This section covers the two tasks you must do to enable cross domain searches:
Adding Names of Domains Allowed to Search This Domain in the LDAP entry for each of the domains allowed to search this domain.
Adding Names of Domains to be Searched by This Domain when users in this domain send invitations to events.
This can be done using either of the following tools: ldapmodify (for either Schema mode), or Delegated Administrator Console or Utility (for Schema 2).
Each domain LDAP entry specifies access permissions in ACE's, which are defined in the domainAccess parameter of the icsExtendedDomainPrefs attribute. Two different ways to allow external domains to search this domain are:
The construction of ACI's is explained more fully in Calendar Access Control.
This can be done three ways:
Using ldapmodify, create the following ACE string in the domainAccess preference of the icsExtendedDomainPrefs:
@domain_being_allowed^a^lsfr^g
Form the ACE by specifying the domain allowed to search this domain, followed by sufficient permissions to allow the search.
Using Delegated Administrator Utility command commadmin domain modify, add ACE strings specifying the domainAccess preference in icsExtendedDomainPrefs attribute.
For example, in a Schema 2 environment, sesta.com allows searches from siroe.com:
commadmin domain modify -D admin
   -w adminpassword -X hostmachine_1 -d sesta.com 
   -A +icsextendeddomainprefs:"domainAccess=@@d^a^slfrwd^g;
      @siroe.com^a^lsfrwd^g;anonymous^a^r^g;@^a^s^g"
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Allow Invitations From Users in These Organizations list.
This updates the domainAccess preference in the icsExtendedDomainPrefs attribute.
While you can specify the exact permissions given to the domains in the first two methods just listed, the last one, using the Delegated Administrator Console, does not allow the administrator as much control. The list of permissions is preset. The permissions given are: free-busy access, and event scheduling access. The user can't see event details unless the owner of that calendar has set permissions to allow all users to read it.
There are three ways to allow all external domains to search this domain:
Using ldapmodify, create the following ACE string in the domainAccess preference of the icsExtendedDomainPrefs:
@^a^slfr^g
Form the ACE by specifying that all domains have sufficient access to perform searches.
Using Delegated Administrator Utility command commadmin domain modify, add ACE strings specifying the domainAccess preference in icsExtendedDomainPrefs attribute.
For example, in a Schema 2 environment, sesta.com allows searches by all domains:
commadmin domain modify -D admin 
   -w adminpassword -X hostmachine_1 -d sesta.com 
   -A +icsextendeddomainprefs:"domainAccess=@@d^a^slfrwd^g;
      anonymous^a^r^g;@^a^slfr^g"
The characters @@d refer to the domain of the primary owner.
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Allow Invitations From Users in These Organizations list.
This updates the domainAccess preference in the icsExtendedDomainPrefs attribute.
While you can specify the exact permissions given to the domains in the first two methods just listed, the last one, using the Delegated Administrator Console, does not allow the administrator as much control. The list of permissions is preset. The permissions given are: free-busy access, and event scheduling access. The user can't see event details unless the owner of that calendar has set permissions to allow all users to read it.
There are three ways to do add external domains to be searched by this domain:
Using ldapmodify, add one instance of icsDomainNames for each external domain that can be searched by users in this domain.
For example, sesta.com searches in both siroe.com and example.com when performing cross domain searches. Use ldapmodify (for either Schema 1 or Schema 2) to create the following LDIF:
dn: dc=sesta, dc=com, o=internet changetype: modify add: icsDomainNames icsDomainNames:siroe.com icsDomainNames:example.com
Using Delegated Administrator Utility command commadmin domain modify, specify the option -A to add names of domains to be searched.
For example:
commadmin domain modify -D admin -w adminpassword -X hostmachine_1 -d sesta.com -A +icsDomainNames:siroe.com -A +icsDomainNames:example.com
Using Delegated Administrator Console, when creating or editing an organization's properties, you can add domains to the Invite Calendars in These Organizations list.
This adds icsDomainNames attributes to the domain LDAP entry. Add one attribute for each external domain to be searched when users in this domain send invitations to an event.
For more information, see the Delegated Administrator Console online help.