Creating Organizational Units

You can add an organizational unit in the directory information tree (DIT) if a corresponding mail domain in your Domain Name Service (DNS) exists. For example, if you add an organizational unit named Marketing to the DIT of the Bravo Corporation, then the mail domain mkting.eng.bravo.com (or something to this effect) must exist in Bravo's DNS. If the corresponding mail domain does not exist, the Administration Console will not allow you to add the organizational unit. For conceptual information on organizational units and the DIT, refer to the Sun Internet Mail Server Installation Guide.

Note - If you create a user not under the default domain, will not have message access unless the follow the instructions under "To Create an Organizational Unit That is Not Under the Default Domain" on page 67.

 

To Create an Organizational Unit Under the Default Domain

In this example, the default domain (the domain specified at install) is eng.bravo.com. We will create an organizational unit called, mkting.eng.bravo.com.



AdminConsole>User Manager>>Create pulldown>Org Unit  

  1. From the Admin Console home page, click on the User Manager icon
  2. Click on the Create pulldown menu and select Org Unit.
  The Add Organizational Unit dialog displays.
  3. Enter a name for the organizational unit.
  For this example, name the organizational unit Marketing by entering:
  Marketing
  4. Enter the corresponding mail domain.
  For this example enter: mkting.eng.bravo.com
  5. Click the Add button.
  You can now create user entries in this mail domain. You may have to do a browser reload to display the new organizational unit.

 

To Create an Organizational Unit That is Not Under the Default Domain

In this example, the default domain (the domain specified at install) is eng.bravo.com. We will create an organizational unit called mkting.bravo.com.



AdminConsole>User Manager>Create pulldown>Org Unit  

  1. From the Admin Console home page, click on the User Manager icon.
  2. Click on the Create pull-down menu and select Org Unit.
  The Add Organizational Unit dialog displays.
  3. Enter a name for the organizational unit.
  For this example, name the organizational unit Marketing by entering: Marketing
  4. Enter the corresponding mail domain.
  For this example enter: mkting.bravo.com
  5. Click the Add button.
  You may have to do a browser reload to display the new organizational unit. You will get an warning message says:
  Warning: The new OU is outside of the default domain, mail may not work for users under this OU.
  If users are created under this organizational unit, they will not get message access authentication, nor mail access. There are situations where you may want to create a second domain which is used only to route mail, and where users under this domain are not intended to have message access. However, if you wish to provide users under this domain with message access, then the following steps are required.
  6. To provide message access for users under this domain do the following:
  a. Edit /etc/opt/SUNWmail/ims/ims.cnf
  Change the line ims-basedn:ou=eng,o=sun,c=US
to ims-basedn:o=sun,c=US
  b. Restart the Indexed Message Store.
  # /opt/SUNWmail/ims/sbin/mt.scheduler start
# /opt/SUNWmail/ims/sbin/mt.scheduler stop
  c. In Admin Console go into IMTA property page Mail Server Domains section.
  Add the newly added mail domain mkgt.bravo.com. See "To Configure Mail Server Domains" on page 116.
  d. Apply the change and restart the im.server.
  In the Admin Console Home Page select Stop All, and then selected Start All, or at the command line enter:
  # /opt/SUNWmail/admin/sbin/im.server stop
# /opt/SUNWmail/admin/sbin/im.server start
  e. Add users under the new organization.
  When adding users through the Admin Console, "Add User Task Mentor Step Three" asks for a Mail Host and Mail Domain. Make sure the Mail Host is of the format <server>.mkgt.bravo.com, where <server> is your mail server host name, and the Mail Domain is of the format mkgt.bravo.com.
  f. Synchronize the IMTA directory cache.
  # imta dirsync -l <server>.eng.bravo.com,server.mkgt.sun.com
  Newly created users under new organizational unit should be able to send and receive messages.

 

To Find and View an Existing User/Group Entry

A user or group entry is viewed from its s Property Book. The User/Group Property Book contains common personal, system, mail server, and calendar server configuration information for a particular user or group stored in the LDAP directory.



AdminConsole>User Manager>  

  1. From the Admin Console home page, click the User Manager icon.
  The User Manager page displays as shown in FIGURE 3-1 on page 57.
  2. Selected the part of the DIT that contains entry you wish to view.
 

FIGURE  3-9 Browsing the DIT

Note - You must select either People or Groups in the Mail Directory tree before doing a Find operation.
  3. Type the name or part of the entry you want to view and press Find, or press Display All to display entries without regard to find parameters.
 

FIGURE  3-10 Full Find Menu.

  Pressing Find or Display All loads the first fifty entries. Load additional entries by scrolling down. The number of entries loaded will be equals Maximum Hit. (Maximum Hit can be configured by selecting Configure Maximum Hits from the User Manager pull down menu. The default is 2000.)
Note - If your browser does not scroll down, and you know you have more than 50 entries, you need to set the HotJava browser security property to low. See "Preventing the "Warning Applet" Banner" on page 251
  4. Once you find the entry you are searching for, double-click the entry.
 

FIGURE  3-11 User Property Book


 

To Delete a User or Group Entry from the Directory

To remove a user from SIMS you must delete the user/group's entry from the SIMS directory, synchronize the cached directory with modified directory, and remove the user's folders and mailboxes from the SIMS mail store.

Note - Deleting a user entry does not remove the entry from distribution lists. See "To Modify a Group Entry" on page 82 to remove users from distribution lists.



AdminConsole>User Manager>Display entry  

  1. Display the entry to delete in the Content Table of the User Manager Property Book.
  See "To Find and View an Existing User/Group Entry" on page 69.
  2. Highlight the entry and choose Delete from the Selected menu.
  A dialog box prompts you to confirm the deletion of the entry. Click OK. The entry is now removed from the SIMS LDAP directory.
  3. Synchronize the cached directory.
  Even though the entry is removed from the SIMS directory, it still remains in the IMTA directory cache until the cache is synchronized with the SIMS directory. You must run a full directory synchronization using imta dirsync -F (see the SIMS Reference Manual).
  4. Remove the user's folders and mailboxes from the mailstore.
  Wait 2 minutes after running imta dirsync -F, then execute the imdeluser command (see the SIMS Reference Manual). The short wait insures that the message queue is cleared before removing the folders and mailboxes.

 

To Delete an Organizational Unit

You can delete an organizational unit from the directory information tree (DIT). Performing this operation causes the deletion of all folder and entries contained in that organizational unit. For example, if you delete the organizational unit named Marketing from the DIT of the Bravo Corporation, then all user entries in the People folder and all group entries in the Group folder contained in the Marketing organizational unit will be deleted.



AdminConsole>User Manager>  

  1. From the Administration Console home page, click on the User Manager icon in the Tasks portion of the page.
  The User Manager page displays.
  2. In the directory tree highlight the organizational unit label (e.g., Marketing), then click on the Selected menu and choose Delete.
  A dialog prompts you to confirm deletion of the organizational unit.
  3. Click OK.

 

To Modify a User Entry

User entries are modified by displaying and configuring the user's property book.



AdminConsole>User Manager>  

  1. Display the user's Property Book.
  See "To Find and View an Existing User/Group Entry" on page 69. The user's property book contains a number of configurable property fields (see TABLE 1-4 on page 29 for a complete list of fields). The following fields are mandatory:
Full name
Last name
Login name
Password
Mail host
Delivery channel type
Preferred recipient address
Preferred originator address
Mail aliases
  If you specify Internet as the delivery channel type in the Mail Information section, you must also configure Internet mail delivery options. The configuration of all other fields is not required.
  2.

FIGURE  3-12 Name Section

  You must configure the full name and last name fields. All other fields in this section is not required.
  a. Enter full name(s).
  You can also enter variations of the full name. Click the Add button under the Full Name field for each full name you enter.
  b. Enter last name.
  Enter the same last name specified in the full name field.
  c. Optional: Enter the First Name, Middle Initial, and Title Fields if desired.
  For the first name field, you can enter first name variations. For each given name you enter, click the Add button under the First Name field.
  3. Optional: Enter the fields in the Telephone section (see FIGURE 3-13).
  Click on the Telephone tab. Enter the telephone numbers in any desired syntax. For each entry, click the Add button under the appropriate field.

FIGURE  3-13 Telephone Section

  4. Optional: Enter the fields in the Address section.
  Click on the Address tab (FIGURE 3-14). Configure the desired fields.

FIGURE  3-14 Address Section

  5. Optional: Enter the fields in the Miscellaneous section.
 

FIGURE  3-15 Miscellaneous Section

  6. Configure the fields in the System Information section.
 

FIGURE  3-16 System Information Section

  a. Configure the login name field.
  Enter a unique identification for the user in ASCII characters. Enter the characters in lowercase.
  b. Configure the password field.
  Enter a default password for the user in ASCII characters. You can enter the characters in either upper- or lowercase. For example, a valid entry is as follows:
  Abra_CaDabra
  For security reasons, the mail server by default stores the password in an encrypted or scrambled state. Later, the user can change the default password. For more information, refer to "To Change the Mail Password" on page 280.
  If the user has an existing encrypted password, you can use the following syntax to load the encrypted password into the mail server:
  {crypt}<password>
  c. Configure the home directory field if desired.
  7. Configure the fields in the Mail Information section.
 

FIGURE  3-17 Mail Information Section

  For a mail user entry you must configure the mail host, delivery channel type, preferred recipient address, preferred originator address, and mail aliases fields in this section. The configuration of all other fields in this section is not required.
Note - There are two radio buttons labeled Disable Mail and Enable Mail in the mail information section. If an entry is defined as a calendar-only user, then the Mail Information section will be disabled. Later, if you wish to change the entry to support mail, you can click the Enable Mail button and enter mail information in this section.
  a. Configure the mail host field.
  Enter the hostname, including the full domain name, of the user's mail server in ASCII characters. Enter the characters in lowercase. For example, if the hostname for user Harry Green's mail server is mailserver1 and this mail server exists in the sales.bravo.com domain, then the following is a valid entry:
  mailserver1.sales.bravo.com
  b. Configure the delivery channel type field.
  Use the pull-down menu to select the user's delivery channel type. You can select the Internet mail channel or one of the Connectivity services channels.
  c. Configure the preferred recipient address field.
  Enter the email address that a recipient within the email system will see when a message from the user is received. Enter the address in upper- or lowercase ASCII characters. The format of the address must be in RFC 822 format:
  harryg@mailserver1.sales.bravo.com
  d. Configure the preferred originator address field.
  Enter the email address that a recipient outside the email system will see when a message from the user is received. Enter the address in upper- or lowercase ASCII characters. The format of the address must be in RFC 822 format:
  harry.green@sales.bravo.com
  e. Configure the mail aliases field.
  Enter the email addresses that you specified for the preferred recipient address and preferred originator address fields and any other email address that any recipient will see when a message from the user is received. Enter the address in upper- or lowercase ASCII characters. The format of the address must be in RFC 822 format:
  harry.green@sales.bravo.com
  Click the Add button under the mail aliases field for each address that you enter.
  8.

FIGURE  3-18 Internet Mail Deliver Options

  a. Check Enable Inbox if you wish to read mail.
  b. Press which message store the user's Inbox will reside in.
  Click the radio button for either the Sun Message Store (Sun Mail Store) or
/var/mail (VarMail Store). We highly recommend the Sun Message Store as it is more secure, more space efficient, more centralized, and much more easy to back up than /var/mail.
  i. If you specified the Sun Message Store, set the maximum amount of hard disk space or quota that the user's mailboxes can occupy.
  This message store quota only takes effect if the User Quota Enforcement option in the Message Store Property Book is set to ON. (See "User Quota Enforcement" on page 152 and "To Configure Advanced Options" on page 155 for details.). The following size limit options are offered:
  Use Default User Quota - Default user quota is set in the Advanced Options section of the Message Store Property Book. It is factory set to 20Mbytes.
  No Store Limit - User has unlimited message store space.
  Set Individual Quota - Select a number and the unit of measure (KB or MB). This quota will not take effect until an incremental or full directory synchronization occurs (see "Alias Synchronization Schedule" on page 104 or see the dirsync, iminitquota, and imquotacheck command in the SIMS Reference Manual for more information).
  ii. If you specified that the user's Inbox will reside in /var/mail, then a user directory will automatically be created in /var/mail/<userID>.
  If you want it to be under some other directory, you need to create it. Any mail sent to the user before the directory is created will be lost.
  c. Optional: enable the auto reply feature for the user by clicking the Auto Reply check box.
  The auto reply feature automatically generates a form reply to be returned to each sender who sends an email message to a user during a specified timeframe. This feature is typically used when a user is on vacation. The auto reply feature contains defaults for the following fields but you can reconfigure them:
  Expiration date - auto reply feature is disabled at midnight on specified date.
  Auto reply mode - currently the only mode available is "vacation".
  Auto reply subject - the subject line of the auto reply message. If you specify $SUBJECT, this token is replaced with the subject line of the incoming message.
  Auto reply text - the body of the auto reply message.
  Auto reply text for use with the Organization - the body of the auto reply message for use within an organization.
  Enter the auto reply fields in ASCII characters. You can enter the characters in either upper- or lowercase.
  Note that the user has access to this feature. See "To Start and Stop the Vacation Notice" on page 280.
  d. Optional: you can enable the delivery of email to UNIX programs by clicking the Program check box.
  Enter a pre-configured method name defined by the
imta program -a -m <method name> -p <program name>
command (See the SIMS Reference Manual, "To Make Delivery Programs Available to Users" on page 102 and "To Use Alternative Delivery Programs" on page 281.)
  e. Optional: you can enable the forwarding of email to specified addresses by clicking the Forward check box.
  When specifying a forwarding address, use the following syntax:
  <user>@<domain>
  For example, to forward a message to Harry Green, enter the following:
  harry.green@sales.bravo.com
  Enter the forwarding address in ASCII characters. You can enter the characters in either upper- or lowercase. You can provide multiple forwarding addresses. For each address, click the Add button under the Forward field. (See also "To Forward Mail" on page 282.)
  f. Optional: you can enable the appending of email to specified files by clicking the Append to File check box.
  Specify the full pathname of the file. For example, you can specify the following:
  /home/harryg/widget/component.txt
  The email will be attached to the end of the component.txt file. Enter the file name in ASCII characters. You can enter the characters in either upper- or lowercase. You can provide multiple file names. For each file name, click the Add button under the Append to File field.
  9. Configure the Calendar Information.
 

FIGURE  3-19 Calendar Information

  If the entry is a calendar-only entry, the Internet Mail Delivery Options are disabled. That is, the Disable Mail radio button in the Internet Mail Delivery Options section will be pressed. If you press the Enable Mail radio button, then you must fill in the mandatory mail configuration fields: mail host, delivery channel type, preferred recipient address, preferred originator address, and mail aliases.
  10. When you have input required and optional fields for a user, click on the Apply button at the bottom of the Add User page.
  If you entered a field incorrectly, an error message will identify the field. Refer to the documentation for the correct syntax and reenter the field. Click either the OK or Apply button.

 

To Modify a Group Entry

This section describes the procedure for modifying a field in a group or distribution list entry. See "Distribution Lists" on page 18 for conceptual information.



AdminConsole>User Manager>Group entry in DIT  

  1. Display the group entry property book.
 

FIGURE  3-20 Group Entry Property Book

  2. Modify the fields in the General section (FIGURE 3-20).
  a. Full Name and Mail Domain cannot be modified.
  b. Enter the Send Error Conditions To and the Send Request Messages To fields.
 

FIGURE  3-22 External Address Lookup Dialog

  To specify someone in your organization, search for their mail user entry by specifying their full name or a portion of it then clicking the Find button to display a list of matches. If the search did not yield desired results, perform another search. Click on the address of the desired user and click Add.
  To specify someone outside your organization, enter their Internet address in either upper- or lowercase ASCII characters. Click the Add.
  c. Configure the mail host field.
  Enter the hostname, including the full domain name, of the group's mail server in lowercase ASCII characters. If the hostname for the widget team's mail server is mailserver1 and this mail server exists in the sales.bravo.com domain, then the following is a valid entry:
  mailserver1.sales.bravo.com
  d. Configure a password.
  Enter a default password for the group and the shared mailbox, if applicable, in ASCII characters. Enter the characters in either upper- or lowercase. For example:
  Abra_CaDabra
  This password is required when attempting to modify the group entry fields using the command line or the email administrator's configuration interface. For security reasons, the mail server by default stores the password in an encrypted or scrambled state.
  Later, the group can change the default password using the email user's configuration interface. (Refer to "To Change the Mail Password" on page 280.)
  If the group has an existing encrypted password, you can use the following syntax to load the encrypted password into the mail server:
  {crypt}<password>
  e. Make the member list accessible to all users if desired.
  Click the check box labeled Expandable to make the distribution list members accessible to all users. Users can use the SMTP EXPN command to expand (get the membership of) distribution lists. If not checked, SMTP will have an Access to List Denied message.
  3. Optional: Enter the fields in the Telephone section.
  Click the Telephone tab to display the Telephone section (FIGURE 3-23). Enter the desired fields. You can provide multiple entries for each field in this section. For each entry, click the Add button under the appropriate field.

FIGURE  3-23 Telephone Section

  4. Optional: configure the fields in the Address section.
  Click the Address tab to display the Address section and fill in the address as desired.
  5. Optional: Complete the fields in the Miscellaneous section if desired.
 

FIGURE  3-24 Miscellaneous Section

  6. Configure the fields in the Owner/Moderator section.
 

FIGURE  3-25 Owner/Moderator Section

  An owner is an individual who is responsible for a distribution list. An owner can add or delete distribution list members. A moderator is an individual, usually the owner of the distribution list, who initially receives a message addressed to a distribution list. Upon receipt of a message, the moderator can forward the message to the distribution list, edit the message then forward it to the distribution list, or not forward the message to the distribution list. External indicates that the address is not local to the mail system.
  Although a distribution list is created with an owner, you can also configure a group as moderator only. Both owner and moderator fields are not required.
  a. To modify an existing owner, click the Modify button.
  Click on the check boxes labeled Owner and Moderator to modify the role(s) of the existing owner as appropriate. Click the Add button.
  b. To delete an existing owner, click on the owner entry in the Owner/Moderator screen to highlight it, then click the Delete button.
  c. To configure an owner for the group, click on the Add button.
  i. If the group owner is a user in the email system, click the radio button labeled Internal. FIGURE 3-26 is displayed. If the group owner is not configured as a user in the email system, click the External button. FIGURE 3-27 is displayed.
 

FIGURE  3-26 Internal Add Owner Dialog

 

FIGURE  3-27 External Add Owner Dialog

  ii. If the owner is a local user, perform a search for her entry by entering her name of a portion of it and clicking the Find button. Click on the preferred recipient address of the desired owner. If the search did not yield desired results, perform another search.
  Click the check box labeled owner. If desired, click the check box labeled moderator.
  Click the Add button.
  iii. If the owner is not in the local email system, specify her Internet address.
  Enter address and click the check box labeled owner. If desired, click the check box labeled moderator. Click the Add button.
  7. Add or delete members to the group.
  Click on Member Information (FIGURE 3-28).
 

FIGURE  3-28 Member Information Section

  d. To delete an existing member, click on the member entry in the Member screen to highlight it, then click the Delete button.
  e. To add group members, click on the Add.
  i. If the desired member is a user in the local email system, click the radio button labeled Internal.
  An internal Add Member Dialog is displayed (see FIGURE 3-21 on page 84). If the desired member is not configured as a user in the email system, click the External button to display external Add member dialog (see FIGURE 3-22 on page 84).
  ii. If the desired member is a local user, perform a search for her entry by entering her name of a portion of it and clicking the Find button.
  Click on the address of the new member.Click the Add button and repeat this step for each member you want to add to a group. If the search did not yield desired results, perform another search.
  iii. If the owner is not part of the local email system, enter her Internet address and click Add.
  Repeat this step for each member you want to add to the group.
  8. Optional: Configure the fields in the Additional Delivery Options section.
  Click on Additional Delivery Options (FIGURE 3-29) to send mail to a shared mailbox, to a UNIX program, or to append mail to a file.
 

FIGURE  3-29 Additional Delivery Options Section

  a. If the messages will be delivered to a shared mailbox in the Sun Message Store, click the check box labeled Shared Mailbox.
  Members can only access the shared mailbox from an IMAP server, and by entering the mailbox name as follows: #shared/<distribution list name>. Only the owner of the group entry can expunge a message from the shared mailbox. Members can expunge their view of the message from their own mailbox, but the message still remains in the shared folder until expunged by the owner.
  b. To enable the email delivery to UNIX programs, click the Program checkbox.
  Enter a pre-configured method name defined by the
imta program -a -m <method name> -p <program name>
command (See the SIMS Reference Manual).
  c. To append of email to specified files, by clicking the Append to File check box.
  Specify the full pathname of the file. For example, you can specify the following:
  /home/janec/widget/component.txt
  The email will be attached to the end of the component.txt file. You can provide multiple file names. For each file name, click the Add button under the Append to File field.
  9. Optional: Configure the fields in the Access Control section.
  These fields block specified domains and users. If nothing is specified, anyone can send messages to the list. If a moderator is created, the message first goes to the moderator. Without a moderator, the message goes to all group members. The exact distribution list delivery algorithms are described in "Access Control" on page 20.
 

FIGURE  3-30 Group Entry Access Control Section

  a. To delete an existing domain or submitter, highlight the entry click Delete.
  b. To add an authorized or unauthorized domain, click on the Add button below either the Authorized or Unauthorized Domain screen.
  The Add Domain dialog appears as shown in FIGURE 3-31. Enter the unauthorized domain and click Add. Note that you can use the wildcard character (*) as part of the specified domain.
 

FIGURE  3-31 Add Domain Dialog

  c. To add an authorized or unauthorized submitter, perform the following steps:
  i. If the submitter is a user in the local email system, click the radio button labeled Internal.
  An internal Add Submitter Dialog is displayed (see FIGURE 3-21 on page 84). If the desired member is not configured as a user in the email system, click the External button to display external Submitter Dialog (see FIGURE 3-22 on page 84).
  ii. If the desired member is a local user, perform a search for her entry by entering her name of a portion of it and clicking the Find button.
  Click on the address of the new member. Click the Add button and repeat this step for each submitter to add to the list. If the search did not yield desired results, perform another search.
  If you want to specify all members of the distribution list, you can specify the full name of the entry.
  iii. If the owner is not part of the local email system, enter her Internet address and click Add.
  Repeat this step for each member to add to the list. If you are specifying a submitter who is not a configured user or group in the email system, specify the Internet address of the desired submitter.
  10. When you have input required and not required fields for a group, click on either the OK or Apply button at the bottom of the Group dialog.
  If you need to create a group entry for another group, click Apply for the Group dialog to remain open. If you have completed your task of modifying a group entry, click OK to close the Group dialog and return to the User Manager page.
  If you entered a field incorrectly, an error message will identify the field. Refer to the documentation for the correct syntax and reenter the field. Click either the OK or Apply button.


Copyright © 1999 Sun Microsystems, Inc. All Rights Reserved.