Administering Users

After your users are created, use the csuser utility to perform the following administrative tasks:

• To Display User Information

• To Disable a User

• To Enable a User

• To Set Up Email Aliases

• To Check if a User is Enabled for Calendaring

• To Delete a User from LDAP

• To Reset a User’s Attributes

• To Rename a User

• To Disable Users from Having Publicly Writable Calendars

To Display User Information

To list all calendar users or to display the calendar attributes of a specified user, use the csuser utility list command.

For example, to display all users enabled for calendaring:

csuser list

To display all of the calendar attributes of a single user such as jsmith:

csuser -v list jsmith

To Disable a User

The purpose of disabling a user is to prevent the user from logging into Calendar Server. This is handled differently depending on which user management tool you used to create the user. Users created in the Delegated Administrator Console should be administered using it also. Likewise, if you assigned calendar service to the user with Delegated Administrator Utility, use it to remove the service. And finally, users in a non-hosted domain environment should be administered using only the Calendar Server Utilities. Each handles the situation a bit differently.

This section contains the following topics:

• Delegated Administrator Console

• Delegated Administrator Utility (commadmin user delete)

• Calendar Server Utilities (csuser disable) (Calendar Server utilities)

Delegated Administrator Console

In the Delegated Administrator Console, select the user from the User List page. In the Properties for this user, delete the service package with calendar service in it. This disables the user for calendar, including setting the user's icsStatus to inactive.

---

Note –

If the package also contains other services, you will have to reassign those services using another package that does not contain calendar.

---

Delegated Administrator Utility (commadmin user delete)

To prevent a user from accessing calendar services, remove the service from the user’s LDAP entry, as shown in the example that follows:

commadmin user delete jsmith -S cal

This disables the user for calendar without completely removing the LDAP entry. In addition, this command changes the user's icsStatus to inactive.

Calendar Server Utilities (csuser disable)

The disable command prohibits a user from accessing calendar data, but it does not remove the user’s information from the LDAP entry or the Calendar Server database. This command changes the icsStatus attribute from active to inactive. In non-hosted domain mode, there is no such thing as a calendar service.

For example, to disable jsmith from accessing Calendar Server:

csuser disable jsmith

If jsmith is currently logged into Calendar Server, jsmith retains access to calendar data until he logs off.

To Enable a User

To enable a user, use one of the following tools:

• Delegated Administrator Console

• Delegated Administrator (commadmin user create)(for Schema 2)

• Calendar Server Utilities (csuser enable) (for Schema 1).

Delegated Administrator Console

You can add enable both a new user and an existing user:

• New user — When the user is created, using the New User wizard, assign the user a service package that includes calendar service. The user is automatically enabled.

• Existing user — Select the user from the User List page and use the Assign Service Package wizard to select a service package with calendar service. The user is automatically enabled.

Delegated Administrator (commadmin user create)

When creating a user, enable the user for calendar services, as illustrated in the example that follows:

commadmin user create jsmith -S cal

If you did not enable the user for calendar services when the user was created, you can add calendar services to the user later, using a modify command, as illustrated in the following example:

commadmin user modify jsmith -S cal

Calendar Server Utilities (csuser enable)

If you used csuser create when you created the user entry, the user is automatically enabled.

If a user sends a request to another user who has not been enabled for calendaring (that is, the user does not have a default calendar), Calendar Server returns the “Calendar not found” error to the user sending the request.

To Set Up Email Aliases

If you need to setup email aliases for a calendar user, add the mailalternateaddress attribute to the user's LDAP entry. The mail attribute provides the primary mail address, and the mailalternateaddress attribute is used for email aliases. Both attributes map the mail addresses to the user’s calendar ID (calid).

You can add the attribute using the Calendar Server Utility csattribute, or by directly updating LDAP with ldapmodify. The following example uses csattribute.

---

Note –

To enable these changes, you might also need to rebuild alias tables or configurations. Refer to the documentation for Messaging Server (or your email product) as well as your site's own documentation and procedures regarding changes to mail services. Messaging Server documentation is available on this at: http://docs.sun.com/coll/1312.1.

---

---

Example 14–1 Adding an Email Alias with csattribute

For example, to add the mailalternateaddress attribute for a user named John Smith with these values:

• User ID (uid) and calid: johnsmith

• password: password for John Smith

• Email address: john.smith@sesta.com

• Email aliases: johns@sesta.com and jsmith@sesta.com

csattribute -a mailalternateaddress=johns@sesta.com add johnsmith
 csattribute -a mailalternateaddress=jsmith@sesta.com add johnsmith

---

To Check if a User is Enabled for Calendaring

To determine if a specific user exists in your directory server and is enabled to access Calendar Server data, use the csuser utility check command.

For example, to check if jsmith is enabled for calendaring:

csuser check jsmith

If the check command indicates that a user does not exist in your LDAP directory server, you must create a directory server entry for the user.

To Delete a User from LDAP

Use different tools depending on whether you are deleting a user from a hosted domain or a non-hosted domain:

• Deleting Users in Schema 2 Using Delegated Administrator

• Deleting Users in a Schema 1 Environment

• For Non-Hosted Domains Only: Undeleting Users Marked for Deletion but Not Purged

---

Caution –

There is no undelete command.

Once users in hosted domains are deleted using Delegated Administrator, they must be purged and re-added from scratch. The user name can not be reused until the purge happens.

For non-hosted domains, see For Non-Hosted Domains Only: Undeleting Users Marked for Deletion but Not Purged.

---

Deleting Users in Schema 2 Using Delegated Administrator

You can mark users for deletion with either Delegated Administrator interface. However you can not purge users from LDAP with Delegated Administrator Console. You must use the Delegated Administrator Utility for that. The following task lists the steps for deleting a user from LDAP. The user is not actually removed from LDAP until the last step is complete.

1. Mark a user entry for deletion.

   For Delegated Administrator Console: Select the users to delete in the User List page and click Delete.

   For Delegated Administrator Utility: Use the commadmin user delete command. For example:

   commadmin user delete -D chris -n siroe.com 
   -w bolton -l jsmith

   In both cases the icsStatus attribute in the user LDAP entry is changed from active to deleted.

2. Use the Calendar Server Utility csclean to remove all calendars belonging to all deleted users in one or all domains, as shown in the following example:

   csclean clean “*”

   Or to remove calendars belonging to all deleted users in one domain, specify the actual domain, as shown in the following example: csclean clean sesta.com

   ---

   Tip –

   If you inadvertently purge the users from LDAP before deleting the users' calendars, you can remove them later using the cscal utility, as described in Managing User Calendars.

   ---

3. Purge the domain of all users marked for deletion, using Delegated Administrator Utility command commadmin domain purge.

   For example:

   commadmin domain purge -D chris -d sesta.com -n siroe.com -w bolton

   In this example, all users in sesta.com that are marked as deleted will be purged, that is, permanently removed.

   ---

   Tip –

   Run this utility manually from time to time to clean up your LDAP directory. For more information about this command, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.

   ---

Deleting Users in a Schema 1 Environment

To remove the specified user’s LDAP entry and the user’s default calendar, use the Calendar Server utility csuser with the delete command.

For example, to delete the LDAP entry and the default calendar for user jsmith use the following command:

csuser delete jsmith

If you wish to remove the other calendars belonging to this user, you must use cscal as described in Managing User Calendars.

For Non-Hosted Domains Only: Undeleting Users Marked for Deletion but Not Purged

For a non-hosted domain, to undelete users marked for deletion but not yet purged, it is necessary to reset the users' icsStatus attributes to active. You can achieve this by directly changing the LDAP entries (using ldapmodify), or by using the Calendar Server Utility csattribute.

However, in a non-hosted domain, once the user is purged, you can only recover the LDAP server information by restoring it from a backup.

To Reset a User’s Attributes

To restore the default settings of all calendar LDAP attributes for a specific user, use the csuser utility reset command.

For example, to reset all calendar attributes of jsmith to the default configuration settings:

csuser reset jsmith

---

Note –

After a calendar user has been reset, all of the calendar attributes are removed from the user’s LDAP entry, including icsCalendarUser (object class), icsSubscribed, icsCalendarOwned, icsCalendar, and icsDWPHost (if in the LDAP CLD setup). A Calendar Server administrator will not be able to create calendars on the user’s behalf.

These attributes are restored in the user’s LDAP entry when:

• The user logs back into Calendar Server, or

• The Calendar Server administrator issues a csuser enable command for the user (although in this case, the icsDWPHost attribute is not restored).

---

To Rename a User

If one or more user ID's need to be changed, run the csrename utility. This utility performs the following steps:

• Converts the user ID's in the Calendar Server LDAP attributes (the ones with the ics prefix). The LDAP directory is updated in place.

• Renames the users in events and tasks on the Calendar Server database files. It writes the new database to a destination directory. Existing database files are not modified.

---

Note –

Be aware that changing even one user ID causes the whole database to be rewritten. So this is a “costly” utility to run.

For instructions on how to run the csrename utility, see Appendix D, Calendar Server Command-Line Utilities Reference.

---

To Disable Users from Having Publicly Writable Calendars

1. Log in as an administrator with permission to change the configuration.

2. Change to the /etc/opt/SUNWics5/cal/config directory.

3. Save your old ics.conf file by copying and renaming it.

4. Edit the following ics.conf parameter as shown in the following table:

   Parameter	Description and Default Value
   service.wcap. allowpublicwritablecalendars	Enables users to have publicly writable calendars. This is enabled by default (set to “yes”).

5. Save the file as ics.conf.

6. Restart Calendar Server.

   cal_svr_base/SUNWics5/cal/sbin/start-cal