Throughout this document, the person who permits submission is called a manager, and the person that these permissions are granted to is called an assistant. In the technique used here, the data of who can send email on behalf of whom is stored in the directory server, in particular in the entry of the manager. For the sake of this discussion, these permissions are stored in an attribute called mailGrantSendPermissionsTo. Such an attribute does not exist in any of the Sun-distributed schemas. You need to add this attribute to the configuration of your directory server.
One way to add the mailGrantSendPermissionsTo attribute is by creating a file called 99grant.ldif, with the following content, and placing it in the “schema” directory of the directory server:
dn: cn=schema attributeTypes: ( mailGrantSendPermissionsTo-oid NAME ( ’mailGrant SendPermissionsTo’ ) DESC ’Attribute for granting send permissio ns’ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN ’grant permissions’ ) objectClasses: ( mailGrantPermission-oid NAME ’mailGrantPermissi on’ DESC ’An objectclass for storing send permissions’ SUP inetLoc alMailRecipient MAY ( mailGrantSendPermissionsTo ) X-ORIGIN ’gra nt permissions’ ) |
The default Java Enterprise System location for the “schema” directory is /var/opt/mps/serverroot/slapd-instance/config/schema.
After adding the objectclass and the attribute to your LDAP directory server schema, you are able to add the mailGrantPermission objectclass to the user’s entry. Along with that, you can add a number of values for the mailGrantSendPermissionTo attribute. You should add that data to the manager’s LDAP entry, and the mailGrantSendPermissionTo values should contain mail addresses of assistants of that manager (one address per value).
For example, to add permission so that a user whose email address is assistant@red.example.com can send mail on behalf of a user whose DN is uid=manager, ou=People, o=red.example.com, dc=red, dc=example, dc=com, you need to add the following attributes to the latter, as shown by this ldif file example.
dn: uid=manager,ou=People,o=red.example.com,dc=red,dc=example,dc=com changetype: modify add: objectclass objectClass: mailGrantPermission - add: mailGrantSendPermissionsTo mailGrantSendPermissionsTo: assistant@red.example.com |
You would use the ldapmodify command with this file to make the changes in the directory.