After adding the objectclass and the attribute to your LDAP directory server schema, you are able to add the mailGrantPermission objectclass to the user’s entry. Along with that, you can add a number of values for the mailGrantSendPermissionTo attribute. You should add that data to the manager’s LDAP entry, and the mailGrantSendPermissionTo values should contain mail addresses of assistants of that manager (one address per value).
For example, to add permission so that a user whose email address is assistant@red.example.com can send mail on behalf of a user whose DN is uid=manager, ou=People, o=red.example.com, dc=red, dc=example, dc=com, you need to add the following attributes to the latter, as shown by this ldif file example.
dn: uid=manager,ou=People,o=red.example.com,dc=red,dc=example,dc=com changetype: modify add: objectclass objectClass: mailGrantPermission - add: mailGrantSendPermissionsTo mailGrantSendPermissionsTo: assistant@red.example.com |
You would use the ldapmodify command with this file to make the changes in the directory.