Sun ONE Messaging and Collaboration 6.0 Schema Reference Manual |
Chapter 4
Sun ONE Identity Server Classes and AttributesThis chapter describes LDAP object classes and attributes for Sun Open Net Environment (ONE) Identity Server implementing Sun ONE LDAP Schema v.2. The objects and attributes are listed alphabetically.
Note that the Identity Server schema is subject to change. To understand provisioning considerations, see the Sun Java Enterprise System Installation Guide.
The chapter is divided into two sections:
Object ClassesThis section describes the following Sun ONE Identity Server object classes:
iplanet-am-managed-assignable-groupSupported by
Sun ONE Identity Server
Definition
Specifies a dynamic group with a well-known attribute in the search filter. For Messaging Server, the well-known attribute is memberOf. The search filter is contained in the mgrpDeliverTo attribute.
Superior Class
iplanet-am-managed-group
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.182
Required Attributes
N/A
Allowed Attributes
Inherits attributes from superior class.
iplanet-am-managed-filtered-groupSupported by
Sun ONE Identity Server
Definition
Specifies a dynamic group which can be filtered on any attribute. The search filter is set in the mgrpDeliverTo attribute.
This group is not subscribable. Do not use iplanet-am-group-subscribable for a filtered dynamic group.
Superior Class
iplanet-am-managed-group
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.181
Required Attributes
N/A
Allowed Attributes
Inherits attributes from superior class. Note that since this group can not be subscribed to, the mail attribute should not be used with it. If present, it will be ignored.
iplanet-am-managed-filtered-roleSupported by
Sun ONE Identity Server
Definition
Specifies the attributes necessary to define administrator roles and their ACIs. The list of all users assigned this role is a dynamic list; that is, the list can be retrieved only by performing a search filtered by the role name. For further information on roles, see the Sun ONE Identity Server documentation at:
Superior Class
iplanet-am-managed-role
Object Class Type
auxiliary
OID
1.3.6.1.4.1.42.2.27.9.2.74
Required Attributes
N/A
Allowed Attributes
This class inherits the attributes of its superior class, see iplanet-am-managed-role.
iplanet-am-managed-groupSupported by
Sun ONE Identity Server
Definition
This is the superior class for the various types of groups: static, assignable dynamic, and filtered dynamic. (See iplanet-am-managed-assignable-group, iplanet-am-managed-filtered-group, iplanet-am-managed-static-group.)
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.180
Required Attributes
N/A
Allowed Attributes
iplanet-am-managed-group-containerSupported by
Sun ONE Identity Server
Definition
The Sun ONE Identity Server class that defines the groups container under each Sun ONE Messaging Server hosted domain.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.189
Required Attributes
N/A
Allowed Attributes
N/A
iplanet-am-managed-org-unitSupported by
Sun ONE Identity Server
Definition
This class is used by Sun ONE Identity Server to manage organizational units. It uses the same attributes as sunManagedOrganization and for all intents and purposes functions as any other organization managed by Identity Server.
Do not use this class for the domain organizations, or people and group containers in Sun ONE Messaging Server. Even though the attribute that holds the container name is organizational unit (ou), the proper Identity Server class to use is either iplanet-am-managed-group-container, or iplanet-am-managed-people-container.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.186
Required Attributes
N/A
Allowed Attributes
businessCategory, iplanet-am-service-status, telephoneNumber, sunOverrideTemplates, sunPreferredDomain, seeAlso
iplanet-am-managed-people-containerSupported by
Sun ONE Identity Server
Definition
The Sun ONE Identity Server class that defines the people container under each Sun ONE Messaging Server hosted domain.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.187
Required Attributes
N/A
Allowed Attributes
N/A
iplanet-am-managed-personSupported by
Sun ONE Identity Server
Definition
Specifies sunONE Identity Server attributes used to manage users.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.184
Required Attributes
N/A
Allowed Attributes
iplanet-am-modifiable-by, iplanet-am-role-aci-description, iplanet-am-static-group-dn, iplanet-am-user-account-life
iplanet-am-managed-roleSupported by
Sun ONE Identity Server
Definition
Specifies the attributes necessary to define administrator roles and their ACIs. This is the superior class for iplanet-am-managed-filtered-role.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.179
Required Attributes
N/A
Allowed Attributes
iplanet-am-role-aci-description, iplanet-am-role-aci-list, iplanet-am-role-any-options, iplanet-am-role-description, iplanet-am-role-managed-container-dn, iplanet-am-role-service-options, iplanet-am-role-type
iplanet-am-managed-static-groupSupported by
Sun ONE Identity Server
Definition
Defines a group in which there are members identified with the uniqueMember attribute. Each user named in those attributes has the memberOf attribute in their LDAP user entry.
Note that static groups can have dynamic members. In this case, the LDAP entry must also contain the iplanet-am-managed-assignable-group object class.
Superior Class
iplanet-am-managed-group
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.183
Required Attributes
N/A
Allowed Attributes
N/A (inherits from iplanet-am-managed-group)
iplanet-am-user-serviceSupported by
Sun ONE Identity Server
Definition
This class contains the Sun ONE Identity Server attributes necessary to manage user accounts.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.176
Required Attributes
N/A
Allowed Attributes
iplanet-am-user-account-life, iplanet-am-user-admin-start-dn, iplanet-am-user-alias-list, iplanet-am-user-auth-config, iplanet-am-user-auth-modules, iplanet-am-user-failure-url, iplanet-am-user-federation-info, iplanet-am-user-federation-info-key, iplanet-am-user-login-status, iplanet-am-user-password-reset-force-reset, iplanet-am-user-password-reset-options, iplanet-am-user-password-reset-question-answer, iplanet-am-user-service-status, iplanet-am-user-success-url
iPlanetPreferencesSupported by
Sun ONE Directory Server
Definition
Used by Sun ONE Identity Server. While Sun ONE Messaging Server does not use this object class, it is necessary for Identity Server.
Attributes for this object class hold certain preferences for this user. Specifically, the preferred language, preferred locale, and preferred time zone.
Note: Sun ONE Messaging Server does not use this object class to define the preferred language. In addition, it does not use an attribute for locale; it infers the locale from the language. Messaging Server holds the preferredLanguage attribute in inetOrgPerson.
Superior Class
top
Object Class Type
auxiliary
OID
Required Attributes
N/A
Allowed Attributes
preferredLanguage, preferredLocale, preferredTimeZone
sunISManagedOrganizationSupported by
Sun ONE Calendar Server 6.0, Sun ONE Messaging Server 6.0
Definition
For Sun ONE LDAP Schema v.2, this is a core class for both Messaging and Calendar products doing authentication with SSO. Every physical node must contain this class, including the root suffix.
The attribute holds the fully qualified login host name.
Superior Class
top
Object Class Type
auxiliary
OID
Required Attributes
N/A
Allowed Attributes
sunManagedOrganizationSupported by
Sun ONE Calendar Server 6.0, Sun ONE Messaging Server 6.0
Definition
This is a core class for both Messaging and Calendar products. Every physical node must contain this class.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.185
Required Attributes
Allowed Attributes
sunPreferredDomain, businessCategory, sunPreferredOrganization, telephoneNumber, sunOverrideTemplates
sunNameSpaceSupported by
Sun ONE Identity Server
Definition
Used for Sun ONE LDAP Schema v.2 only. Required to be present at the root of a subtree representing a namespace. Sun ONE Identity Server enforces the uniqueness attribute for namespaces.
Any organization or its subtree nodes can be designated as a namespace by extending the organization LDAP entry with this object class. Namespaces based on different unique attributes may overlap. That is, a subtree of a node designated as a namespace could also be its own namespace if the unique attributes are different. For example, the parent node could use uid to enforce uniqueness, while the child node uses the employee number.
This is a different paradigm than was used in Sun ONE LDAP Schema v.1, in which every domain was considered a unique namespace (using uid as the default unique attribute). For Sun ONE LDAP Schema v.2, all namespaces must be explicitly declared using this object class.
For more information about namespaces, see the Sun Java Enterprise System Installation Guide.
Superior Class
top
Object Class Type
auxiliary
OID
1.3.6.1.4.1.42.2.27.9.2.29
Required Attributes
N/A
Allowed Attributes
sunServiceComponentSupported by
Sun ONE Calendar Server 6.0, Sun ONE Messaging Server 6.0
Definition
Templates are LDAP entries of this object class. Search templates are used to describe how applications should construct searches to send to the directory server in order to locate entries in the DIT.
The entry is named by its required ou attribute.
Superior Class
top
Object Class Type
auxiliary
OID
1.3.6.1.4.1.42.2.27.9.2.27
Required Attributes
organizationalUnitName (ou)
Allowed Attributes
description, sunKeyValue, sunServiceId, sunSmsPriority, sunXmlKeyValue
userPresenceProfileSupported by
iPlanet Messaging Server 5.0
Definition
Used to store the presence information for a user.
Superior Class
top
Object Class Type
auxiliary
OID
2.16.840.1.113730.3.2.136
Required Attributes
N/A
Allowed Attributes
vacationEndDate, vacationStartDate
AttributesThis section describes the following Sun ONE Identity Server attributes:
associatedDomainOrigin
Sun ONE LDAP Schema 2
Syntax
dn, multi-valued
Object Classes
inetDomain, sunManagedOrganization
Definition
Specifies the DNS domain name aliases used to lookup an organization entry.
Used when a domain subtree is being referenced by domain names in addition to the one specified in the attribute sunPreferredDomain.
Example
associatedDomain:qa.sesta.com
associatedDomain:eng.sesta.com
OID
inetGroupStatusOrigin
Sun ONE Identity Server
Syntax
cis, single-valued
Object Classes
Definition
This is a global status for groups and overrides the status found in inetMailGroupStatus. It holds the current status of the group: active, inactive, or deleted for all services. It is used by Sun ONE Identity Server to manage groups. Status changes can be made to a group’s status using the commcli interface, or by directly changing the LDAP entry for the group.
The following table lists the attribute’s values and their meanings:
A missing value implies status is active. An illegal value is treated as inactive.
Example
inetGroupStatus: active
OID
1.3.6.1.4.1.42.2.27.9.1.588
iplanet-am-group-subscribableOrigin
Sun ONE Identity Server
Syntax
boolean, single-valued
Object Classes
Definition
Specifies if users can subscribe to the group. Boolean value: true, false. Default setting is true.
If the value is true, the group can be seen, searched for and subscribed to by end users. If the value is false, the group can be seen and searched for but can not be subscribed to by end users.
Filtered groups can not be subscribed to; this attribute is ignored if found on a filtered group.
Example
iplanet-am-group-subscribable: true
OID
2.16.840.1.113730.3.1.1085
iplanet-am-modifiable-byOrigin
Sun ONE Identity Server
Syntax
dn, multi-valued
Object Classes
Definition
This attribute lists the role-dn of the administrator who has access rights to modify this user entry. By default, the value is set to the role-dn of the administrator who created the account.
Example
For native mode (with domain nodes on the organization tree):
iplanet-am-modifiable-by: cn:Top-level Admin Role, o=sesta.com
For compatibility mode (with domain nodes on the DC Tree):
iplanet-am-modifiable-by: cn=Top-level Admin Role, dc=sesta, dc=com
OID
2.16.840.1.113730.3.1.1094
iplanet-am-role-aci-descriptionOrigin
Sun ONE Identity Server
Syntax
string, multi-valued
Object Classes
Definition
Description of the ACI that belongs to this role.
Example
OID
2.16.840.1.113730.3.1.1081
iplanet-am-role-aci-listOrigin
Sun ONE Identity Server
Syntax
string, multi-valued
Object Classes
Definition
The set of ACIs associated with this role. The format is a DN:ACI pair, where the DN of the entry is specified with its ACI. When deleting a role, this attribute allows for the ACIs associated with this role to be located and cleaned up properly.
Example
For native mode (with domain nodes on the organization tree):
iplanet-am-role-aci-list: o=sesta.com,o=basedn:aci: (target="ldap:///o=sesta.com,o=basedn")(targetfilter=(!(|(nsroledn=cn=Top-le vel Admin Role,o=sesta.com,o=basedn)(nsroledn=cn=Top-level Help Desk Admin Role,o=sesta.com,o=basedn))))(targetattr != "nsroledn")(version 3.0; acl "Organization Admin access allow"; allow (all) roledn = "ldap:///cn=myrole,o=sesta.com,o=basedn";)
For compatibility mode (with domain nodes on a DC Tree):
iplanet-am-role-aci-list: dc=sesta,dc=com:aci: (target="ldap:///dc=sesta,dc=com")(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=sesta,dc=com)(nsroledn=cn=Top-level Help Desk Admin Role,dc=sesta,dc=com))))(targetattr != "nsroledn")(version 3.0; acl "Organization Admin access allow"; allow (all) roledn = "ldap:///cn=myrole,dc=sesta,dc=com";)
OID
2.16.840.1.113730.3.1.1082
iplanet-am-role-any-optionsOrigin
Sun ONE Identity Server
Syntax
string, multi-valued
Object Classes
Definition
Not currently used.
Example
OID
2.16.840.1.113730.3.1.1084
iplanet-am-role-descriptionOrigin
Sun ONE Identity Server
Syntax
cis, multi-valued
Object Classes
Definition
An optional description of the role being defined.
Example
iplanet-am-role-description: Top Level Admin Role
OID
2.16.840.1.113730.3.1.1080
iplanet-am-role-managed-container-dnOrigin
Sun ONE Identity Server
Syntax
dn, multi-valued
Object Classes
Definition
Defines the container this role resides in.
Example
For example, if the role being defined administers the domain organization east:
iplanet-am-role-managed-container-dn: ou=east,o=sesta.com,o=basedn
OID
2.16.840.1.113730.3.1.977
iplanet-am-role-service-optionsOrigin
Sun ONE Identity Server
Syntax
string, multi-valued
Object Classes
Definition
Not currently used.
Example
OID
2.16.840.1.113730.3.1.1083
iplanet-am-role-typeOrigin
Sun ONE Identity Server
Syntax
string, multi-valued
Object Classes
Definition
Defines the type of role. There are three values, as shown in the following table:
Even though this attribute is defined as multi-valued string, it is implemented in Messaging Server as if it were a single-valued integer.
Example
iplanet-am-role-type: 1
OID
2.16.840.1.113730.3.1.1079
iplanet-am-service-statusThis attribute is aliased to sunRegisteredServiceName. Use that attribute instead.
iplanet-am-static-group-dnOrigin
Sun ONE Identity Server
Syntax
dn, multi-valued
Object Classes
Definition
Defines the DNs for the static groups this user belongs to.
Example
For native mode (with domain nodes on the organization tree):
iplanet-am-static-group-dn: cn=mygroup, ou=groups, o=sesta.com
For compatibility mode (with domain nodes on the DC Tree):
iplanet-am-static-group-dn: cn=mygroup, ou=groups, dc=sesta, dc=com
OID
2.16.840.1.113730.3.1.1094
iplanet-am-user-account-lifeOrigin
Sun ONE Identity Server
Syntax
date string, single-valued
Object Classes
Definition
Specifies the account expiration date in the following format:
yyyy/mm/dd hh:mm:ss
where the first mm is for month, dd is for day, yyyy for full year (for example, 2005), hh is for the time stamp hour, the final mm is for the timestamp minutes, and ss is for the timestamp seconds.
If this attribute is present, the authentication service will disallow login if the current date has passed the specified account expiration date.
Example
iplanet-am-user-account-life: 2040/12/31 23:59:59
OID
2.16.840.1.113730.3.1.976
iplanet-am-user-admin-start-dnOrigin
Sun ONE Identity Server
Syntax
dn, single-valued
Object Classes
Definition
Specifies the starting point node (DN) displayed in the starting view of the IS Console when this administrator logs in.
Example
iplanet-am-user-admin-start-dn: ou=people, o=sesta.com, o=basedn
OID
2.16.840.1.113730.3.1.1072
iplanet-am-user-alias-listOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
Defines a list of aliases for the user.
Example
User jdoe could have an alias of jd, johnd, or jd123456.
iplanet-am-user-alias-list: jd
iplanet-am-user-alias-list: johnd
iplanet-am-user-alias-list: jd123456
OID
1.3.6.1.4.1.42.2.27.9.1.59
iplanet-am-user-auth-configOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
Specifies the user authentication configuration method in an XML string. There is no default value.
Example
<AttributeValuePair><Value>com.sun.identity.authentication.modules.ldap.LD AP REQUIRED </Value></AttributeValuePair>
OID
1.3.6.1.4.1.42.2.27.9.1.58
iplanet-am-user-auth-modulesOrigin
Sun ONE Identity Server
Syntax
string, multi-valued
Object Classes
Definition
Not currently used.
Example
OID
2.16.840.1.113730.3.1.1071
iplanet-am-user-failure-urlOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
Defines the routing taken (URL user is redirected to) if the login fails. Any valid URL can be used.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.71
iplanet-am-user-federation-infoOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
For Sun ONE Identity Server internal use only. Do not use.
Specifies the user account’s Federation specific information. This is managed internally by Sun ONE Identity Server’s Federation Management module to store user account’s Federation related information, and should not be modified outside of that module.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.74
iplanet-am-user-federation-info-keyOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
For Sun ONE Identity Server internal use only. Do not use.
Specifies the user account’s Federation information key. This is managed internally by Sun ONE Identity Server’s Federation Management module to store the user account’s Federation information key, and should not be modified outside of that module.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.73
iplanet-am-user-login-statusOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
Specifies the user status. It takes two values:
Example
OID
2.16.840.1.113730.3.1.1074
iplanet-am-user-password-reset-force-resetOrigin
Sun ONE Identity Server
Syntax
boolean, single-valued
Object Classes
Definition
Not currently used.
Specifies whether password will be forced to be reset. Values: true, false. Defaults to false.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.591
iplanet-am-user-password-reset-optionsOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
Used internally by Sun ONE Identity Server’s password reset module. Do not use. Any values assigned to this attribute will be ignored.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.589
iplanet-am-user-password-reset-passwordChangedOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
Not used.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.592
iplanet-am-user-password-reset-question-answerOrigin
Sun ONE Identity Server
Syntax
string, single-valued
Object Classes
Definition
Password question and answer used to prompt user who has forgotten their password. The format is question answer.
Example
iplanet-am-user-password-reset-question-answer:
favorite restaurant OutbackOID
1.3.6.1.4.1.42.2.27.9.1.590
iplanet-am-user-service-statusOrigin
Sun ONE Identity Server
Syntax
dn, single-valued
Object Classes
Definition
Specifies the status of the user for various services.
Example
OID
2.16.840.1.113730.3.1.1073
iplanet-am-user-success-urlOrigin
Sun ONE Identity Server
Syntax
dn, single-valued
Object Classes
Definition
Defines the routing taken (URL the user is directed) if the login succeeds. Any valid URL can be used.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.71
preferredLocaleOrigin
Sun ONE Directory Server
Syntax
cis, single-valued
Object Classes
Definition
Used by Sun ONE Identity Server to store user preference for locale. The values accepted by this attribute are described in the Sun ONE Identity Server Administrator’s Guide, chapter 18. Some additional information on locales is located in the Sun ONE Directory Server Reference Manual.
Example
preferredLocale:en-US
OID
2.16.840.1.113730.3.1.39
preferredTimeZoneOrigin
Sun ONE Directory Server
Syntax
cis, single-valued
Object Classes
Definition
Used by Sun ONE Identity Server to store user preference for time zone. Supported time zone names can be found in the appendix under "Standard Time Zones".
Example
preferredTimeZone: America/Los Angeles
OID
TBD
sunAdditionalTemplatesOrigin
Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0
Syntax
cis, multi-valued
Object Classes
inetDomain, sunManagedOrganization
Definition
Specifies relative DN (RDN) sequences, that is DNs that are relative to the organization entry. Values identify entries in the configuration templates part of the ou=services tree below this organization. These are additional templates beyond those specified in the global configuration templates. These are used to specify operations private to an organization.
This attribute must appear in the top entry for this organization.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.76
sunKeyValueOrigin
Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0
Syntax
cis, multi-valued
Object Classes
Definition
Each value is a “key=value” pair, where the key is the name of the XML element. table lists the keys for search templates.
For more information on templates and the native and compatibility mode LDAP data models, see Chapter 1, "Overview".
Example
The following sunKeyValue attributes appear in the default search template for the native mode LDAP data model:
sunKeyValue: attrs=objectclass
sunKeyValue: attrs=ou
sunKeyValue: attrs=inetDomainStatusThe following sunKeyValue attributes appear in the default search template for compatibility mode (uses the RFC 2247 algorithm for constructing the search DN):
sunKeyValue: attrs=objectclass
sunKeyValue: attrs=ou
sunKeyValue: attrs=inetDomainStatus
sunKeyValue: rfc2247=true
sunKeyValue: baseDN=o=internetOID
1.3.6.1.4.1.42.2.27.9.1.83
sunNameSpaceUniqueAttrsOrigin
Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0
Syntax
cis, multi-valued
Object Classes
Definition
Stores the name of an attribute required to be unique across all entries in the subtree.
This attribute allows namespace uniqueness to be enforced. For further explanation of namespaces, see the Sun Java Enterprise System Installation Guide and the object class description for sunNameSpace.
Example
sunNameSpaceUniqueAttrs:uid
sunNameSpaceUniqueAttrs:c
OID
1.3.6.1.4.1.42.2.27.9.1.85
sunOrganizationAliasOrigin
Sun ONE Identity Server
Syntax
cis, single-valued
Object Classes
Definition
Sun ONE Identity Server uses this attribute for authentication. It holds the fully qualified host name for the server the user is logging into.
The format is: server.domain.
Example
sunOrganizationAlias: seaside.siroe.com
OID
TBD
sunOverrideTemplatesOrigin
Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0
Syntax
cis, multi-valued
Object Classes
inetDomain,sunManagedOrganization
Definition
Specifies relative DN (RDN) sequences, that is DNs that are relative to the organization entry. Values identify entries in the configuration templates part of the ou=services tree below this organization. These templates override global configuration templates for searches and other operations within this organization.
This attribute must appear in the top entry for this organization.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.77
sunPreferredDomainOrigin
Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0
Syntax
cis, single-valued
Object Classes
iplanet-am-managed-org-unit, sunManagedOrganization
Definition
Specifies the DNS domain name used to lookup an organization entry when a unique matching organization is required.
When a value for this is available, provisioners should set it so as to enable applications to look up organizations using a domain name.
The domain name value of this attribute must be unique across all organizations in the directory, including the domains named in associatedDomain.
This attribute is for use with native mode data model LDAPs only; it must not be used in DC Tree nodes.
In the native mode LDAP data model, this attribute serves the same function as inetCanonicalDomainName used to in compatibility mode. If you are running in compatibility mode, do not use this attribute.
Example
sunPreferredDomain:sesta.com
OID
2.16.840.1.113730.3.1.1086
sunPreferredOrganizationOrigin
Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0
Syntax
cis, single-valued
Object Classes
iplanet-am-managed-org-unit, sunManagedOrganization
Definition
Specifies the DNS name used to lookup an organization entry when a unique matching organization is required.
When a value for this is available, provisioners should set it so as to enable applications to look up organizations using the organization’s name.
This attribute is for use with native mode data model LDAPs only; it must not be used in DC Tree nodes.
Example
sunPreferredOrganization:sesta.com
OID
1.3.6.1.4.1.42.2.27.9.1.75
sunRegisteredServiceNameOrigin
Sun ONE Identity Server
Syntax
string, multi-valued
Object Classes
iplanet-am-managed-org-unit, sunManagedOrganization
Definition
Defines the set of names of the registered services. The following services are defined for Messaging Server and Calendar Server:
For informational purposes: The following services are used by Sun ONE Identity Server for authentication with SSO (Single Sign-On). These services must be registered to the root suffix node. This step is done by Identity Server as part of its installation process. The services are:
Any one can create a new service and load it into Identity Server. For information on how to do this, see the Sun ONE Identity Server documentation at:
Example
sunRegisterdServiceName: DomainMailService
OID
1.3.6.1.4.1.42.2.27.9.1.593
sunServiceIdOrigin
Sun ONE Messaging Server 6.0, Sun ONE Calendar Server 6.0
Syntax
cis, single valued
Object Classes
Definition
The kind of template being created. For search templates, the value is StuctureUmsObjects. (At this time search templates are the only publicly defined template.)
Example
sunServiceId:StructureUmsObjects
OID
1.3.6.1.4.1.42.2.27.9.1.79
sunSmsPriorityOrigin
Sun ONE Identity Server
Syntax
cis, single valued
Object Classes
Definition
Stores the priority of the service with respect to its siblings.
Example
sunSmsPriority:
OID
1.3.6.1.4.1.42.2.27.9.1.81
sunXmlKeyValueOrigin
Sun ONE Identity Server
Syntax
cis, single valued
Object Classes
Definition
Not currently used.
Example
OID
1.3.6.1.4.1.42.2.27.9.1.84