Previous Contents Index Next |
iPlanet Messaging Server 5.2 Provisioning Guide |
Chapter 3 Provisioning Family Accounts
A family account is a group of email users in the same domain. The family account is under the administrative control of a family group administrator, and has one user designated as the billable user who is responsible for paying the email account bills for this group of users. The family group administrator is a user responsible for creating and removing users from the group as well as elevating another user to be this family's administrator. Members are users who are under the administrative control of the family group administrator and whose email account is paid by the billable user. Family accounts are typically families, but can also be organizational departments where local administrative and billing responsibilities are desired. This chapter contains the following sections:
"Creating a Family Account"
Creating a Family Account
Family accounts can be managed and created using the imadmin command line interface (see the iPlanet Messaging Server Reference Manual), the iPlanet Delegated Administrator for Messaging or by using LDAP. This section describes how to provision with LDAP.Two steps are required for provisioning users in family accounts using LDAP:
Create a family account entry (Code Example 3-1).
Code Example 3-1 shows an example of a family account entry.Add the attribute line "memberOfManagedGroup: <FamilyGroupDN>" to each user entry in the family account (Code Example 3-2).
dn: cn=gsWarriors, ou=groups,o=sesta.com,o=ISP
Once the family account entry is created, members are added by setting the memberOfManagedGroup attribute in the user's entry to the family account DN. An example is shown below.
objectclass: inetManagedGroup
- The distinguished name of the family account.
objectclass: nsManagedDept
mnggrpbillableuser: uid=attles,ou=People,o=sesta.com,o=ISP
- inetManagedGroup represents a family account. nsManagedDept stores information used by the iPlanet Delegated Administrator for Messaging.
mnggrpmailquota: 1024000
- DN of the user who is responsible for paying the bills for this group of users.
mnggrpcurrentusers: 0
- Cumulative disk quota allowed for all users in the group.
cn: gswarriors
- Current count of users in the group.
mnggrpstatus: active
- Common name of the family account.
mnggrpmaxusers: 1000
- Current status of the groupactive, inactive or deleted. inactive temporarily suspends operation. deleted marks the entry for deletion, but does not mark the users for deletion. Missing value implies status is active. An illegal value is treated as inactive.
nsdamodifiableby: cn=Domain Organization Adminstrators, cn=gsWarriors,ou=groups,o=sesta.com,o=ISP
- Number of users allowed in the group.
- Specifies the groups whose members can administer this family group. Refer to "Creating a Family Group Administrator".
Creating a Family Group Administrator
Delegated Admin Task Utility: imadmin family-admin add
Task Privilege: Top-level Administrator, Domain Administrator, or Family Group AdministratorThe Family Group Administrator is a user responsible for creating and removing users from the family group. When a family group is created with the Delegated Administrator, another group called Family Group Administrators is also created below the DN of the family group entry. For example, if the family group is
cn=gsWarriors,ou=groups,o=sesta.com,o=isp
then a Family Administrator's group is also created. Its DN is:
cn=Family Group Administrators,cn=gsWarriors,ou=groups,o=sesta.com,o=isp
Members of this group have administrative privileges for the family group. The example below demonstrates how to provision a Family Group Administrator.
Make sure a group called Family Group Administrators is created below the DN of the family group entry and add the DN of the Family Group Administrator. This is automatically created when a Family Group is created with the Delegated Administrator.
Add memberof attribute to the new Family Group Administrator's entry:
ACIs are set at top level on root suffix. See Appendix A "Root and Domain ACI Examples."
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated February 13, 2002