The csdomain utility manages Calendar Server attributes in the LDAP directory for a hosted (virtual) domain. These attributes are part of the icsCalendarDomain object class. Commands are:
create a new hosted domain in the LDAP directory.
add a Calendar Server attribute and its associated value in the LDAP directory for a specific hosted domain.
delete a Calendar Server attribute in the LDAP directory for a specific hosted domain or delete an entire hosted domain.
list Calendar Server attributes in the LDAP directory for a specific hosted domain.
You must be in hosted (virtual) domain mode to run csdomain. That is, the following parameters in the ics.conf file must be set:
service.virtualdomain.support must be set to “yes”.
local.schemaversion must be set to the version of the LDAP schema (“1” , “1.5”, or “2”).
If local.schemaversion = “1” or “1.5”, service.dcroot must be set to the root suffix of the DC tree in the LDAP directory.
If local.schemaversion = “2”, service.schema2root must be set to the root suffix underneath which all domains are found.
You must have followed the instructions in Chapter 11, Setting Up Hosted Domains before using csdomain to add Organization Tree nodes.
You must run csdomain locally on the machine where Calendar Server is installed.
Calendar Server can be running or stopped.
You must be logged in as the user and group under which Calendar Server is running (such as icsuser and icsgroup) that was specified during installation, or as root.
csdomain [-q | -v] -n node create domain csdomain [-q | -v] {-a attr[=value] | -f filename} add domain csdomain [-q | -v] [-a attr | -f filename] delete domain csdomain [-q | -v] list domain |
The following table describes the commands available for the csdomain utility.
Table D–13 csdomain Utility Commands
Command |
Description |
---|---|
create |
Create a new hosted domain in the LDAP directory. All Calendar Server users and resources for the domain are then created under this entry in the directory. |
add |
Add a Calendar Server attribute and its associated value in the LDAP directory for a specific domain. If you add or update domain LDAP attributes using csdomain, restart Calendar Server for the new values to take effect. |
delete |
Delete a Calendar Server attribute in the LDAP directory for a specific hosted domain or delete all LDAP entries for an entire domain. |
list |
Display Calendar Server attributes in the LDAP directory for a specific domain. |
version |
Display the version of the utility. |
The following table describes the csdomain utility command options.
Table D–14 csdomain Utility Command Options
Option |
Description |
---|---|
-v |
Run in verbose mode: Display all available information about the command being performed. Default is off. |
-q |
Run in quiet mode:
|
-a attr[=value] |
Specifies the LDAP attribute property name and its optional value. For a list of these attributes and property names, see LDAP Attributes and Property Names. |
-f filename |
Specifies a text file that contains Calendar Server LDAP directory property names and their associated values. For example: createLowerCase="yes" filterPrivateEvents="no" fbIncludeDefCal="no" subIncludeDefCal="no" uiProxyUrl="https://proxyserver" |
-n node |
Applies to the create command as follows:
|
domain |
For the add, delete, and list commands, specifies an existing domain in the LDAP directory. For the create command, specifies the unique name of a new domain that will be created in the LDAP directory. For example: west.sesta.com |
The following tables describe the LDAP attributes and property names that apply to the csdomain utility. These attributes are part of the icsCalendarDomain object class. When you add or delete a value, you must use the property name and not the attribute name.
If you add or update domain LDAP attributes using csdomain, restart Calendar Server for the new values to take effect.
LDAP Attributes and Property Names describes the icsAllowRights attribute and properties that you can set with the csdomain utility. This attribute is a 32-bit numeric string, with each bit in the string corresponding to a specific user right. (In the current release, some bits are not used and are set to zero by default.) If a bit corresponding to a specific right is set (value=1), the right is not allowed. If the bit is not set (value=0), the right is allowed.
Each property in the icsAllowRights attribute has a corresponding ics.conf parameter. If a property is not set (value = 0) or is not present (service.virtualdomain.support = “no”), Calendar Server uses the corresponding ics.conf parameter as the default value.
The value for icsAllowRights is a numeric string and not an integer. To use icsAllowRights programmatically in bitwise operations, you must first convert its string value to an integer.
Table D–15 icsAllowRights LDAP Directory Attribute and Properties
Bit |
Property Name |
Description |
---|---|---|
0 |
allowCalendarCreation |
If set (bit 0=1), do not allow calendars to be created. Corresponding ics.conf parameter: service.wcap.allowcreatecalendars |
1 |
allowCalendarDeletion |
If set (bit 1=1), do not allow calendars to be deleted. Corresponding ics.conf parameter: service.wcap.allowdeletecalendars |
2 |
allowPublicWritableCalendars |
If set (bit 2=1), do not allow public writable calendars. Corresponding ics.conf parameter: service.wcap.allowpublicwriteablecalendars |
3 |
Not used in the current release. |
|
4 |
allowModifyUserPreferences |
If set (bit 4=1), do not allow domain administrators to get or set user preferences using WCAP commands. Corresponding ics.conf parameter: service.admin.calmaster.wcap.allowgetmodifyuserprefs |
5 |
allowModifyPassword |
If set (bit 5=1), do not allow user to change password via this server. Corresponding ics.conf parameter: service.wcap.allowchangepassword |
6 |
Not used in the current release. |
|
7 |
Not used in the current release. |
|
8 |
allowUserDoubleBook |
If set (bit 8=1), do not allow double booking for user’s calendars. Corresponding ics.conf parameter: user.allow.doublebook |
9 |
allowResourceDoubleBook |
If set (bit 9=1), do not allow double booking for resource calendars. Corresponding ics.conf parameter: resource.allow.doublebook |
10 |
allowSetCn |
If set (bit 10=1), do not allow user to set the common name (cn) attribute using the WCAP set_userprefs command. Corresponding ics.conf parameter: service.wcap.allowsetprefs.cn |
11 |
allowSetGivenName |
If set (bit 11=1), do not allow user to set the givenName attribute using the WCAP set_userprefs command. Corresponding ics.conf parameter: service.wcap.allowsetprefs.givenname |
12 |
allowSetGivenMail |
If set (bit 12=1), do not allow user to set the mail attribute using the WCAP set_userprefs command. Corresponding ics.conf parameter: service.wcap.allowsetprefs.mail |
13 |
allowSetPrefLang |
If set (bit 13=1), do not allow user to set the preferredLanguage attribute using the WCAP set_userprefs command. Corresponding ics.conf parameter: service.wcap.allowsetprefs.preferredlanguage |
14 |
allowSetSn |
If set (bit 14=1), do not allow user to set the surname (sn) attribute using the WCAP set_userprefs command. Corresponding ics.conf parameter: service.wcap.allowsetprefs.sn |
15–31 |
Not used in the current release. |
The following table describes the icsExtendedDomainPrefs attribute and properties that you can set with the csdomain utility. Each property has a corresponding ics.conf parameter. If a property is not set (value = 0, service.virtualdomain.support=“no”), or is not present, Calendar Server uses the corresponding ics.conf parameter as the default value.
Table D–16 icsExtendedDomainPrefs LDAP Directory Attribute
Property Name |
Description |
---|---|
allowProxyLogin |
Specifies "yes" or "no" whether to allow proxy logins. Corresponding ics.conf parameter: service.http.allowadminproxy (default = "no") |
calmasterAccessOverride |
Specifies "yes" or "no" whether the Calendar Server administrator can override access control. Corresponding ics.conf parameter: service.admin.calmaster.overrides.accesscontrol (default = "no") |
calmasterCred |
Specifies an ASCII string that is the password of the user ID specified as the Calendar Server domain administrator. Corresponding ics.conf parameter: service.admin.calmaster.cred (no default) |
calmasterUid |
Specifies an ASCII string that is the user ID of the person designated as the Calendar Server domain administrator. Corresponding ics.conf parameter: service.admin.calmaster.userid (no default) |
createLowercase |
Specifies "yes" or "no" whether Calendar Server should convert a calendar ID (calid) to lowercase when creating a new calendar or when searching for a calendar Corresponding ics.conf parameter: calstore.calendar.create.lowercase (default = "no") |
domainAccess |
Specifies an access control list (ACL) for the domain. For information about ACLs, see Access Control Lists (ACLs). This ACL is used for cross domain searches. For more information, see Cross Domain Searches. |
fbIncludeDefCal |
Specifies "yes" or "no" whether a user’s default calendar is included in user’s free/busy calendar list. Corresponding ics.conf parameter: calstore.freebusy.include.defaultcalendar (default = "yes") |
filterPrivateEvents |
Specifies "yes" or "no" whether Calendar Server filters (recognizes) Private and Time and Date Only (confidential) events and tasks. If "no", Calendar Server treats them the same as Public events and tasks. Corresponding ics.conf parameter: calstore.filterprivateevents (default = "yes") |
groupMaxSize |
Specifies the maximum number of attendees allowed in an LDAP group when expanding an event. Corresponding ics.conf parameter: calstore.group.attendee.maxsize (default is "0" – expand the group entirely) |
language |
Specifies the language for a domain. Corresponding ics.conf parameter: local.domain.language |
resourceDefaultAcl |
Specifies an access control list (ACL) that is the default access control permissions used when a resource calendar is created. Corresponding ics.conf parameter: resource.default.acl (default is "@@o^a^r^g;@@o^c^wdeic^g; @^a^rsf^g" |
setPublicRead |
Specifies whether user default calendars are initially set to public read/private write ("yes") or private read/private write ("no"). Corresponding ics.conf parameter: service.wcap.login.calendar.publicread (default = "no") |
searchFilter |
Specifies a search filter for finding a user. Corresponding ics.conf parameter: local.userSearchFilter |
ssoCookieDomain |
Specifies that the browser should send a cookie only to servers in the specified domain. The value must begin with a period (.). For example: ".sesta.com" Corresponding ics.conf parameter: sso.cookiedomain (default is the current domain) |
ssoUserDomain |
Specifies the domain used as part of the user’s SSO authentication. Corresponding ics.conf parameter: sso.userdomain (no default) |
subIncludeDefCal |
Specifies "yes" or "no" whether a user’s default calendar is included in the user’s subscribed calendar list. Corresponding ics.conf parameter: calstore.subscribed.include.defaultcalendar (default = "yes") |
uiAllowAnyone |
Specifies "yes" or "no" whether the user interface should show and use the "Everybody" access control list (ACL). Corresponding ics.conf parameter: ui.allow.anyone (default = "yes") |
uiAllowDomain |
Specifies "yes" or "no" whether the user interface should show and use the access control list (ACL) for this domain. Corresponding ics.conf parameter: ui.allow.domain (default = "no") |
uiBaseUrl |
Specifies a URL for the base server address. For example: "https://proxyserver". Corresponding ics.conf parameter: ui.base.url (no default) |
uiConfigFile |
Specifies an optional xml based configuration file that Calendar Server can read at startup that allows parts of the user interface to be hidden. Corresponding ics.conf parameter: ui.config.file (no default) |
uiProxyURL |
Specifies a URL for the proxy server address to prepend in an HTML UI JavaScript file. For example: "https://web_portal.sesta.com/" Corresponding ics.conf parameter: ui.proxyaddress.url (no default) |
The following table describes other LDAP attributes and properties that you can set with the csdomain utility.
Table D–17 Other LDAP Directory Attributes for the csdomain Utility
Create a new hosted domain using LDAP schema 1 named west.sesta.com:
csdomain -v -n o=nodewest,o=sesta create west.sesta.com
Create a new hosted domain using LDAP schema 2 named east.sesta.com:
csdomain -v -n nodeeast create east.sesta.com
Display a list of Calendar Server LDAP attributes for the hosted domain named west.sesta.com:
csdomain -v list west.sesta.com
Set the time zone to America/New_York for the hosted domain named west.sesta.com:
csdomain -v -a timezone=America/New_York add west.sesta.com