Provisioning Data into the LDAP Directory (Configuring Sun Java System Messaging Server MTA)

Configuring Sun Java System Messaging Server MTA

Provisioning Data into the LDAP Directory

Throughout this document, the person who permits submission is called a manager, and the person that these permissions are granted to is called an assistant. In the technique used here, the data of who can send email on behalf of whom is stored in the directory server, in particular in the entry of the manager. For the sake of this discussion, these permissions are stored in an attribute called mailGrantSendPermissionsTo. Such an attribute does not exist in any of the Sun-distributed schemas. You need to add this attribute to the configuration of your directory server.

To Add a New Attribute to the LDAP Directory

One way to add the mailGrantSendPermissionsTo attribute is by creating a file called 99grant.ldif, with the following content, and placing it in the “schema” directory of the directory server:

dn: cn=schema
attributeTypes: ( mailGrantSendPermissionsTo-oid NAME ( ’mailGrant
 SendPermissionsTo’ ) DESC ’Attribute for granting send permissio
 ns’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ’grant permissions’ )
objectClasses: ( mailGrantPermission-oid NAME ’mailGrantPermissi
 on’ DESC ’An objectclass for storing send permissions’ SUP inetLoc
 alMailRecipient MAY ( mailGrantSendPermissionsTo ) X-ORIGIN ’gra
 nt permissions’ )

The default Java Enterprise System location for the “schema” directory is /var/opt/mps/serverroot/slapd-instance/config/schema.

To Add a New Objectclass to the LDAP Directory

After adding the objectclass and the attribute to your LDAP directory server schema, you are able to add the mailGrantPermission objectclass to the user’s entry. Along with that, you can add a number of values for the mailGrantSendPermissionTo attribute. You should add that data to the manager’s LDAP entry, and the mailGrantSendPermissionTo values should contain mail addresses of assistants of that manager (one address per value).

For example, to add permission so that a user whose email address is assistant@red.example.com can send mail on behalf of a user whose DN is uid=manager, ou=People, o=red.example.com, dc=red, dc=example, dc=com, you need to add the following attributes to the latter, as shown by this ldif file example.

dn: uid=manager,ou=People,o=red.example.com,dc=red,dc=example,dc=com
changetype: modify
add: objectclass
objectClass: mailGrantPermission
-
add: mailGrantSendPermissionsTo
mailGrantSendPermissionsTo: assistant@red.example.com

You would use the ldapmodify command with this file to make the changes in the directory.