Object Classes
icsAnonymousSet,icsCalendarUser,icsDefaultAnonymousSet
Definition
Defines one group of calendars. End users create these groups for various tasks. Each group is represented by one icsSet attribute, that is, for every group the user creates there will be one icsSet attribute. For example, if the user has three groups defined, there will be three icsSet attributes.
The value for this attribute is a six-part string, with each part separated by a dollar sign ($).
The following table shows the six parts of this attribute’s value:
Table 3-4 Six Parts of the Attribute Value
Part
Required?
Description
name
Required
The display name of this group.
calendars
Required
A semi-colon-separated list of calendar IDs (calid) that comprise this group.
tzmode
Required
Three possible values: default, inherit, specify. The value that tells where the time zone for this group comes from.
default – take user’s default time zone
inherit – take the time zone of the first calendar in the group
specify – take the time zone from the tz value that follows.tz
Not Required, unless
tzmode = specifyA valid time zone for this group. For a list of acceptable values, see Standard Time Zones. Value is optional unless tzmode = specify, then it is required.
mergeInDayView
Required
A boolean (TRUE/FALSE). The value tells whether to display this group in the Day view (TRUE) or the Comparison view (FALSE)
description
Not Required
Character string. Optional description of the calendar.
Example
The value of this attribute should all be on one line or if you wish to break a line, start the next line with a single space or tab.
icsSet: name=GroupName$calendars=calid1;calid2;calid3$
tzmode=specify$tz=America/Los_Angeles$mergeInDayView=FALSE$
description=Example group of calendars.OID
2.16.840.1.113730.3.1.753
icsSourceHtmlOrigin
Calendar Server
Syntax
ces, single-valued
Object Classes
Definition
The alternate location of all client HTML files. A directory path that is relative to the installed client HTML files. The default value comes from the ics.conf setting service.http.uidir.path.
Table 3-5 lists the values for this attribute.
Example
icsSourceHtml: calHostname=calhost1
OID
2.16.840.1.113730.3.1.754
icsStatusOrigin
Calendar Server
Syntax
cis, single-valued
Object Classes
Definition
This attribute must be set when assigning calendar services to a domain. The attribute describes the status of this domain’s calendar service. Calendar status, with one of the values specified in Table 3-6:
If this attribute is not set, the icsAllowedServiceAccess attribute is checked. If present and the value of that attribute is http, then calendar services are disabled for the user (the user status is inactive). If icsAllowedServiceAccess has any other value, or if both attributes are missing, then the default user status is active.
Calendar services evaluate the following status attributes in order:inetDomainStatus, icsStatus (for icsCalendarDomain), either inetResourceStatus or inetUserStatus, and icsStatus (for either icsCalendarResource or icsCalendarUser).
The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Example
icsStatus: active
OID
2.16.840.1.113730.3.1.755
icsSubscribedOrigin
Calendar Server
Syntax
ces, multi-valued
Object Classes
Definition
List of calendars to which this user is subscribed. This includes all the calendars that the user owns, as well as any calendars owned by others to which the owner subscribes.
The value of this attribute is the calendar ID and optionally, the calendar name, with a dollar sign ($) between them, when present.
Example
icsSubscribed: jdoe$MyHomeCalendar
icsSubscribed: jsmithOID
2.16.840.1.113730.3.1.756
icsTimezoneOrigin
Calendar Server
Syntax
cis
Object Classes
icsCalendarResource, icsCalendarUser
Definition
The default time zone for this user or resource calendar if one is not explicitly assigned through their own user preferences (see icsExtendedUserPrefs). Specifically a valid time zone from the list found in Standard Time Zones. The value is taken from the ics.conf setting calstore.default.timezoneID.
Example
icsTimezone: America/Chicago
OID
2.16.840.1.113730.3.1.757
inetCanonicalDomainNameOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Used both in LDAP Schema 1 and compatibility mode for LDAP Schema 2 (with a DC Tree). This attribute is a fully qualified domain name. For an explanation of native and compatibility mode LDAP structures, see the Sun Java Enterprise System Installation Guide.
In compatibility mode, if more than one DC node in a DC tree refers to the same organization node in the Organization tree, this attribute is used to specify the canonical domain name used by the mail processes to open users’ mailboxes. (There can be only one canonical domain name per organization node, but there can be many DC nodes referring to the same organization node)
This attribute is not necessary if there is only one DC node referring to an organization node. If the attribute is missing, the DC node entry is taken for the canonical domain name.
If this attribute is missing and there are multiple DC nodes referring to the same organization node, the mail processes could possibly use the wrong domain name when trying to open users’ mailboxes.
Using multiple domain nodes to point to the same organization node allows you to have different attribute settings (and therefore different routing) for each one. If you want to be sure the two domains have the same attribute settings (are routed identically), use aliasedObjectName on the duplicate node instead.
This attribute is not used for the LDAP Schema 2 native mode LDAP data model.
Example
For the corporation sesta.com, if two DC nodes exist, dc=sesta and dc=sesta2, both referring to the organization node o=sesta, then you must specify one of them in the attribute:
inetCanonicalDomainName: sesta.com
Thus:
dn: dc=sesta,dc=com,o=internet
inetDomainBaseDN: o=sesta.com
inetCanonicalDomainName: sesta.comdn: dc=sesta2,dc=com,o=internet
inetDomainBaseDN: o=sesta.comOID
2.16.840.1.113730.3.1.701
inetCoSOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
(Organization tree domain) Specifies the name of the Class of Service (CoS) template supplying values for attributes in the user entry. The RDN of the CoS template is the value of this attribute. Attribute values provided by the template and any override rules are specified in the CoS definition. CoS definitions are created by using the object class cosDefinition. The value of attribute cosSpecifier in CoS definition entry is set to inetCoS. Create CoS definitions and templates in the container ou=CoS in the subtree for that domain. See the iPlanet Messaging Server 5.2 Provisioning Guide for more information.
Example
inetCoS: HallofFame
OID
2.16.840.1.113730.3.1.706
inetDomainBaseDNOrigin
Messaging Server 5.0
Syntax
dn, single-valued
Object Classes
Definition
This attribute decorates domain nodes on the DC Tree when in compatibility mode. It is not used for native mode LDAP Schema 2.
The two domains, the alias and the referenced domain, can have different attribute values, such that routing will differ between the two. If you want to ensure routing is the same, the attribute values of both domains must be identical.
DN of the organization’s subtree where all user/group entries are stored. This attribute points to a valid Organization subtree DN. Messaging Server components using the RFC 2247 search (compatibility mode) must resolve this DN in order to search for user and group entries that correspond to the hosted organization.
Example
inetDomainBaseDN: o=sesta.com,o=siroe-isp.com
OID
2.16.840.1.113730.3.1.690
inetDomainCertMapOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Reserved.
Example
TBD
OID
2.16.840.1.113730.3.1.700
inetDomainSearchFilterOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
LDAP search filter to use in search templates when performing a native mode search. The compatibility mode RFC 2247 algorithm search requires this attribute, but ignores its value.
Used during authentication to map login name in that domain to an LDAP entry.
The following variables can be used in constructing the filter:
If this attribute is missing, it is equivalent to:
(&(objectclass=inetOrgPerson)(uid=%U))
Namespaces where users are provisioned with compound uids, such as uid=john_siroe.com, where john is the userID and siroe.com is the domain, would use a search filter of uid=%U_%V. This maps a login string of john@siroe.com (where @ is the login separator for the service) into a search request by the service for an entry’s namespace of siroe.com, where uid=john_siroe.com.
An alternate example of using this attribute would be for sites wanting to log people in based on their employee identification. Assuming the attribute empID in user entries stores employee identifications, the search filter would be:
(&(objectclass=inetOrgPerson)(empID=%U)).
This attribute must return a unique match for valid users within the inetDomainBaseDN subtree.
Example
inetDomainSearchFilter: uid=%U
OID
2.16.840.1.113730.3.1.699
inetDomainStatusOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Applications using a DC Tree as their entry point (RFC 2247 compliant compatibility mode LDAP data model) may choose to respect application specific status attributes, but must consume and respect this attribute on the affiliated physical node (Organization Tree). In other words, for compatibility mode, both the DC Tree and the Organization Tree contain this attribute and if the two attribute’s values differ, the one on the Organization Tree will take precedence.
Specifies the global status of a domain for all services. The intent of this attribute is to allow the administrator to temporarily suspend and then reactivate access, or to permanently remove access, by the domain and all its users to all the services enabled for that domain.
This attribute takes one of three values. Supported values are:
A missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Similarly, this attribute is used for calendar services when evaluating status. The status attributes used are: inetDomainStatus, icsStatus (of icsCalendarDomain), either inetResourceStatus or inetUserStatus, and icsStatus (of either icsCalendarResource or icsCalendarUser).
In addition, in compatibility mode, when this attribute decorates both the DC Tree and the Organization Tree, both attributes should agree. Administrators are responsible for keeping the two synchronized. If the two attributes do not have the same value, Messaging Server will use the value found in the Organization Tree, while some other legacy application might be using the DC Tree attribute only. This could cause unpredictable results.
For more information on native and compatibility mode LDAP schemes, see the Sun Java Enterprise System Installation Guide.
Example
inetDomainStatus: active
OID
2.16.840.1.113730.3.1.691
inetMailGroupStatusOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Current status of a mail group.
The following table lists the possible status values and gives a description of each:
A missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that interact with each other: inetDomainStatus, mailDomainStatus, inetGroupStatus, and inetMailGroupStatus. These are considered in the order just given. The first one with a status of active takes precedence over the setting of all the others.
The MTA option LDAP_GROUP_STATUS can be used to specify a different attribute to be used for group status.
Example
inetMailGroupStatus: active
OID
2.16.840.1.113730.3.1.786
inetResourceStatusOrigin
Calendar Server
Syntax
cis, single-valued
Object Classes
Definition
This is a global status for resources. It holds the current status of the resource: active, inactive, or deleted for all services. It is used by Identity Server to manage resources. Status changes can be made to a resource’s status using the commcli interface, or by directly changing the LDAP entry for the group.
The following table lists the attribute’s values and their meanings:
There are several status attributes that are evaluated to determine status. They are evaluated in this order: inetDomainStatus, icsStatus (for icsCalendarDomain), inetResourceStatus, icsStatus (for icsCalendarResource). These are considered in the order just given. The first one with a status of active takes precedence over the setting of all the others.
Example
inetResourceStatus: active
OID
2.16.840.1.113730.3.1.758
inetSubscriberAccountIdOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
A unique account ID used for billing purposes.
Example
inetSubscriberAccountId: A3560B0
OID
2.16.840.1.113730.3.1.694
inetSubscriberChallengeOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Attribute for storing the challenge phrase used to identify the subscriber. Used in conjunction with the inetSubscriberResponse.
Example
inetSubscriberChallenge=Mother’s Maiden Name
OID
2.16.840.1.113730.3.1.695
inetSubscriberResponseOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Attribute for storing the response to the challenge phrase.
Example
inetSubscriberResponse=Mamasita
OID
2.16.840.1.113730.3.1.696
inetUserHttpURLOrigin
Messaging Server 5.0, deprecated in Messaging Server 6.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute is deprecated for the user class inetUser starting in Messaging Server 6.0 and is likely to be removed from the object class in future versions of the schema.
User’s primary URL for publishing Web content. This is an informational attribute and may be used in phonebook-type applications. It is not intended to have any operational impact.
Example
inetUserHttpURL: http://www.siroe.com/theotis
OID
2.16.840.1.113730.3.1.693
inetUserStatusOrigin
Messaging Server 5.0, Calendar Server 5.1.1
Syntax
cis, single-valued
Object Classes
Definition
Specifies the status of a user’s account with regard to global server access.This attribute enables the administrator to temporarily suspend, reactivate, or permanently remove access to all services for a user account.
The following table lists the values for this attribute:
A missing value implies status is active. An illegal value is treated as inactive.
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
For calendar services, the attributes evaluated are: inetDomainStatus, icsStatus (for icsCalendarDomain), inetUserStatus, icsStatus (for icsCalendarUser).
When this attribute applies to a static group, defined using the inetUser object class, inactivating (disabling) the group only applies to the group itself and not the users in the group.
To disable the users of a group, create a dynamic group by assigning roles to the users, and then disable the role (which disables all users assigned to that role). For more information about roles, see the Sun Java System Directory Server Administrator’s Guide.
The MTA option LDAP_USER_STATUS can be used to specify a different attribute to be used for user status.
Example
inetUserStatus=inactive
OID
2.16.840.1.113730.3.1.692
Origin
Messaging Server 5.0
Syntax
cis, single-valued (RFC 822 address)
Object Classes
inetLocalMailRecipient, icsCalendarResource, icsCalendarUser
Definition
Identifies a user’s primary email address (the email address retrieved and displayed by white-pages lookup applications).
This attribute and mailAlternateAddress, are the default attributes used for reverse searches.
Example
mail=jdoe@sesta.com
OID
0.9.2342.19200300.100.1.3
mailAccessProxyPreAuthOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Attribute tells the MMP if the users in this domain have to be preauthenticated. Permitted values are yes or no.
Example
mailAccessProxyPreAuth=yes
OID
2.16.840.1.113730.3.1.769
mailAccessProxyReplayOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute tells the Messaging Multiplexor how to reconstruct the login string when replaying the login sequence with the backend mail server. A missing attribute implies that the message access proxies construct the replay string based on the login name used by the client, the domain of the client, and the login separator used for this service. The mailAccessProxyReplay attribute overrides this default behavior when the message access proxy has a different backend server than Communications Services.
The syntax is that of a login string, with the following substitutions:
Examples
- If the client logs in as hugo and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay=%U@%V, the replayed login string is hugo@yoyo.com.
- If the client logs in as hugo, and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay=%[surname]@%V, the replayed login string is the value of the surname attribute of the client.
- If the client logs in as hugo+yoyo.com, and the login separator for the service used is +, and mailAccessProxyReplay=%U@%V, the replayed login string is hugo@yoyo.com.
- If the client logs in as hugo, and the domain associated with the server IP address used is yoyo.com, and mailAccessProxyReplay is not defined, and the login separator for the service used is +, the replayed login string is hugo+yoyo.com.
OID
2.16.840.1.113730.3.1.763
mailAdminRoleOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Specifies the administrative role assigned to the members of the group. The only legal value for this attribute is storeAdmin. The object class that contains this attribute—inetMailAdministrator—is overlaid on a group entry to grant members of a group administrative privileges over part of the mail server. Currently the only privilege group members inherit are rights to perform proxy authentication for any user in the domain. These rights extend over users in the same domain as where the group is defined. To grant such privileges the attribute mailAdminRole must be set to the value storeAdmin.
Example
mailAdminRole: storeAdmin
OID
2.16.840.1.113730.3.1.780
mailAllowedServiceAccessOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Stores access filters (rules). If no rules are specified, then user is allowed access to all services from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:
- Access is granted if the client information matches an allow filter for that service.
- Access is denied if the client information matches a deny filter for that service.
- If no match is made with any allow or deny filters, access is granted, except in the case where there are allow filters but no deny filters. In this case, a lack of match means access is denied.
For a full explanation of access filters and an alternate way to control access through the administration console or the config utility, see “Configuring Client Access to POP, IMAP, and HTTP Services” in the Messaging Server Administration Guide.
Rule Syntax
"+" or "-"service_list":"client_list
+ (allow filter) means the services in the service list are being granted to the client list.
- (deny filter) means the services are being denied to the client list.
service_list is a comma separated list of services to which access is being granted or denied.
Legal service names are: imap, imaps, pop, pops, smtp, smtps, and http. Note that the MMP supports imap, imaps, pop, pops, and smtp. The backend supports imap, pop, smtp, and http.
client_list is a comma separated list of clients (domains) to which access is being granted or denied.
Wildcards can be substituted for the client list (domains). The following table shows the legal wildcards and gives a description of each:
The following wildcards can be used for the service list: *, ALL.
Except Operator
The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule’s service list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.
The EXCEPT format is:
list1 EXCEPT list2
where list1 is a comma separated list of services and list2 is a comma separated lists of clients.
Example
This example shows a single rule with multiple services and a single wildcard for the client list.
mailAllowedServiceAccess: +imap,pop,http:*
This example shows multiple rules, but each rule is simplified to have only one service name and uses wildcards for the client list. (This is the most commonly used method of specifying access control in LDIF files.)
mailAllowedServiceAccess: +imap:ALL$+pop:ALL$+http:ALL
An example of how to disallow all services for a user is:
mailAllowedServiceAccess: -imap:*$-pop:*$-http:*
An example of a rule with an EXCEPT operator is:
mailAllowedServiceAccess: -ALL:ALL EXCEPT server1.sesta.com
This example denies access to all services for all clients except those on the host machine server1.sesta.com.
OID
2.16.840.1.113730.3.1.777
mailAlternateAddressOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
inetLocalMailRecipient, pabPerson
Definition
Alternate RFC 822 email address of this recipient. If the MTA receives mail with a “from” header with this email address, it rewrites the header with the value of the mail attribute and routes the email to that inbox. The mailEquivalentAddress attribute works similarly to route the email, but does not rewrite the header.
The local part of the address may be omitted to designate a user/group as the catchall address. A catchall domain address is an address that will receive mail to a specified domain if the MTA does not find an exact user address match with that domain.
This attribute, along with mail, are the default attributes used for reverse searches.
Example
mailAlternateAddress: jdoe@sesta.com
mailAlternateAddress: @sesta.com (catchall domain address)
OID
2.16.840.1.113730.3.1.13
mailAntiUBEServiceOrigin
Messaging Server 5.2
Syntax
cis, multi-valued
Object Classes
Definition
The string values given by this and other optin attributes are collected and passed to the filtering agent being used (for instance, Brightmail).
For Brightmail spam and virus checking, the interpretation of these strings is specified in the Brightmail configuration file. Brightmail uses the information from this attribute for its processing.
There are two Brightmail values:
SpamAssasin, another filtering agent, does not use the actual value of the attribute; it can be set to anything.
While another attribute can be named in the option.dat setting for LDAP_OPTIN, it is not recommended. (For more information on Brightmail, see the Messaging Server Administration Guide.)
To use this attribute to specify per user optin values, set the following in the option.dat file:
LDAP_OPTIN=mailAntiUBEService
To use the attribute to specify domain level optin values, set the following in the option.dat file:
LDAP_DOMAIN_ATTR_OPTIN=mailAntiUBEService
Example
mailAntiUBEService: virus
mailAntiUBEService: spam
OID
mailAutoReplyModeOrigin
Messaging Server 5.0 (for reply mode), Messaging Server 5.2 patch 1 (for echo mode)
Syntax
cis, single-valued
Object Classes
Definition
Specifies the autoreply mode for user mail account. This is one of several autoreply attributes used when autoreply is an active mail delivery option. The two modes for autoreply are:
Example
mailAutoReplyMode: reply
OID
2.16.840.1.113730.3.1.14
mailAutoReplySubjectOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Subject text of auto-reply response. $SUBJECT can be used to insert the subject of the original message into the response.
Example
mailAutoreplySubject: I am on vacation
OID
2.16.840.1.113730.3.1.772
mailAutoReplyTextOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Auto-reply text sent to all senders except users in the recipient’s domain. If not specified, external users receive no auto response.
Example
mailAutoreplyText: Please contact me later.
OID
2.16.840.1.113730.3.1.15
mailAutoReplyTextInternalOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Auto-reply text sent to senders from the recipients domain. If not specified, then internal uses get the mail auto-reply text message.
Example
mailAutoreplyTextInternal: Please contact me later.
OID
2.16.840.1.113730.3.1.773
mailAutoReplyTimeOutOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Duration, in hours, for successive auto-reply responses to any given mail sender. Used only when mailAutoReplyMode: reply. If the value is set to 0 for mailAutoReplyMode: echo then a response is sent back every time a message is received. Auto-reply responses are sent out only if the recipient is listed in the “to” or “cc:” of the original message.
Example
mailAutoreplyTimeout: 48
OID
2.16.840.1.113730.3.1.771
mailClientAttachmentQuotaOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
A positive integer value indicating the number of attachments the Messenger Express user can send per message in this domain. A value of -1 means no limit on attachments.
Example
mailClientAttachmentQuota: 12
OID
2.16.840.1.113730.3.1.768
mailConversionTagOrigin
iPlanet Messaging Server 5.2
Syntax
cis, multi-valued (ASCII string)
Object Classes
inetMailGroup, inetMailUser
Definition
Method of specifying unique conversion behavior for a user or group entry. A message sent to this user or group will match any conversion file entries that require the specified value of the tag. (Any string value can be associated with this attribute.)
Tag-specific conversion actions are specified in the MTA configuration.
The MTA option used to override this attribute is LDAP_CONVERSION_TAG.
Example
OID
mailDeferProcessingOrigin
iPlanet Messaging Server 5.2
Syntax
cis, single-valued (ASCII string)
Object Classes
inetMailGroup, inetMailUser
Definition
Controls whether or not address expansion of the current user or group entry is performed immediately (value is “No”), or deferred (value is “Yes”).
Note
A different attribute (other than mailDeferProcessing) can be designated for this purpose in the MTA option LDAP_REPROCESS.
Deferral takes place if the value is “Yes” and the current source channel isn’t the reprocess channel. Deferral is accomplished by directing the user or group’s address to the reprocess channel. That is, the expansion of the alias is aborted and the original address (user@domain) is queued to the reprocess channel.
If this attribute does not exist, the setting of the deferred processing flag associated with delivery options processing is checked. If it is set, processing is deferred.
If it is not set, the default for users is to process immediately (as if the value of this attribute were “No”).
The default for groups (such as mailing lists) is controlled by the MTA option DEFER_GROUP_PROCESSING, which defaults to 1 (yes).
Best Practices Suggestions for Duplicate Message Problem
Getting duplicate copies of messages can happen. For example, if a user sends an email to both addresseeA, and groupA that contains addresseeA, and DEFER_GROUP_PROCESSING=1 and this attribute is No, then the message immediately duplicates, such that addresseeA gets two copies, one that came directly, and one that took the deferred expansion hop through the reprocess channel for groupA to get expanded.
While disabling deferred group expansion would eliminate the duplicate, that’s not a good idea if you have a lot of large groups. Using expandlimit 1 can potentially cause unnecessary overhead on general, non-group, multi-recipient messages.
To minimize the effect of this situation, the following two solutions are best practices:
- For installations with only a few small groups, setting the default DEFER_GROUP_PROCESSING=1, and this attribute to No, gives you duplicates but also gives you two major benefits:
- If your installation has many small groups and only a few large groups, then set DEFER_GROUP_PROCESSING=0, and this attribute to Yes for the few large groups.
Example
The default for mail users:
mailDeferProcessing: No
The default for mailing lists:
mailDeferProcessing:Yes
OID
TBD
mailDeliveryFileURLOrigin
Messaging Server 5.0
Syntax
ces, single-valued
Object Classes
Definition
Fully qualified local path of file to which all messages sent to the mailing list are appended. Used in conjunction with mailDeliveryOption: file.
The MTA option used to override this attribute’s value is LDAP_PROGRAM_FILE.
Example
mailDeliveryFileURL: /home/dreamteam/mail_archive
OID
2.16.840.1.113730.3.1.787
mailDeliveryOptionOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Specifies delivery options for the mail recipient. One or more values are permitted on a user or group entry, supporting multiple delivery paths for inbound messages. Values will apply differently depending on whether the attribute is used in inetMailGroup or inetMailUser.
Note, that the mailUserStatus attribute is processed before this attribute. If mailUserStatus is set to hold, an internal flag is set so that when mailDeliveryOption is processed, the mailUserStatus hold overrides whatever delivery options are specified with mailDeliveryOption.
For users, delivery addresses are generated for each valid delivery option value.
Valid values are:
For users only (inetMailUser):
- autoreply – Specifies autoreply is turned on for the user. Messages on which the recipient is listed in the "To:" or "Cc:" header fields of the message are sent to the autoreply channel where an autoreply message is generated and sent to the original sender.
- hold – A recipient is temporarily halted from receiving messages. Note that unlike mailUserStatus, hold for this attribute does not disallow POP, IMAP and WebMail access. For this attribute, hold only halts delivery to the recipient’s mailbox, but access is still allowed.
- mailbox – Deliver messages to the user’s IMAP/POP store.
- native or unix – Deliver messages to the user’s /var/mail store INBOX. The store is in Berkeley mailbox format. Messaging Server does not support /var/mail access. Users must use UNIX tools to access mail from the /var/mail store.
For groups only (inetMailGroup):
- file – Messages are appended to the file specified in the attribute mailDeliveryFileURL.
- members – Messages are sent to members of the mailing list. If missing, default=members is assumed.
- members_offline – To defer processing for this group, set the attribute to this value, and set the option.dat file option DEFER_GROUP_PROCESSING to zero (0).
Both users and groups:
These values are handled the same for both users and groups.
- program – Messages are delivered to a program, which is on the approved list of programs (specified in MTA’s configuration). The name of the program is specifed in the attribute mailProgramdeliveryInfo.
- forward – Specifies that messages will be forwarded. The forwarding address is specified in the attribute mailForwardingAddress. Note that when this value is set, mailForwardingAddress must be set to keep the mail system in sync.
The MTA option DELIVERY_OPTIONS, found in the msg_svr_base/config/option.dat file, defines how each of the previously listed values will be processed.
The MTA option used to override this attribute’s value is LDAP_DELIVERY_OPTION.
Example
mailDeliveryOption: mailbox
OID
2.16.840.1.113730.3.1.16
mailDomainAllowedServiceAccessOrigin
Messaging Server 5.0
Syntax
cis, single valued
Object Classes
Definition
Stores access filters (rules). If no rules are specified, then domain is allowed access to all services from all clients. Rules are separated by a dollar sign ($). The rules are evaluated in this manner:
- Access is granted if the client information matches an allow filter for that service.
- Access is denied if the client information matches a deny filter for that service.
- If no match is made with any allow or deny filters, access is granted, except in the case where there are allow filters but no deny filters. In this case, a lack of match means access is denied.
For a full explanation of access filters and an alternate way to control access through the administration console or the config utility, see “Configuring Client Access to POP, IMAP, and HTTP Services” in the Messaging Server Administration Guide.
Rule Syntax
"+" or "-" <service_list>":"<client_list>
+ (allow filter) means the service list services are being granted to the client list.
- (deny filter) means the services are being denied to the client list.
service_list is a comma separated list of services to which access is being granted or denied.
Legal service names are: imap, imaps, pop, pops, smtp, smtps, and http. Note that the MMP supports imap, imaps, pop, pops, and smtp. The backend supports imap, pop, smtp, and http.
client_list is a comma separated list of clients (domains) to which access is being granted or denied.
Wildcards can be substituted for the client list (domains). The following table shows the allowed wildcards and describes each of them:
The following wildcards can be used for the service list: *, ALL.
Except Operator
The access control system supports a single operator, EXCEPT. You can use the EXCEPT operator to create exceptions to the patterns found in a rule’s service list and client list. EXCEPT clauses can be nested. If there are multiple EXCEPT clauses in a rule, they are evaluated right to left.
The EXCEPT format is:
list 1 EXCEPT list 2
A list is a comma separated list of services or clients.
Example
This example shows a single rule with multiple services and a single wildcard for the client list.
mailDomainAllowedServiceAccess: +imap,pop,http:*
This example shows multiple rules, but each rule is simplified to have only one service name and uses wildcards for the client list.
mailDomainAllowedServiceAccess: +imap:ALL$+pop:ALL$+http:ALL
The second example is probably the most commonly used in Messaging Server LDIF files.
An example of a rule with an EXCEPT operator is:
mailDomainAllowedServiceAccess: -ALL:ALL EXCEPT server1.sesta.com
This example denies access to all services for all clients except those on the host machine server1.sesta.com.
OID
2.16.840.1.113730.3.1.764
mailDomainCatchallAddressOrigin
iPlanet Messaging Server 5.2
Syntax
cis, single-valued (RFC 822 mailbox)
Object Classes
Definition
Specifies an address to be substituted for any address in the domain that doesn’t match any user or group in the domain.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_CATCHALL_ADDRESS.
Example
OID
TBD
mailDomainConversionTagOrigin
iPlanet Messaging Server 5.2
Syntax
cis, multi-valued (ASCII string)
Object Classes
Definition
Method of specifying unique conversion behavior for any user in the domain. A message sent to a user in this domain will match any conversion file entries that require the specified value of the tag. (Any string value can be associated with this attribute.)
Tag-specific conversion actions are specified in the MTA configuration.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_CONVERSION_TAG.
Example
OID
TBD
mailDomainDiskQuotaOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Disk quota, in bytes, for all users in the domain. If domain quota enforcement is activated, then domains exceeding this quota stop receiving more messages until the domain messages no longer exceed the quota. Domain quota enforcement is activated using the command imquotacheck -f -d <domain>.
A value of -1 specifies no limit. This is the default.
Example
mailDomainDiskQuota: 50000000000
OID
2.16.840.1.113730.3.1.766
mailDomainMsgMaxBlocksOrigin
iPlanet Messaging Server 5.2
Syntax
int, single-valued
Object Classes
mailDomain
Definition
Imposes a size limit in units of MTA blocks on all messages sent to addresses in this domain. This limit doesn’t apply to messages sent by users from this domain.
The value of this attribute is overridden by the value of mailMsgMaxBlocks, if set.
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_BLOCKLIMIT.
Example
OID
TBD
mailDomainMsgQuotaOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Quota of number of messages permitted for all users in this domain. If domain quota enforcement is activated, then the domain exceeding this quota will stop receiving more messages until the messages no longer exceed the quota. Domain quota enforcement is activated using the command imquotacheck -f -d <domain>.
Example
mailDomainMsgQuota: 2000000
OID
2.16.840.1.113730.3.1.767
mailDomainReportAddressOrigin
iPlanet Messaging Server 5.2
Syntax
cis, single-valued (RFC 822 mailbox)
Object Classes
Definition
This value is used as the header From: address in DSNs reporting problems associated with recipient addresses in the domain. It is also used when reporting problems to users within the domain regarding errors associated with nonlocal addresses.
If this attribute is not set, the reporting address will default to “postmaster@domain.”
The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_REPORT_ADDRESS.
Example
OID
TBD
mailDomainSieveRuleSourceOrigin
iPlanet Messaging Server 5.2
Syntax
cis, single-valued (RFC 3028 sieve filter)
Object Classes
Definition
SIEVE filters are not supported by iPlanet Delegated Administrator.
SIEVE filter for all users in the domain. There are two possible forms for the value of this attribute: a single value that contains the complete sieve script (RFC 3028 compliant), and multiple values, with each value containing a piece of the sieve script (not RFC 3028 compliant).
A script has the following form:
require ["fileinto", "reject"];
# $Rule Info: Order=(1-infinity, or 0 for disabled) Template=(template-name) Name=(rule name)
if header :is "Sender" "owner-ietf-mta-filters@imc.org"
{ fileinto "filter"; # move to "filter" folder }
if header :is "Subject" "SPAM!"
{ delete }Multi-valued Form
Multiple SIEVE scripts per user can be stored in LDAP. To enable the user interface to handle several smaller rules scripts, rather than one script containing all the domain’s rules, this attribute takes multiple values (that is, multiple rules). The server looks at every rule in mailSieveRuleSource.
To provide ordering and possible user interface editing information, there is an optional SIEVE comment line in each rule. This line has the following format:
# $Rule Info: Order=(1-infinity, or 0 for disabled)
All rules that have a Rule Info line will be processed first by the Messaging Server. If Order=0, then this rule is not used in the SIEVE evaluation. Otherwise, the rules are processed in the order provided (1 having highest priority). To accommodate SIEVE rules that might not have been entered using the Rule Info extension, any other rules found are run by the server, in order received from LDAP after all rules with corresponding order values have been processed.
MTA Override Option
The MTA option that overrides this attribute’s value is LDAP_DOMAIN_ATTR_FILTER.
Example
The following example is correctly formed, but Messaging Server ignores discard and reject text, and does not send a reject or discard reply message.
mailSieveRuleSource:
require ["fileinto", "reject", "redirect", "discard"]
if header :contains "Subject" "New Rules Suggestion
{redirect "rules@sesta.com" # Forward message }
if header :contains "Sender" "porn.com"
{discard text:
Your message has been rejected. Please remove this address from your mailing list. # Reject message, send reply message.}
if size :over 1M
{ reject text:
Please do not send large attachments.
Put your file on a server and send the URL.
Thank you. # Discard message, send reply message.}
if header :contains "Sender" "domainadminstrator@sesta.com
{ fileinto complaints.refs # File message}OID
TBD
mailDomainStatusOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Current status of the mail domain. Can be one of the following values: active, inactive, deleted, hold, or overquota. This attribute is the mail service domain status. Missing value implies status is active. An illegal value is treated as inactive.
The following table lists the status values:
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
The MTA option that overrides this attribute’s values is LDAP_DOMAIN_ATTR_STATUS. The LDAP_DOMAIN_ATTR_STATUS option does not affect the message store or Identity Server commadmin utility, which only recognize and use the current value of mailDomainStatus.
Example
mailDomainStatus: active
OID
2.16.840.1.113730.3.1.770
mailDomainWelcomeMessageOrigin
Messaging Server 6.0
Syntax
cis, single-valued
Object Classes
Definition
Welcome message sent to new users added to this domain. ‘$$’ is a carriage return. BNF syntax of this attribute is:
value:: <subjectline>’$’[<opt_headers>]’$$’<body>
subjectline:: ’Subject:’[<TEXT>]
opt_headers::<header_line>’$’[<opt_headers>]
header_line:: <header_name>’:’<TEXT>
header_name:: <TEXT>
body:: [<lines>]
lines:: <line>’$’[<lines>]
line:: <TEXT>Example
mailDomainWelcomeMessage: Subject: Welcome!!$X-Endorsement: We’re good. $$Welcome to the mail system.
OID
2.16.840.1.113730.3.1.765
mailEquivalentAddressOrigin
iPlanet Messaging Server 5.2
Syntax
cis, multi-valued (RFC 822 addr-spec)
Object Classes
inetMailGroup, inetMailUser
Definition
Equivalent to mailAlternateAddress in regard to mail routing, except with this attribute, the header doesn’t get rewritten.
Note that mailEquivalentAddress is searched for when the system is deciding where to deliver messages, but it is not one of the attributes searched for when doing REVERSE_URL address reversal.
This attribute works only for direct LDAP mode, not with the deprecated imsimta dirsync option.
Example
mailEquivalentAddress: jdoe@sesta.com
mailEquvalentAddress: @sesta.com (catchall domain address)
OID
TBD
mailFolderNameOrigin
Sun ONE Messaging Server 6.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute specifies the name of a public folder.
Example
mailFolderName: Announcements
OID
mailForwardingAddressOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
This attribute stores one or more forwarding addresses for inbound messages. Addresses are specified in RFC 822 format. Messages are forwarded to the listed address when mailDeliveryOption: forward is set.
Note that both mailDeiveryOption and this attribute must be set in order to keep the mail system in sync.
Example
mailForwardingAddress: kokomo@sesta.com
OID
2.16.840.1.113730.3.1.17
mailHostOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
For a user or group entry, the fully qualified host name of the MTA that is the final destination of messages sent to this recipient. To be deemed local, the user entry must have this attribute, and it must match either the local.hostname configutil attribute, or one of the names specified by the local.imta.hostnamealiases configutil attribute. Otherwise, a new source routed address is generated in the form: @mailhost:user@domain and will be processed through the rewrite rules.
If a user entry does not have this attribute, the generated address will use the mailRoutingSmartHost hostname associated with the domain @smarthost:user@domain. If the domain has no mailRoutingSmartHost attribute, the address is discarded and a 5xx error is reported.
If a group entry does not have this attribute, the group is processed locally.
The MTA option that overrides this attribute’s value is LDAP_MAILHOST.
Example
mailHost: mail.siroe.com
OID
2.16.840.1.113730.3.1.18
mailMessageStoreOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Specifies the message store partition name for the user. The mapping between the partition name and the file system location of the store is kept in the message store configuration. If not specified, the default store partition specified in the server configuration is used.
Example
mailMessageStore: secondary
OID
2.16.840.1.113730.3.1.19
mailMsgMaxBlocksOrigin
iPlanet Messaging Server 5.2
Syntax
int, single-valued
Object Classes
inetMailGroup, inetMailUser
Definition
The size in units of MTA blocks of the largest message that can be sent to this user or group. The limit doesn’t apply to messages sent by the user.
If this attribute is set, it overrides the value of mailDomainMsgMaxBlocks.
The MTA option that overrides the attribute’s value is LDAP_BLOCKLIMIT.
Example
OID
TBD
mailMsgQuotaOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Maximum number of messages permitted for a user is set with mailMsgQuota. This is a cumulative count for all folders in the store. Table 3-13 shows the special values and their meanings:
Table 3-13 mailMsgQuota Special Values
Value
Meaning
0
No mail messages allowed
-1
No limit on number of messages allowed
-2
Use system default quota (use of this value is being deprecated)
If this attribute is missing, the system default quota is used. This is defined by the configutil parameter store.defaultmessagequota.
During server configuration, quota enforcement must be turned on for mailMsgQuota to take effect. Both soft and hard quotas can be set. (See the Sun Java System Messaging Server Administration Guide.)
The MTA option override is LDAP_MESSAGE_QUOTA.
Example
mailMsgQuota: 2000
OID
2.16.840.1.113730.3.1.774
mailProgramDeliveryInfoOrigin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
Specifies one or more programs used for program delivery. These programs have to be on the approved list of programs that the messaging server is permitted to execute for a domain. The attribute value specifies a reference to a program. That reference is resolved from the approved list of programs. The resolved reference also provides the program parameters and execution permissions. Used in conjunction with the mailDeliveryOption: program.
The value of this attribute should be used as the value for the method name (-m value) when running imsimta program.
The program approval process is documented further in the Messaging Server Administrator’s Guide.
The MTA option used to name a different attribute for this function is LDAP_PROGRAM_INFO.
Example
mailProgramDeliveryInfo: procmail
OID
2.16.840.1.113730.3.1.20
mailPublicFolderDefaultRightsOrigin
Sun ONE Messaging Server 6.0
Syntax
cis, multi-valued
Object Classes
Definition
Specifies the access control rights granted for this public folder. Each value of this attribute consists of two parts separated by a space. The two parts are: an identifier, as specified in RFC 2086, and a list of access rights (mod_rights) as follows in Table 3-14.
Messaging Server’s IMAP ACL implementation also defines the following new identifier:
anyone@domain
where domain is a valid domain.
If the attribute is missing, the default rights specified in the mailPublicFolderDefaultRights attribute from the mailDomain object class will be applied. If mailDomain does not contain this attribute, the following default ACL is set when a public folder is first created:
anyone@domain lrs
where domain is a valid domain.
Group identifiers start with the prefix “group=”. Do not put the group identifier prefix on a userid. The message store’s user creation code checks for this.
Examples
mailPublicFolderDefaultRights: anyone@sesta.com lrs
mailPublicFolderDefaultRights: group: sales@sesta.com lrs
mailPublicFolderDefaultRights: john@sesta.com lrswid
OID
mailQuotaOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Specifies, in bytes, the amount of disk space allowed for the user’s mailbox. The numeric portion of the value is limited to 4294966272. For values approaching of exceeding four gigabytes, use the G suffix instead of specifying the full value as a number. Other valid suffixes are: K for kilobytes, M for megabytes, and G for gigabytes.
Table 3-15 mailQuota Special Values
Value
Meaning
0
No space allowed for user’s mailbox
-1
No limit on space usage allowed
-2
Use system default quota (use of this value is being deprecated)
shows the special values for this attribute.
The quota value is limited to 4096G because the message store uses a 32 bit unsigned integer to store the quota value.
If the attribute is not specified, the system default quota is used.The system default is specified in the server configuration parameter store.defaultmailboxquota. Setting the configuration parameter store.quotaenforcement to ‘on’ causes the message store to enforce the quota.
Note
LDAP_DISK_QUOTA is the MTA option used to specify a different attribute name for this function.
Example
mailQuota: 4G
or for the system default quota:
mailQuota:
OID
2.16.840.1.113730.3.1.21
mailRejectTextOrigin
Messaging Server 5.2
Syntax
ces, multi-valued
Object Classes
Definition
The first line of text stored in the first value of this attribute is saved. This text is returned if any of the authentication attributes cause the message to be rejected. Since text can appear in SMTP responses, the value is limited to US-ASCII characters in order to comply with messaging standards.
Note
LDAP_REJECT_TEXT is the MTA option used to specify a different attribute name for this function.
Example
OID
TBD
mailRoutingAddressOrigin
Messaging Server 5.0
Syntax
cis, single valued
Object Classes
Definition
Used together with mailHost to determine whether or not the address should be acted upon at this time or forwarded to another system.
Note
LDAP_ROUTING_ADDRESS is the MTA option used to specify a different attribute name for this function.
Example
OID
2.16.840.1.113730.3.1.24
mailRoutingHostsOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Fully qualified host name of the MTA responsible for making routing decisions for users in this (and all contained) domain(s). Unspecified attribute implies all MTAs must route messages for the users/groups of this (and contained) domain(s).
When a domain is found to be nonlocal, the use of this attribute depends on the value of the MTA option ROUTE_TO_ROUTING_HOST:
- If the value is zero (0), which is the default setting, the attribute was checked as part of the $* rewrite rule. With a nonlocal domain, the $* rewrite rule fails and no further use is made of this attribute’s values. The remaining rewrite rules determine the handling of the domain.
- If the value of the option is one (1), then the first value of this attribute that the MTA receives is installed as the source route in the address. And, all addresses associated with the domain are routed to that host.
Since this attribute is multi-valued and the first value the MTA “sees” will be chosen when the option is set to 1, it might be tempting to assume that you can direct the order in which these mail hosts will be used; that is, you might assume you can do a sort of load balancing by ordering the various values of this attribute. But, LDAP does not guarantee that attribute value ordering is preserved, so the first value seen by the MTA might be any of the attribute’s values, not necessarily the first one in the LDAP entry.
You can implement load balancing with a set of MX records for each of the routing host names. Do not attempt to do it with the ordering of this attribute’s values.
LDAP_DOMAIN_AATR_ROUTING_HOSTS is the MTA option used to specify a different attribute name for this function.
Example
mailRoutingHosts: mail.siroe.com
OID
2.16.840.1.113730.3.1.759
mailRoutingSmartHostOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Fully qualified host name, or domain-literal IP address, of a mail server responsible for handling mail for users not found in the local directory. Messages sent to users not found in the messaging server’s directory are forwarded to the mail server specified in this attribute. This is useful when making a transition from one mail system to another and all users have not yet been moved over to the messaging server directory. An empty or missing attribute implies the local MTA is responsible for routing and delivering all messages for users in that domain.
This attribute is used by the system only if the domain it cares about is listed in the attribute, otherwise, it is ignored.
Note
LDAP_DOMAIN_ATTR_SMARTHOST is the MTA option used to specify a different attribute name for this function.
Example
mailRoutingSmartHost: mail.siroe.com
mailRoutingSmartHost: 129.148.12.141
OID
2.16.840.1.113730.3.1.760
mailSieveRuleSourceOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
SIEVE filters are not supported with iPlanet Delegated Administrator for Messaging. Use this with LDAP Schema 2 and Identity Server.
The attribute contains a SIEVE rule (RFC 3028 compliant) used to create a message filter script for a user entry. This attribute can be either single-valued, with the rule containing the complete SIEVE script, or multi-valued, with each rule containing an independently valid piece of the SIEVE script. When there are multiple values, the Web filter construction interface combines the rules into a single SIEVE script using an ordering parameter (Order) found in a #Rule Info: comment.
The script is applied when a message is ready to be enqueued to the delivery channel. Though the SIEVE script is created while the MTA is expanding aliases, it is not used until after the resulting delivery addresses have been expanded and are being sent to the ims-ms, native, autoreply or pipe channels.
A script has the following form:
require ["fileinto", "reject"];
# $Rule Info: Order=(1-infinity, or 0 for disabled) Template=(template-name) Name=(rule name)
if header :is "Sender" "owner-ietf-mta-filters@imc.org"
{ fileinto "filter"; # move to "filter" folder }
if header :is "Subject" "SPAM!"
{ delete }MTA Option
The MTA option used to name a different attribute for this function is LDAP_FILTER.
Example
mailSieveRuleSource:
require ["fileinto", "reject", "redirect", "discard]
if header :contains "Subject" "New Rules Suggestion
{redirect "rules@sesta.com" # Forward message }
if header :contains "Sender" "porn.com"
{discard text:
Your message has been rejected. Please remove this address from your mailing list. # Reject message, send reply message.}
if size :over 1M
{ reject text:
Please do not send me large attachments.
Put your file on a server and send me the URL.
Thank you. # Discard message, send reply message.}
if header :contains "Sender" "barkley@sesta.com
{ fileinto complaints.refs # File message}OID
2.16.840.1.113730.3.1.775
mailSMTPSubmitChannelOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Most commonly, this attribute is a factor involved in setting up guaranteed message delivery, or in setting up other special classes of service. When defined, this attribute tells the MTA to consider the channel named by this attribute to be the effective submission channel, if the SMTP AUTH is successful.
Example
mailSMTPSubmitChannel: tcp_tas
OID
2.16.840.1.113730.3.1.776
mailUserStatusOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Current status of the mail user. Can be one of the following values: active, inactive, deleted, hold, overquota, or removed.
A missing value implies status is active. An illegal value is treated as inactive.
Table 3-16 Mail User Status
Status Value
Description
active
Normal state. If inetUserStatus is also active, then mail is processed as per the values stored in other user attributes (such as mailDeliveryOption, mailSieveRuleSource, and so on). If not set to active, the status from inetUserStatus takes precedence. Other status attributes taken into consideration are inetDomainStatus and mailDomainStatus. If the combination of inetDomainStatus and mailDomainStatus permits mail delivery and access for the domain, the user state is determined from inetUserStatus and mailUserStatus.
inactive
The user’s mail account is inactive. A transient failure is returned to the sending MTA.
deleted
The user’s mail account is marked to be deleted from the message store. A permanent failure is returned to the sending MTA and the user’s mail account is a candidate for cleanup by the msuser purge utility. User access to the mailbox is blocked. After msuser purge deletes the mail account from the message store, it sets the value of mailUserStatus to removed.
removed
The user entry is marked to be deleted from the LDAP directory. A permanent failure is returned to the sending MTA. User access to the mailbox is blocked. This setting allows the Identity Server commadmin domain purge command to delete the user entry from the LDAP directory.
hold
User’s mail is sent to the hold queue and access to the mailbox over IMAP, POP, and HTTP is disallowed. MTA and Message Access Servers on the store server must comply with this requirement. This setting overrides any other mailDeliveryOption settings.
overquota
The MTA will not deliver mail to a mailbox with this status.
There are four status attributes that mail services look at and which are evaluated in this order: inetDomainStatus, mailDomainStatus, inetUserStatus, and mailUserStatus. The rule is: the first of these attributes that is set to something other than active takes precedence over all the others.
Example
mailUserStatus: active
OID
2.16.840.1.113730.3.1.778
maxPabEntriesOrigin
Messaging Server 5.0
Syntax
int, single-valued
Object Classes
Definition
Specifies the maximum number of personal address book entries users are permitted to have in their personal address book store. A value of -1 implies there is no limit. If this attribute is not present then the system default specified in the personal address book configuration is used.
Example
maxPabEntries: 1000
OID
2.16.840.1.113730.3.1.705
memberOfOrigin
Messaging Server 5.0, deprecated in Messaging Server 6.0 for inetUser; Identity Server
Syntax
dn, multi-valued
Object Classes
Definition
For LDAP Schema 2, this attribute decorates inetAdmin, and specifies the DN of an assignable dynamic group to which a user belongs. It is used as the default well-known filtered attribute used in conjunction with mgrpDeliverTo to search for assignable dynamic group members.
This attribute is deprecated for inetUser in Messaging Server 6.0 and is likely to be removed from the inetUser object class in future versions of the schema.
For LDAP Schema 1, this attribute specifies the DN of a mailing list to which a user belongs, indicating static group membership as a backpointer.
Example
memberOf: cn=Administrators,ou=groups o=sesta.com,o=basedn
OID
1.2.840.113556.1.2.102
memberOfPABOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
The unique name (un) of the personal address book(s) in which this entry belongs.
Example
memberOfPAB:addressbook122FA7
OID
2.16.840.1.113730.3.1.718
memberOfPABGroupOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Unique name of the personal group(s) in which this user belongs.
Example
memberOfPabGroup:testgroup15577F2D
OID
2.16.840.1.113730.3.1.719
memberURLOrigin
Messaging Server 5.2
Syntax
ces, multi-valued
Object Classes
Definition
A list of URLs, which, when expanded, provides a list of mailing list member addresses.
This is the preferred way to specify a dynamic mailing list. Alternately, you can use mgrpDeliverTo.
The MTA option used to override this attribute’s value is LDAP_GROUP_URL2.
Example
memberURL:ldap://cn=jdoes, o=sesta.com
OID
2.16.840.1.113730.3.1.198
mgrpAddHeaderOrigin
Netscape Messaging Server
Syntax
ces, multi-valued
Object Classes
Definition
Each attribute value specifies a header field that is to be added to the message header if it is present.
For the MTA, the values of these attributes are headers, which are used to set header-trimming ADD options.
Note
LDAP_ADD_HEADER is the MTA option used to specify a different attribute name for this function.
Example
mgrpAddHeader:Reply-To: thisgroup@sesta.com
OID
2.16.840.1.113730.3.1.781
mgrpAllowedBroadcasterOrigin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
Identifies mail users allowed to send messages to the mail group. The Messaging Server expects this attribute to contain either a distinguished name or an RFC822address using an LDAP URI or a mailto address (see example). If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. (That is, the group entry must contain an email address in one of the following attributes: mail, mailAlternateAddress, mailEquivalentAddress.) If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain and mgrpDisallowedDomain attributes are used.
If multi-valued, each URL is expanded into a list of addresses and each address is checked against the current envelope “from” address. The message is allowed if there is a match.
To specify that only the members of this group can post to the group, use the group name as the value of the attribute.
If none of the attribute values is a valid URL, or none of the members of the group specified in the attribute value have a valid URL, then the message will bounce.
Example
mgrpAllowedBroadcaster: ldap:///uid=bjensen,o=siroe.com
mgrpAllowedBroadcaster:mailto:group1@siroe.com
OID
2.16.840.1.113730.3.1.22
mgrpAllowedDomainOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Identifies domains (including subdomains) from which users are allowed to send messages to the mail group. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster, and mgrpDisallowedDomain attributes are used.
Note
LDAP_AUTH_DOMAIN is the MTA option used to specify a different attribute name for this function.
Example
mgrpAllowedDomain:siroe.com
This matches any user sending from *.siroe.com.
OID
2.16.840.1.113730.3.1.23
mgrpAuthPasswordOrigin
Messaging Server 5.0
Syntax
ces, single-valued
Object Classes
Definition
Specifies a password needed to post to the list.
The presence of this attribute forces a reprocessing pass. As the message is enqueued to the reprocessing channel, the password is taken from the header and placed in the envelope. Then, while reprocessing, the password is taken from the envelope and checked against this attribute. Only passwords that are actually used are removed from the header field.
This allows for routing to the moderator in the event of a password failure.
Note
LDAP_AUTH_PASSWORD is the MTA option used to specify a different attribute name for this function.
Example
OID
2.16.840.1.113730.3.1.783
mgrpBroadcasterPolicyOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Policy for determining allowed broadcaster. It specifies the level of authentication required to access the list of broadcaster addresses. The allowed values are:
Note
LDAP_AUTH_POLICY is the MTA option used to specify a different attribute name for this function.
Example
mgrpBroadcasterPolicy:AUTH_REQ
OID
2.16.840.1.113730.3.1.3
mgrpDeliverToOrigin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
Used as an alternative method of specifying mail group membership. This can be used to create a dynamic mailing list.
The preferred attribute to use for specifying dynamic mail group is memberURL.
The values of this attribute are a list of URLs, which, when expanded, provides mailing list member addresses.
Messaging Server expects this attribute to contain an LDAP URL using the format described in RFC 1959. Any entries returned by the resulting LDAP search are members of the mailing group. There is a hard limit on the length of the search filter of 1024 bytes.
Note
LDAP_GROUP_URL1 is the MTA option used to specify a different attribute name for this function.
Example
This example returns all users in the United States Accounting department for Sesta corporation.
mgrpDeliverTo: ldap:///ou=Accounting,o=Sesta,c=US??sub?
(&(objectClass=inetMailUser)(objectClass=inetOrgPerson))OID
2.16.840.1.113730.3.1.25
mgrpDisallowedBroadcasterOrigin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
Identifies mail users not allowed to send messages to the mail group. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedDomain and mgrpDisallowedDomain attributes are used.
Messaging Server expects this attribute to contain either a distinguished name or an RFC822address. If a distinguished name is used, it must represent a mailable entry or entries of type group or groupOfUniqueNames. (That is, the group entry must contain an email address in one of the following attributes: mail, mailAlternateAddress, mailEquivalentAddress.) The distinguished name must be represented in the form of an LDAP URL as described in RFC 1959.
If multi-valued, each URL is expanded into a list of addresses and each address is checked against the current envelope “from” address. The message is disallowed if there is a match.
Example
mgrpDisallowedBroadcaster: ldap:///uid=bjensen, o=sesta.com
mgrpDisallowedBroadcaster: mailto:sys50@sesta.com
OID
2.16.840.1.113730.3.1.785
mgrpDisallowedDomainOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Identifies domains from which users are not allowed to send messages to the mail group. This attribute is a private extension used by Messaging Server to manage mailing lists. If this attribute exists, then messages from listed domains are rejected. If no instances of this attribute exist on the inetMailGroup entry, then there are no restrictions on who can send messages to the mail group unless the mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster, and mgrpAllowedDomain attributes are used.
Note
LDAP_CANT_DOMAIN is the MTA option used to specify a different attribute name for this function.
Example
mgrpDisallowedDomain:sesta.com
OID
2.16.840.1.113730.3.1.784
mgrpErrorsToOrigin
Messaging Server 5.0
Syntax
ces, single-valued
Object Classes
Definition
Recipient of error messages generated when messages are submitted to this list. Recipient’s address can be specified using the mailto syntax, which includes an RFC 822 email address preceded by the keyword “mailto:” or simply an RFC 822 email address. Also supports LDAP URL syntax. However, if an LDAP URL is used, it must be one that produces a single address.
The envelope originator (MAIL FROM) address is set to the value of this attribute.
Examples:
Example 1: mgrpErrorsTo:mailto:jordan@siroe.com
Example 2: mgrpErrorsTo: ldap:///uid=ofanning,ou=people,o=siroe.com,o=ispOID
2.16.840.1.113730.3.1.26
mgrpModeratorOrigin
Messaging Server 5.0
Syntax
ces, multi-valued
Object Classes
Definition
LDAP URI or mailto URL identifying the moderators allowed to submit messages to this list. Only those messages that are submitted by the moderator are sent to the members of this list. Messages submitted by others are forwarded to the moderators for approval and resubmitting.
The URLs given as the value of this attribute are expanded into a series of addresses, and then compared with the envelope “from” address. If there is a match, group processing continues. If there is no match, the value of this attribute becomes the group URL, any list of RFC 822 addresses or DNs associated with the group is cleared, the delivery options for the group are set to “members,” and there is no further group processing for the failed URL (subsequent group attributes are ignored).
Note
LDAP_MODERATOR_URL is the MTA option used to specify a different attribute name for this function.
Example
mgrpModerator: mailto:jordan@sesta.com
OID
2.16.840.1.113730.3.1.33
mgrpMsgMaxSizeOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Maximum message size in bytes that can be sent to the group. Messaging Server expects zero or one instance of this attribute to exist for every mailGroup entry. If no entry exists, then no size limit is imposed on mail to the group.
This attribute is obsolete, but still supported for backwards compatibility. Use mailMsgMaxBlocks instead.
Note
LDAP_ATTR_MAXIMUM_MESSAGE_SIZE is the MTA option used to specify a different attribute name for this function.
Example
mgrpMsgMaxSize:8000
OID
2.16.840.1.113730.3.1.3
mgrpMsgPrefixTextOrigin
Not implemented.
Syntax
UTF-8 text, single-valued
Object Classes
Definition
Specifies the text to be added to the beginning of the message text. You must supply the formatting. That is, you must insert CRLF where they belong in the text.
Note
LDAP_PREFIX_TEXT is the MTA option used to specify a different attribute name for this function.
Example
OID
TBD
mgrpMsgRejectActionOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Identifies the action to be taken when a email sent to a mail group is rejected. The Messaging Server may reject mail for the following reasons:
This attribute takes two values: reply and toModerator:
reply – The system produces an SMTP error, which is also the default if the attribute is not set. The text of the failure notice is stored in the mgrpMsgRejectText attribute.
toModerator – The mail is forwarded to the moderator for processing. The moderator is identified by the mgrpModerator attribute.
Note
LDAP_REJECT_ACTION is the MTA option used to specify a different attribute name for this function.
Example
mgrpMsgRejectAction: reply
OID
2.16.840.1.113730.3.1.28
mgrpMsgRejectTextOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Specifies the error text to use int he event of a group access failure. Because this text may appear in SMTP responses, this restricts the text to a single line of US-ASCII. This is implemented by reading only the first line of text in this attribute and using it only if it contains no 8-bit characters. (This is a limitation of the SMTP protocol.)
Example
OID
2.16.840.1.113730.3.1.29
mgrpMsgSuffixTextOrigin
Not implemented.
Syntax
UTF-8 text, single valued
Object Classes
inetMailGroup
Definition
Specifies the text to be appended to the text message. You must supply the formatting. That is, you must insert any CRLFs (carriage return, line feeds) that belong in the text.
Note
LDAP_SUFFIX_TEXT is the MTA option used to specify a different attribute name for this function.
Example
OID
TBD
mgrpNoDuplicateChecksOrigin
Messaging Server 5.0, not implemented going forward for Messaging Server 5.2
Syntax
cis, single-valued
Object Classes
Definition
This attribute is no longer supported. Duplicate checking is controlled by characteristics of the lists themselves. Some lists combine and some lists don’t.
Old definition: Prevents Messaging Server from checking for duplicate delivery to members of the mail group. Prevents multiple deliveries if a user is on multiple lists. No means the system checks for duplicate delivery. Yes means the system does not check for duplicate delivery.
Example
mgrpNoDuplicateChecks: yes
OID
2.16.840.1.113730.3.1.789
mgrpRemoveHeaderOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Each attribute value specifies a header field that is to be removed from the message header, if present.
Turns the headers specified into header trimming MAXLINES=-1 options.
Note
LDAP_REMOVE_HEADER is the MTA option used to specify a different attribute name for this function.
Example
OID
2.16.840.1.113730.3.1.801
mgrpRequestToThis attribute has been removed from the schema. It is no longer supported. It only worked for dirsync mode, which was deprecated in Messaging Server 5.2.
mgrpRFC822MailMemberOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
Identifies recipients of mail sent to mail group. Mail sent to both this attribute and uniqueMember attributes are not members of the mixed-in groupOfUniqueNames. This attribute represents mail recipients that cannot be expressed as distinguished names, or who are to be sent mail from this group but who do not have the full privileges of a unique group member. Messaging Server expects this attribute to contain RFC 822 mail addresses. Generally used for group members who are not in the local directory.
For backwards compatibility, rfc822MailMember is also supported. You can use either one or the other of these attributes in any given group, but not both.
Note
LDAP_GROUP_RFC822 is the MTA option used to specify a different attribute name for this function.
Example
mgrpRFC822MailMember:bjensen@siroe.com
OID
2.16.840.1.113730.3.1.30
msgVanityDomainOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
This attribute and the object class using it are deprecated in the current release, and may not be supported in future releases. Sites should stop using this feature and consider migrating current vanity domains to hosted domains.
Example
OID
2.16.840.1.113730.3.1.799
multiLineDescriptionOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Detailed description of the distribution list. A dollar sign (“$”) creates a new line.
Example
multiLineDescription:People who like cats. $And are ambivalent about people.
OID
1.3.6.1.4.1.250.1.2
nickNameOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Identifies the short name used to locate a pabPerson or a pabGroup entry.
Example
nickname:Nick
OID
2.16.840.1.113730.3.1.720
nswcalDisallowAccessOrigin
Netscape Calendar Hosting Server
Syntax
cis, single
Object Classes
Definition
Lists the calendar protocols not allowed to be used by this user.
Example
OID
2.16.840.1.113730.3.1.539
nswmExtendedUserPrefsOrigin
Messaging Server 5.0
Syntax
cis, multi-valued
Object Classes
Definition
This attribute holds the pairs that define Messenger Express preferences such as sort order, Mail From address, and so on. Each instance of this attribute is the tuple pref_name=pref_value. This is a proprietary syntax and the example below is for illustrative purposes only.
Example
Example 1: nswmExtendedUserPrefs: meColorSet=4
Example 2: nswmExtendedUserPrefs: meSort=r
Example 3: nswmExtendedUserPrefs: meAutoSign=True
Example 4: nswmExtendedUserPrefs: meSignature=Otis
Fanning$ofanning@sesta.com
Example 5: nswmExtendedUserPrefs: meDraftFolder=DraftsOID
2.16.840.1.113730.3.1.520
oOrigin
Messaging Server 5.0
Syntax
cis, single valued
Object Classes
Definition
Name of the user’s company or organization. Abbreviation of organizationName.
Example
organizationName:Company22 Incorporated
or
o:Company22 Incorporated
OID
2.5.4.10
objectClassOrigin
Messaging Server 5.0
Syntax
cis
Object Classes
Definition
Specifies the objects for this object class.
Example
objectClass:person
OID
2.5.4.0
organizationName (see o)
organizationUnitName (see ou)
ouOrigin
Messaging Server 5.0
Syntax
cis, single valued
Object Classes
Definition
Name of the organization unit to which the user belongs. Abbreviation for organizationUnitName.
Example
organizationUnitName:docs
or
ou:docs
OID
2.16.840.1.113730.3.1.722
ownerOrigin
Messaging Server 5.0
Syntax
dn, single-valued
Object Classes
Definition
Identifies the distinguished name (DN) of the person or group with administrative privileges over the entry.
Example
owner: cn=John Smith,o=Sesta,c=US
OID
2.5.4.32
pabURIOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
LDAP URI specifying the container of the personal address book entries for this user. It takes the following form: ldap://server:port/container_dn, where:
Example
pabURI: ldap://ldap.siroe.com:389/ou=ed,ou=people,o=sesta.com,o=isp,o=pab
OID
2.16.840.1.113730.3.1.703
parentOrganizationOrigin
Messaging Server 6.0, Calendar Server 6.0
Syntax
cis, single-valued
Object Classes
sunManagedSubOrganization
Definition
Specifies the logical parent of a suborganization. The value of this is the DN of the parent organization or parent suborganization.
Example
parentOrganization:o=sesta,o=com,o=internet
OID
postalAddressOrigin
LDAP
Syntax
cis
Object Classes
icsCalendarResource, organization, organizationalUnit
Definition
Identifies the entry’s mailing address. This field is intended to include multiple lines. When represented in LDIF format, each line should be separated by a dollar sign ($).
To represent an actual dollar sign (“$”) or back slash (“\”) within this text, use the escaped hex values, \24 and \5c respectively. For example, to represent the string:
The dollar ($) value can be found
in the c:\cost file.provide the string:
The dollar(\24) value can be found$in the c:\5ccost file.
Example
postalAddress:123 Oak Street$Anytown, CA$90101
OID
2.5.4.16
preferredLanguageOrigin
Messaging Server 5.0, Calendar Server, Directory Server
Syntax
RFC 2798, cis, single-valued
Object Classes
icsCalendarUser, inetMailGroup, inetOrgPerson, iPlanetPreferences, mailDomain
Definition
Preferred written or spoken language for a person. The value for this attribute should conform to the syntax for HTTP Accept-Language header values.
Messaging Server uses this attribute to figure the locale. It does not use the locale specified with iPlanetPreferences.
Also used by Identity Server in user LDAP entries to store a user’s preferred language. Note that only Identity Server uses the iPlanetPreferences object class to host this attribute.
Table 3-17 lists the supported language strings:
Example
preferredLanguage:en
OID
2.16.840.1.113730.3.1.39
preferredMailHostOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Used by Messaging Server Delegated Administrator with LDAP Schema 1 only.
Used to set the mailHost attribute of newly created users and groups in this mail domain.
Example
preferredMailHost:mail.siroe.com
OID
2.16.840.1.113730.3.1.761
preferredMailMessageStoreOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Used by Messaging Server Delegated Administrator for LDAP Schema 1 only.
Used to set the mailMessageStore attribute of newly created users. If missing, Delegate Administrator leaves the mailMessageStore attribute empty and the access server assumes that the user’s mailbox is in the default partition of the server instance.
Example
preferredMailMessageStore: primary
OID
2.16.840.1.113730.3.1.762
seeAlsoOrigin
LDAP
Syntax
dn
Object Classes
groupOfUniqueNames, organization, organizationalUnit
Definition
Identifies another LDAP entry that may contain information related to this entry.
Example
seeAlso: cn=Quality Control Inspectors,ou=manufacturing,o=Company22, c=US
OID
2.5.4.34
snOrigin
LDAP
Syntax
cis
Object Classes
Definition
Identifies the entry’s surname, also referred to as last name or family name.
Example
surname:jones
OID
2.5.4.4
telephoneNumberOrigin
LDAP
Syntax
tel
Object Classes
domain, organization, organizationalUnit
Definition
Identifies the entry’s phone number.
Example
telephoneNumber:800-555-1212
OID
2.5.4.20
uidOrigin
Calendar Server 5.0, Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
icsCalendarResource, icsCalendarUser
Definition
Identifies the unique identifier for this user or resource within its relative namespace. All valid user and resource entries must have a uid attribute. Group entries may have a uid.
For Messaging Server, the uid is used to generate the user address to pass to the delivery channel. If a user entry does not have a uid attribute, the entry is ignored. If multiple uid attributes exist in an entry, only the first one is used. The MTA used to override this attribute’s value is LDAP_UID.
Example
uid:jdoe
OID
0.9.2342.19200300.100.1.1
unOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Unique name assigned to PAB entry. This is also the naming attribute for entries created by this object class and is used to form the DN of all PAB entries, irrespective of the type (pab, pabPerson, or pabGroup).
Example
un:Nick
OID
2.16.840.1.113730.3.1.717
uniqueMemberOrigin
Messaging Server 5.0
Syntax
dn, multi-valued
Object Classes
Definition
Identifies a member of a static group. Each member of the group is listed in the group’s LDAP entry using this attribute.
Example
uniqueMember: uid=jdoe,ou=People,o=sesta.com,o=basedn
uniqueMember: uid=rsmith,ou=People,o=sesta.com,o=basednOID
2.5.4.50
userId (see uid)
userPasswordOrigin
Messaging Server 5.0
Syntax
bin, single-valued
Even though RFC 2256 defines this attribute as multi-valued, for Sun Java System products, only one value is allowed.
Object Classes
inetUser, domain, organization, organizationalUnit
Definition
This attribute identifies the entry’s password and encryption method in the following format:
{encryption method}encrypted password
Transfer of cleartext passwords is strongly discouraged where the underlying transport service cannot guarantee confidentiality. Transfer of cleartext may result in disclosure of the password to unauthorized parties.
Example
userPassword:{sha}FTSLQhxXpA05
OID
2.5.4.35
vacationEndDateOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Vacation end date and time. Date is in the following format: YYYYMMDDHHMMSSZ; where YYYY is the four digit year, MM is the two digit month, DD is the two digit day, HH is the two digit hour, and SS is the two digit second. Time is normalized to GMT. Z is the character Z.
When the current date falls outside the range of dates specified by the attributes vacationStartDate and vacationEndDate, then any delivery options (in the DELIVERY_OPTIONS list) prefixed with “^” are removed from the active set of options. For example, if one of the DELIVERY_OPTIONS is “^*autoreply” and today’s date falls outside the vacation date range, then the option is removed from the active options list. Otherwise, the autoreply delivery option is activated.
Example
vacationEndDate:20000220000000Z
OID
2.16.840.1.113730.3.1.708
vacationStartDateOrigin
Messaging Server 5.0
Syntax
cis, single-valued
Object Classes
Definition
Vacation start date and time. Date is in the following format: YYYYMMDDHHMMSSZ; where YYYY is the four digit year, MM is the two digit month, DD is the two digit day, HH is the two digit hour, and SS is the two digit second. Time is normalized to GMT. Z is the character Z.
Example
vacationStartDate:20000215000000Z
OID
2.16.840.1.113730.3.1.707