This section describes the following Access Manager object classes:
Access Manager
Specifies a dynamic group with a well-known attribute in the search filter. For Messaging Server, the well-known attribute is memberOf. The search filter is contained in the mgrpDeliverTo attribute.
iplanet-am-managed-group
auxiliary
2.16.840.1.113730.3.2.182
none
Inherits attributes from superior class.
Access Manager
Specifies a dynamic group which can be filtered on any attribute. The search filter is set in the mgrpDeliverTo attribute.
This group is not subscribable. Do not use iplanet-am-group-subscribable for a filtered dynamic group.
iplanet-am-managed-group
auxiliary
2.16.840.1.113730.3.2.181
none
Inherits attributes from superior class. Note that since this group can not be subscribed to, the mail attribute should not be used with it. If present, it will be ignored.
Access Manager
Specifies the attributes necessary to define administrator roles and their ACIs. The list of all users assigned this role is a dynamic list; that is, the list can be retrieved only by performing a search filtered by the role name. For further information on roles, see the Access Manager documentation at:
http://docs.sun.com
iplanet-am-managed-role
auxiliary
1.3.6.1.4.1.42.2.27.9.2.74
none
This class inherits the attributes of its superior class, see iplanet-am-managed-role.
Access Manager
This is the superior class for the various types of groups: static, assignable dynamic, and filtered dynamic. (See iplanet-am-managed-assignable-group, iplanet-am-managed-filtered-group, iplanet-am-managed-static-group.)
top
auxiliary
2.16.840.1.113730.3.2.180
none
Access Manager
The Access Manager class that defines the groups container under each Messaging Server hosted domain.
top
auxiliary
2.16.840.1.113730.3.2.189
none
none
Access Manager
This class is used by Access Manager to manage organizational units. It uses the same attributes as sunManagedOrganization and for all intents and purposes functions as any other organization managed by Access Manager.
Do not use this class for the domain organizations, or people and group containers in Messaging Server. Even though the attribute that holds the container name is organizational unit (ou), the proper Access Manager class to use is either iplanet-am-managed-group-container, or iplanet-am-managed-people-container.
top
auxiliary
2.16.840.1.113730.3.2.186
none
businessCategory, iplanet-am-service-status, telephoneNumber, sunOverrideTemplates, sunPreferredDomain, seeAlso
Access Manager
The Access Manager class that defines the people container under each Messaging Server hosted domain.
top
auxiliary
2.16.840.1.113730.3.2.187
none
none
Access Manager
Specifies Access Manager attributes used to manage users.
top
auxiliary
2.16.840.1.113730.3.2.184
none
iplanet-am-modifiable-by, iplanet-am-role-aci-description, iplanet-am-static-group-dn, iplanet-am-user-account-life
Access Manager
Specifies the attributes necessary to define administrator roles and their ACIs. This is the superior class for iplanet-am-managed-filtered-role.
top
auxiliary
2.16.840.1.113730.3.2.179
none
iplanet-am-role-aci-description, iplanet-am-role-aci-list, iplanet-am-role-any-options, iplanet-am-role-description, iplanet-am-role-managed-container-dn, iplanet-am-role-service-options, iplanet-am-role-type
Access Manager
Defines a group in which there are members identified with the uniqueMember attribute. Each user named in those attributes has the memberOf attribute in their LDAP user entry.
Note that static groups can have dynamic members. In this case, the LDAP entry must also contain the iplanet-am-managed-assignable-group object class.
iplanet-am-managed-group
auxiliary
2.16.840.1.113730.3.2.183
none
none (inherits from iplanet-am-managed-group)
Access Manager
This class contains the Access Manager attributes necessary to manage user accounts.
top
auxiliary
2.16.840.1.113730.3.2.176
none
iplanet-am-user-account-life, iplanet-am-user-admin-start-dn, iplanet-am-user-alias-list, iplanet-am-user-auth-config, iplanet-am-user-auth-modules, iplanet-am-user-failure-url, iplanet-am-user-federation-info, iplanet-am-user-federation-info-key, iplanet-am-user-login-status, iplanet-am-user-password-reset-force-reset, iplanet-am-user-password-reset-options, iplanet-am-user-password-reset-question-answer, iplanet-am-user-service-status, iplanet-am-user-success-url
Directory Server
Used by Access Manager. While Messaging Server does not use this object class, it is necessary for Access Manager.
Attributes for this object class hold certain preferences for this user. Specifically, the preferred language, preferred locale, and preferred time zone.
Note: The Messaging Server does not use this object class to define the preferred language. In addition, it does not use an attribute for locale; it infers the locale from the language. Messaging Server holds the preferredLanguage attribute in inetOrgPerson.
top
auxiliary
Unassigned
none
preferredLanguage, preferredLocale, preferredTimeZone
Calendar Server 6.0, Messaging Server 6.0
For LDAP Schema 2, this is a core class for both Messaging and Calendar products doing authentication with SSO. Every physical node must contain this class, including the root suffix.
The attribute holds the fully qualified login host name.
top
auxiliary
Unassigned
none
Calendar Server 6.0, Messaging Server 6.0
This is a core class for both Messaging and Calendar products. Every physical node must contain this class.
top
auxiliary
2.16.840.1.113730.3.2.185
sunPreferredDomain, associatedDomainbusinessCategory, sunPreferredOrganization, telephoneNumber, sunOverrideTemplates, inetDomainBaseDN
Access Manager
Used for LDAP Schema 2 only. Required to be present at the root of a subtree representing a namespace. Access Manager enforces the uniqueness attribute for namespaces.
Any organization or its subtree nodes can be designated as a namespace by extending the organization LDAP entry with this object class. Namespaces based on different unique attributes may overlap. That is, a subtree of a node designated as a namespace could also be its own namespace if the unique attributes are different. For example, the parent node could use uid to enforce uniqueness, while the child node uses the employee number.
This is a different paradigm than was used in LDAP Schema 1, in which every domain was considered a unique namespace (using uid as the default unique attribute). For LDAP Schema 2, all namespaces must be explicitly declared using this object class.
After Access Manager is installed, the root-suffix node contains this object class, but not its corresponding attribute. If you want to provision more than one unique namespace for your Messaging Server or Calendar Server installation, do not add sunNameSpaceUniqueAttrs to the root-suffix node.
For more information about namespaces, see the Sun Java Enterprise System Installation Guide.
top
auxiliary
1.3.6.1.4.1.42.2.27.9.2.29
none
Calendar Server 6.0, Messaging Server 6.0
Templates are LDAP entries of this object class. Search templates are used to describe how applications should construct searches to send to the directory server in order to locate entries in the DIT.
The entry is named by its required ou attribute.
top
auxiliary
1.3.6.1.4.1.42.2.27.9.2.27
organizationalUnitName (ou)
description, sunKeyValue, sunServiceId, sunSmsPriority, sunXmlKeyValue
Messaging Server 5.0
Used to store the presence information for a user.
top
auxiliary
2.16.840.1.113730.3.2.136
none