Examples

Example 1 — Schema 2

Suppose the directory contains a base node, o=sesta, to store a corporation's user data. In addition, there is an index node, o=sesta2, which points to an overlapping subset of users. In this example, sesta.com is the canonical domain name.

To identify the actual organization node, you must decorate the non-canonical organization entry (the index node) with the value of the canonical organization node, inetCanonicalDomainName:sesta.com:

dn:o=sesta,o=rootsuffix
sunPreferredDomain:sesta.com

dn:o=sesta2,o=sesta,o=rootsuffix
inetDomainBaseDN:o=sesta,o=rootsuffix
inetCanonicalDomainName:sesta.com 

Example 2 — User Login with inetCanonicalDomainName

Assume the two organization nodes, o=sesta and o=sesta2, are decorated as shown in Example 1. The user jdoe logs in to Messaging Server with the following user ID:

jdoe@sesta2.com

In this example, there can be only one LDAP entry for the user jdoe.

In this case, Messaging Server performs one or more lookups to determine jdoe's canonical user ID, which consists of the user's uid followed by @ and the user's canonical domain name.

Messaging Server looks up the value of the inetCanonicalDomainName attribute in the sesta2 organization entry. It then replaces the original domain name in the login ID, sesta2, with the canonical domain name, sesta.

Using the canonical user ID, Messaging Server opens jdoe's correct mailbox, which displays all of jdoe's messages, including messages sent to jdoe@sesta2.com, to jdoe@sesta.com, and to any other domain or alias domain associated with jdoe.

Example 3 — User Login without inetCanonicalDomainName

Assume the same directory tree layout as is shown in Example 1, but now inetCanonicalDomainName is not used. The user jdoe logs in to Messaging Server with the following user ID:

jdoe@sesta2.com

As in Example 2 (shown above), there can be only one LDAP entry for the user jdoe.

In this case, Messaging Server performs the same lookups it performs in Example 2.

However, because the sesta2 organization entry does not contain the inetCanonicalDomainName attribute, Messaging Server uses the user ID <uid>@sesta2.com to determine which mailbox to open. A second mailbox associated with the sesta2 domain is created (or, if it already exists, opened).

In this mailbox, the user jdoe sees only messages sent to the sesta2 domain; jdoe has no access to any other messages. All other messages are contained in the mailbox associated with the canonical domain.

Example 4 — Schema 1

In a Schema 1 scenario, if two DC Tree nodes exist, dc=sesta and dc=sesta2, both referring to the user/group base node o=sesta, then you must specify the canonical domain name as follows:

dn:dc=sesta,dc=com,o=internet
inetDomainBaseDN:o=sesta.com

dn:dc=sesta2,dc=com,o=internet
inetDomainBaseDN: o=sesta.com
inetCanonicalDomainName:sesta.com