A SIMS Administrator is a user with permissions to modify server configuration. To create SIMS administrators, add the object class inetAdministrator to the user entry and add the attribute inetAdministeredServices with the desired administrative rights in the desired administrative domain.

The format for assigning a value to inetAdministeredServices is as follows:

inetAdministeredServices: inetVersion=<service_version>, ou=<service_name>,ou=services, dc=<domain_comp_1>, ...,dc=<domain_comp_N>,o=internet??<scope>

where

service_version = the version number of the service (e.g. 3.5 or 4.0). Specifying a version limits the administrator to accessing services of only this version. Leaving service_version out allows the administrator to access all versions of the service(s).

service_name = one of the following names.

imta - Access to IMTA configuration file changes.

msma - Access to MS/MA administration functions.

provisioning - Ability to perform provisioning tasks (rights to modify the directory). Note that to obtain full provisioning rights, you must also add the user to the appropriate ACLs. See the directory documentation for details.

calendar - Access to calendar administration functions.

webaccess - Access to WebAccess administration functions.

admin - Access to ALL functions of administration server.

If not specified, then the administrator has privileges for all services.

ou=services - this is only needed if the administrator is scoped by service. That is, if service_name is explicitly specified.

dc=<domain_comp_1>,...,dc=<domain_comp_N> is domain over which the user has administrative authority for the specified service.

<scope> is the part of the LDAP tree over which the administrative priviliges are granted. A value of sub specifies that administrative rights extend over the subtree beneath the most significant domain component in the DN and all contained LDAP entries. A value of base means administrative rights extends only to users immediately beneath the most significant domain component in the DN. You should consider the fact that users and groups are contained in ou=People and ou=Groups containers under the domain component node. Thus, in order to do a one level search, we have to prefix the search base (domain) with the name of the container (ou=People for users and ou=Groups for groups).

In the example below, Otis Fanning has all administrative privileges in the stream.com domain and its subdomains, as well as message store management privileges (for example, the ability to delete mailboxes using imdeluser()) in snnc.edu and its subdomains.

CODE  EXAMPLE  5-1 LDIF Record for Creating a SIMS Administrator.

dn: cn=Otis Fanning,ou=People,dc=stream,dc=com,o=internet

objectClass: inetOrgPerson

objectClass: inetSubscriber

objectClass: inetMailRouting

objectClass: inetMailUser

objectClass: inetAdministrator

cn: Otis Fanning

sn: Fanning

initials: T

givenName: Otis

mail: fanning@stream.com

uid: fanning

userPassword: secret

inetAdministeredServices: dc=stream,dc=com,o=internet??sub

inetAdministeredServices: ou=msma, ou=services,dc=snnc,dc=edu,o=internet??sub

inetAuthorizedServices: imap

inetAuthorizedServices: pop3

inetAuthorizedServices: imaps

inetAuthorizedServices: pop3s

inetAuthorizedServices: sunw_webaccess

inetAuthorizedServices: sunw_calendar

inetMailUserVersion: 1.0

inetSubscriberStatus: active

rfc822MailAlias: Otis.Fanning@stream.com

mailDeliveryOption: mailbox

mailHost: buffalo.stream.com

mailFolderMap: Sun-MS

dataSource: @(#)mkdirdata.sh 1.10 02/19/99

mailQuota: -1