Sun Java System Calendar Server 6.3 Administration Guide

Chapter 11 Customizing Existing Domains for a Calendar Server 6.3 System

This chapter contains conceptual information and instructions on how to customize your existing domains.

This chapter describes these topics:

11.1 Configuring Domain Preferences for Groups in Calendar Server Version 6.3

If you have user groups set up in LDAP, you can specify domain level preferences for doublebooking and set default ACL's.

11.1.1 Setting the Doublebooking Domain Preference in Calendar Server Version 6.3

Set bit 15 of the icsAllowRights attribute in the domain LDAP entry. Use "0" if doublebooking is not allowed. Use "1" if doublebooking is allowed.

11.1.2 Specifying the Default ACL for Groups in Calendar Server Version 6.3

You can change the default access control permissions for groups at various levels.

This section covers the following group ACL topics:

11.1.2.1 For All Groups

The default ACL for groups in any domain is specified in the ics.conf file parameter group.default.acl. The default ACL is:

"@@o^a^r^g;@@o^c^wdeic^g;@^a^rsf^g"

You can change the ACL by editing it.

11.1.2.2 For All Groups in a Specific Domain

To change the default ACL for groups in a specific domain, you must edit the domain LDAP entry. Change the value of the groupdefaultacl property in the icsExtendedDomainPrefs attribute.

11.1.2.3 For a Specific Group in a Domain

To change the default ACL for a specific group, edit the group LDAP entry. Change the value of the icsDefaultacl attribute.

11.2 Cross Domain Searching in Calendar Server 6.3 Systems

This section contains conceptual information and high-level tasks for setting up cross domain searches.

By default, users can search only within their home domain for users, groups and resources to invite to events. Cross domain searches, however, allow users in one domain to search for users, groups and resources in other domains, as long as certain requirements are met.

The following is a list of requirements you must meet to successfully implement cross domain searches:

Each domain can specify an access control list (ACL) in the domainAccess property of the icsExtendedDomainPrefs attribute that grants or denies cross domain searches from other domains. Thus, a domain can allow or disallow either specific domains, or all domains, from searching it.

Tip –
To specify more than one domain, supply a semicolon separated list of domain names for the value of the domainAccess property.

Caution –
There can be only one instance of the domainAccess property in an LDAP domain entry. If you use LDAP tools to add ACLs to a domain entry, you must ensure that you are not inadvertently creating a duplicate of the domainAccess property.

For a description of domainAccess, see D.9.3 LDAP Attributes and Property Names. For general information about ACLs, see 1.8.3 Access Control Lists (ACLs) in Calendar Server Version 6.3.
Each domain can specify the external domains its users can search. The icsDomainNames LDAP attribute specifies the external domains that a domain’s users can search when looking for users and groups (as long as the ACL for the external domain allows the search).

For example, if icsDomainNames for the various.org domain lists sesta.com and siroe.com, users in various.org can perform cross domain searches in sesta.com and siroe.com. For a description of icsDomainNames, see D.9.3 LDAP Attributes and Property Names.

For instructions on how to enable cross domain searches, see 13.3 Enabling Cross Domain Searches.

11.3 Using Domains Created by Messaging Server in Calendar Server Version 6.3

If Messaging Server has already created domains, you can add calendar services in either Schema version 1 or Schema version 2 mode.

This section covers the following topics:

11.3.1 Adding Calendar Services to Messaging Domains in Schema Version 1 Mode for Calendar Server Version 6.3

To add calendar services to a domain, add the following object class and two attributes to the domain's LDAP entry:

Object class: icsCalendarDomain.
Attribute:icsStatus. Set the value to “active”.
Attribute: icsExtendedDomainPrefs. Set the value of the domainAccess attribute option to the ACL you want to use for access control.

You can do this in one of two ways: use csattribute add command or use ldapmodify as shown in the example that follows:

dn:dc=sesta,dc=com,o=internet
 changetype:modify
 add:objectclass
 objectClass:icsCalendarDomain
 add:icsStatus
 icsStatus:active
 add:icsExtendedDomainPrefs
 icsExtendedDomainPrefs:domainAccess=@@d^a^slfrwd^g;anonymous^a^r^g;@^a^s^g

11.3.2 Adding Calendar Services to Messaging Domains in Schema 2 Mode in Calendar Server Version 6.3

If Messaging Server is in Schema version 2 mode, perform the following two steps to add calendar services to the existing domains:

Use the Delegated Administrator Utility command commadmin domain modify with the -S option to add calendar service to each domain.

Alternately, you can use the Delegated Administrator Console to allocate service packages containing calendar service to the affected domains. To do this, use the Allocate Service Packages button on the Organization List page.
Use the Delegated Administrator Utility command commadmin user modify with the -S option to add calendar service to each user in each domain you enabled for calendar.

Alternately, you can use the Delegated Administrator Console to assign a service package containing calendar service to each user in the affected domains. To do this, use the Assign Service Package button on the User List page in each affected organization.

For the commadmin commands, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.

For more information about Delegated Administrator Console, see its online help.

For commdirmig information, see the Sun Java Communications Suite 5 Schema Migration Guide.