This chapter contains conceptual information and instructions on how to customize your existing domains.
This chapter describes these topics:
11.1 Configuring Domain Preferences for Groups in Calendar Server Version 6.3
11.3 Using Domains Created by Messaging Server in Calendar Server Version 6.3
If you have user groups set up in LDAP, you can specify domain level preferences for doublebooking and set default ACL's.
Set bit 15 of the icsAllowRights attribute in the domain LDAP entry. Use "0" if doublebooking is not allowed. Use "1" if doublebooking is allowed.
You can change the default access control permissions for groups at various levels.
This section covers the following group ACL topics:
The default ACL for groups in any domain is specified in the ics.conf file parameter group.default.acl. The default ACL is:
"@@o^a^r^g;@@o^c^wdeic^g;@^a^rsf^g"
You can change the ACL by editing it.
To change the default ACL for groups in a specific domain, you must edit the domain LDAP entry. Change the value of the groupdefaultacl property in the icsExtendedDomainPrefs attribute.
To change the default ACL for a specific group, edit the group LDAP entry. Change the value of the icsDefaultacl attribute.
This section contains conceptual information and high-level tasks for setting up cross domain searches.
By default, users can search only within their home domain for users, groups and resources to invite to events. Cross domain searches, however, allow users in one domain to search for users, groups and resources in other domains, as long as certain requirements are met.
The following is a list of requirements you must meet to successfully implement cross domain searches:
Each domain can specify an access control list (ACL) in the domainAccess property of the icsExtendedDomainPrefs attribute that grants or denies cross domain searches from other domains. Thus, a domain can allow or disallow either specific domains, or all domains, from searching it.
To specify more than one domain, supply a semicolon separated list of domain names for the value of the domainAccess property.
There can be only one instance of the domainAccess property in an LDAP domain entry. If you use LDAP tools to add ACLs to a domain entry, you must ensure that you are not inadvertently creating a duplicate of the domainAccess property.
For a description of domainAccess, see D.9.3 LDAP Attributes and Property Names. For general information about ACLs, see 1.8.3 Access Control Lists (ACLs) in Calendar Server Version 6.3.
Each domain can specify the external domains its users can search. The icsDomainNames LDAP attribute specifies the external domains that a domain’s users can search when looking for users and groups (as long as the ACL for the external domain allows the search).
For example, if icsDomainNames for the various.org domain lists sesta.com and siroe.com, users in various.org can perform cross domain searches in sesta.com and siroe.com. For a description of icsDomainNames, see D.9.3 LDAP Attributes and Property Names.
For instructions on how to enable cross domain searches, see 13.3 Enabling Cross Domain Searches.
If Messaging Server has already created domains, you can add calendar services in either Schema version 1 or Schema version 2 mode.
This section covers the following topics:
11.3.2 Adding Calendar Services to Messaging Domains in Schema 2 Mode in Calendar Server Version 6.3
To add calendar services to a domain, add the following object class and two attributes to the domain's LDAP entry:
Object class: icsCalendarDomain.
Attribute:icsStatus. Set the value to “active”.
Attribute: icsExtendedDomainPrefs. Set the value of the domainAccess attribute option to the ACL you want to use for access control.
You can do this in one of two ways: use csattribute add command or use ldapmodify as shown in the example that follows:
dn:dc=sesta,dc=com,o=internet changetype:modify add:objectclass objectClass:icsCalendarDomain add:icsStatus icsStatus:active add:icsExtendedDomainPrefs icsExtendedDomainPrefs:domainAccess=@@d^a^slfrwd^g;anonymous^a^r^g;@^a^s^g |
If Messaging Server is in Schema version 2 mode, perform the following two steps to add calendar services to the existing domains:
Use the Delegated Administrator Utility command commadmin domain modify with the -S option to add calendar service to each domain.
Alternately, you can use the Delegated Administrator Console to allocate service packages containing calendar service to the affected domains. To do this, use the Allocate Service Packages button on the Organization List page.
Use the Delegated Administrator Utility command commadmin user modify with the -S option to add calendar service to each user in each domain you enabled for calendar.
Alternately, you can use the Delegated Administrator Console to assign a service package containing calendar service to each user in the affected domains. To do this, use the Assign Service Package button on the User List page in each affected organization.
For the commadmin commands, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.
For more information about Delegated Administrator Console, see its online help.
For commdirmig information, see the Sun Java Communications Suite 5 Schema Migration Guide.