Contidos dentroLocalizar Mais DocumentaçãoDestaques de Recursos de Suporte |  Fazer download desta apostila em PDF (2485 KB)
Chapter 4 Access Manager Classes and AttributesThis chapter describes LDAP object classes and attributes for Sun JavaTM System Access Manager implementing LDAP Schema 2. The objects and attributes are listed alphabetically. Note that the Access Manager schema is subject to change. To understand provisioning considerations, see the Sun Java Enterprise System Installation Guide. The chapter is divided into two sections: Object ClassesThis section describes the following Access Manager object classes: iplanet-am-managed-assignable-groupSupported byAccess Manager DefinitionSpecifies a dynamic group with a well-known attribute in the search filter. For Messaging Server, the well-known attribute is memberOf. The search filter is contained in the mgrpDeliverTo attribute. Superior Classiplanet-am-managed-group Object Class Typeauxiliary OID2.16.840.1.113730.3.2.182 Required Attributesnone Allowed AttributesInherits attributes from superior class. iplanet-am-managed-filtered-groupSupported byAccess Manager DefinitionSpecifies a dynamic group which can be filtered on any attribute. The search filter is set in the mgrpDeliverTo attribute. This group is not subscribable. Do not use iplanet-am-group-subscribable for a filtered dynamic group. Superior Classiplanet-am-managed-group Object Class Typeauxiliary OID2.16.840.1.113730.3.2.181 Required Attributesnone Allowed AttributesInherits attributes from superior class. Note that since this group can not be subscribed to, the mail attribute should not be used with it. If present, it will be ignored. iplanet-am-managed-filtered-roleSupported byAccess Manager DefinitionSpecifies the attributes necessary to define administrator roles and their ACIs. The list of all users assigned this role is a dynamic list; that is, the list can be retrieved only by performing a search filtered by the role name. For further information on roles, see the Access Manager documentation at: http://docs.sun.com Superior Classiplanet-am-managed-role Object Class Typeauxiliary OID1.3.6.1.4.1.42.2.27.9.2.74 Required Attributesnone Allowed AttributesThis class inherits the attributes of its superior class, see iplanet-am-managed-role. iplanet-am-managed-groupSupported byAccess Manager DefinitionThis is the superior class for the various types of groups: static, assignable dynamic, and filtered dynamic. (See iplanet-am-managed-assignable-group, iplanet-am-managed-filtered-group, iplanet-am-managed-static-group.) Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.180 Required Attributesnone Allowed Attributesiplanet-am-managed-group-containerSupported byAccess Manager DefinitionThe Access Manager class that defines the groups container under each Messaging Server hosted domain. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.189 Required Attributesnone Allowed Attributesnone iplanet-am-managed-org-unitSupported byAccess Manager DefinitionThis class is used by Access Manager to manage organizational units. It uses the same attributes as sunManagedOrganization and for all intents and purposes functions as any other organization managed by Access Manager. Do not use this class for the domain organizations, or people and group containers in Messaging Server. Even though the attribute that holds the container name is organizational unit (ou), the proper Access Manager class to use is either iplanet-am-managed-group-container, or iplanet-am-managed-people-container. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.186 Required Attributesnone Allowed AttributesbusinessCategory, iplanet-am-service-status, telephoneNumber, sunOverrideTemplates, sunPreferredDomain, seeAlso iplanet-am-managed-people-containerSupported byAccess Manager DefinitionThe Access Manager class that defines the people container under each Messaging Server hosted domain. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.187 Required Attributesnone Allowed Attributesnone iplanet-am-managed-personSupported byAccess Manager DefinitionSpecifies Access Manager attributes used to manage users. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.184 Required Attributesnone Allowed Attributesiplanet-am-modifiable-by, iplanet-am-role-aci-description, iplanet-am-static-group-dn, iplanet-am-user-account-life iplanet-am-managed-roleSupported byAccess Manager DefinitionSpecifies the attributes necessary to define administrator roles and their ACIs. This is the superior class for iplanet-am-managed-filtered-role. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.179 Required Attributesnone Allowed Attributesiplanet-am-role-aci-description, iplanet-am-role-aci-list, iplanet-am-role-any-options, iplanet-am-role-description, iplanet-am-role-managed-container-dn, iplanet-am-role-service-options, iplanet-am-role-type iplanet-am-managed-static-groupSupported byAccess Manager DefinitionDefines a group in which there are members identified with the uniqueMember attribute. Each user named in those attributes has the memberOf attribute in their LDAP user entry. Note that static groups can have dynamic members. In this case, the LDAP entry must also contain the iplanet-am-managed-assignable-group object class. Superior Classiplanet-am-managed-group Object Class Typeauxiliary OID2.16.840.1.113730.3.2.183 Required Attributesnone Allowed Attributesnone (inherits from iplanet-am-managed-group) iplanet-am-user-serviceSupported byAccess Manager DefinitionThis class contains the Access Manager attributes necessary to manage user accounts. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.176 Required Attributesnone Allowed Attributesiplanet-am-user-account-life, iplanet-am-user-admin-start-dn, iplanet-am-user-alias-list, iplanet-am-user-auth-config, iplanet-am-user-auth-modules, iplanet-am-user-failure-url, iplanet-am-user-federation-info, iplanet-am-user-federation-info-key, iplanet-am-user-login-status, iplanet-am-user-password-reset-force-reset, iplanet-am-user-password-reset-options, iplanet-am-user-password-reset-question-answer, iplanet-am-user-service-status, iplanet-am-user-success-url iPlanetPreferencesSupported byDirectory Server DefinitionUsed by Access Manager. While Messaging Server does not use this object class, it is necessary for Access Manager. Attributes for this object class hold certain preferences for this user. Specifically, the preferred language, preferred locale, and preferred time zone. Note: The Messaging Server does not use this object class to define the preferred language. In addition, it does not use an attribute for locale; it infers the locale from the language. Messaging Server holds the preferredLanguage attribute in inetOrgPerson. Superior Classtop Object Class Typeauxiliary OIDUnassigned Required Attributesnone Allowed AttributespreferredLanguage, preferredLocale, preferredTimeZone sunISManagedOrganizationSupported byCalendar Server 6.0, Messaging Server 6.0 DefinitionFor LDAP Schema 2, this is a core class for both Messaging and Calendar products doing authentication with SSO. Every physical node must contain this class, including the root suffix. The attribute holds the fully qualified login host name. Superior Classtop Object Class Typeauxiliary OIDUnassigned Required Attributesnone Allowed AttributessunManagedOrganizationSupported byCalendar Server 6.0, Messaging Server 6.0 DefinitionThis is a core class for both Messaging and Calendar products. Every physical node must contain this class. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.185 Required AttributesAllowed AttributessunPreferredDomain, associatedDomainbusinessCategory, sunPreferredOrganization, telephoneNumber, sunOverrideTemplates, inetDomainBaseDN sunNameSpaceSupported byAccess Manager DefinitionUsed for LDAP Schema 2 only. Required to be present at the root of a subtree representing a namespace. Access Manager enforces the uniqueness attribute for namespaces. Any organization or its subtree nodes can be designated as a namespace by extending the organization LDAP entry with this object class. Namespaces based on different unique attributes may overlap. That is, a subtree of a node designated as a namespace could also be its own namespace if the unique attributes are different. For example, the parent node could use uid to enforce uniqueness, while the child node uses the employee number. This is a different paradigm than was used in LDAP Schema 1, in which every domain was considered a unique namespace (using uid as the default unique attribute). For LDAP Schema 2, all namespaces must be explicitly declared using this object class. Note – After Access Manager is installed, the root-suffix node contains this object class, but not its corresponding attribute. If you want to provision more than one unique namespace for your Messaging Server or Calendar Server installation, do not add sunNameSpaceUniqueAttrs to the root-suffix node. For more information about namespaces, see the Sun Java Enterprise System Installation Guide. Superior Classtop Object Class Typeauxiliary OID1.3.6.1.4.1.42.2.27.9.2.29 Required Attributesnone Allowed AttributessunServiceComponentSupported byCalendar Server 6.0, Messaging Server 6.0 DefinitionTemplates are LDAP entries of this object class. Search templates are used to describe how applications should construct searches to send to the directory server in order to locate entries in the DIT. The entry is named by its required ou attribute. Superior Classtop Object Class Typeauxiliary OID1.3.6.1.4.1.42.2.27.9.2.27 Required AttributesorganizationalUnitName (ou) Allowed Attributesdescription, sunKeyValue, sunServiceId, sunSmsPriority, sunXmlKeyValue userPresenceProfileSupported byMessaging Server 5.0 DefinitionUsed to store the presence information for a user. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.136 Required Attributesnone Allowed AttributesvacationEndDate, vacationStartDate AttributesThis section describes the following Access Manager attributes: associatedDomainOriginLDAP Schema 2 Syntaxdn, multi-valued Object ClassesinetDomain,, sunManagedOrganization DefinitionSpecifies the DNS domain name aliases used to lookup an organization entry. Used when a domain subtree is being referenced by domain names in addition to the one specified in the attribute sunPreferredDomain. ExampleassociatedDomain:qa.sesta.com associatedDomain:eng.sesta.com OIDUnassigned inetGroupStatusOriginAccess Manager Syntaxcis, single-valued Object ClassesDefinitionThis is a global status for groups and overrides the status found in inetMailGroupStatus. It holds the current status of the group: active, inactive, or deleted for all services. It is used by Access Manager to manage groups. Status changes can be made to a group’s status using the commcli interface, or by directly changing the LDAP entry for the group. The following table lists the attribute’s values and their meanings: Table 4–1 Status Attribute Values
A missing value implies status is active. An illegal value is treated as inactive. ExampleinetGroupStatus: active OID1.3.6.1.4.1.42.2.27.9.1.588 iplanet-am-group-subscribableOriginAccess Manager Syntaxboolean, single-valued Object ClassesDefinitionSpecifies if users can subscribe to the group. Boolean value: true, false. Default setting is true. If the value is true, the group can be seen, searched for and subscribed to by end users. If the value is false, the group can be seen and searched for but can not be subscribed to by end users. Filtered groups can not be subscribed to; this attribute is ignored if found on a filtered group. Exampleiplanet-am-group-subscribable: true OID2.16.840.1.113730.3.1.1085 iplanet-am-modifiable-byOriginAccess Manager Syntaxdn, multi-valued Object ClassesDefinitionThis attribute lists the role-dn of the administrator who has access rights to modify this user entry. By default, the value is set to the role-dn of the administrator who created the account. ExampleFor native mode (with domain nodes on the organization tree): iplanet-am-modifiable-by: cn:Top-level Admin Role, o=sesta.com For compatibility mode (with domain nodes on the DC Tree): iplanet-am-modifiable-by: cn=Top-level Admin Role, dc=sesta, dc=com OID2.16.840.1.113730.3.1.1094 iplanet-am-role-aci-descriptionOriginAccess Manager Syntaxstring, multi-valued Object ClassesDefinitionDescription of the ACI that belongs to this role. ExampleNo example given. OID2.16.840.1.113730.3.1.1081 iplanet-am-role-aci-listOriginAccess Manager Syntaxstring, multi-valued Object ClassesDefinitionThe set of ACI's associated with this role. The format is a DN:ACI pair, where the DN of the entry is specified with its ACI. When deleting a role, this attribute allows for the ACI's associated with this role to be located and cleaned up properly. ExampleFor native mode (with domain nodes on the organization tree): iplanet-am-role-aci-list: o=sesta.com,
o=basedn:aci:
(target="ldap:///o=sesta.com,o=basedn")
(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,o=sesta.com,o=basedn)
(nsroledn=cn=Top-level Help Desk Admin Role,o=sesta.com,o=basedn))))
(targetattr != "nsroledn")
(version 3.0; acl "Organization Admin access allow";
allow (all) roledn = "ldap:///cn=myrole,o=sesta.com,o=basedn";)
For compatibility mode (with domain nodes on a DC Tree): iplanet-am-role-aci-list: dc=sesta,dc=com:aci:
(target="ldap:///dc=sesta,dc=com")
(targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=sesta,dc=com)
(nsroledn=cn=Top-level Help Desk Admin Role,dc=sesta,dc=com))))
(targetattr != "nsroledn")
(version 3.0; acl "Organization Admin access allow";
allow (all) roledn = "ldap:///cn=myrole,dc=sesta,dc=com";)
OID2.16.840.1.113730.3.1.1082 iplanet-am-role-any-optionsOriginAccess Manager Syntaxstring, multi-valued Object ClassesDefinitionNot currently used. ExampleNo example given. OID2.16.840.1.113730.3.1.1084 iplanet-am-role-descriptionOriginAccess Manager Syntaxcis, multi-valued Object ClassesDefinitionAn optional description of the role being defined. Exampleiplanet-am-role-description: Top Level Admin Role OID2.16.840.1.113730.3.1.1080 iplanet-am-role-managed-container-dnOriginAccess Manager Syntaxdn, multi-valued Object ClassesDefinitionDefines the container this role resides in. ExampleFor example, if the role being defined administers the domain organization east: iplanet-am-role-managed-container-dn: ou=east,o=sesta.com,o=basedn OID2.16.840.1.113730.3.1.977 iplanet-am-role-service-optionsOriginAccess Manager Syntaxstring, multi-valued Object ClassesDefinitionNot currently used. ExampleNo example given. OID2.16.840.1.113730.3.1.1083 iplanet-am-role-typeOriginAccess Manager Syntaxstring, multi-valued Object ClassesDefinitionDefines the type of role. There are three values, as shown in the following table:
Even though this attribute is defined as multi-valued string, it is implemented in Messaging Server as if it were a single-valued integer. Exampleiplanet-am-role-type: 1 OID2.16.840.1.113730.3.1.1079 iplanet-am-service-statusThis attribute is aliased to sunRegisteredServiceName. Use that attribute instead. iplanet-am-static-group-dnOriginAccess Manager Syntaxdn, multi-valued Object ClassesDefinitionDefines the DNs for the static groups this user belongs to. ExampleFor native mode (with domain nodes on the organization tree): iplanet-am-static-group-dn: cn=mygroup, ou=groups, o=sesta.com For compatibility mode (with domain nodes on the DC Tree): iplanet-am-static-group-dn: cn=mygroup, ou=groups, dc=sesta, dc=com OID2.16.840.1.113730.3.1.1094 iplanet-am-user-account-lifeOriginAccess Manager Syntaxdate string, single-valued Object ClassesDefinitionSpecifies the account expiration date in the following format: yyyy/mm/dd hh:mm:ss where the first mm is for month, dd is for day, yyyy for full year (for example, 2005), hh is for the time stamp hour, the final mm is for the timestamp minutes, and ss is for the timestamp seconds. If this attribute is present, the authentication service will disallow login if the current date has passed the specified account expiration date. Exampleiplanet-am-user-account-life: 2040/12/31 23:59:59 OID2.16.840.1.113730.3.1.976 iplanet-am-user-admin-start-dnOriginAccess Manager Syntaxdn, single-valued Object ClassesDefinitionSpecifies the starting point node (DN) displayed in the starting view of the IS Console when this administrator logs in. Exampleiplanet-am-user-admin-start-dn: ou=people,o=sesta.com,o=basedn OID2.16.840.1.113730.3.1.1072 iplanet-am-user-alias-listOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionDefines a list of aliases for the user. ExampleUser jdoe could have an alias of jd, johnd, or jd123456. iplanet-am-user-alias-list: jd iplanet-am-user-alias-list: johnd iplanet-am-user-alias-list: jd123456 OID1.3.6.1.4.1.42.2.27.9.1.59 iplanet-am-user-auth-configOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionSpecifies the user authentication configuration method in an XML string. There is no default value. Example<AttributeValuePair\><Value\> com.sun.identity.authentication.modules.ldap.LDAP REQUIRED </Value\></AttributeValuePair\> OID1.3.6.1.4.1.42.2.27.9.1.58 iplanet-am-user-auth-modulesOriginAccess Manager Syntaxstring, multi-valued Object ClassesDefinitionNot currently used. ExampleNo example given. OID2.16.840.1.113730.3.1.1071 iplanet-am-user-failure-urlOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionDefines the routing taken (URL user is redirected to) if the login fails. Any valid URL can be used. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.71 iplanet-am-user-federation-infoOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionFor Access Manager internal use only. Do not use. Specifies the user account’s Federation specific information. This is managed internally by Access Manager’s Federation Management module to store user account’s Federation related information, and should not be modified outside of that module. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.74 iplanet-am-user-federation-info-keyOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionFor Access Manager internal use only. Do not use. Specifies the user account’s Federation information key. This is managed internally by Access Manager’s Federation Management module to store the user account’s Federation information key, and should not be modified outside of that module. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.73 iplanet-am-user-login-statusOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionSpecifies the user status. It takes two values:
ExampleNo example given. OID2.16.840.1.113730.3.1.1074 iplanet-am-user-password-reset-force-resetOriginAccess Manager Syntaxboolean, single-valued Object ClassesDefinitionNot currently used. Specifies whether password will be forced to be reset. Values: true, false. Defaults to false. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.591 iplanet-am-user-password-reset-optionsOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionUsed internally by Access Manager’s password reset module. Do not use. Any values assigned to this attribute will be ignored. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.589 iplanet-am-user-password-reset-passwordChangedOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionNot used. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.592 iplanet-am-user-password-reset-question-answerOriginAccess Manager Syntaxstring, single-valued Object ClassesDefinitionPassword question and answer used to prompt user who has forgotten their password. The format is question answer. Exampleiplanet-am-user-password-reset-question-answer: favorite restaurant Outback OID1.3.6.1.4.1.42.2.27.9.1.590 iplanet-am-user-service-statusOriginAccess Manager Syntaxdn, single-valued Object ClassesDefinitionSpecifies the status of the user for various services. ExampleNo example given. OID2.16.840.1.113730.3.1.1073 iplanet-am-user-success-urlOriginAccess Manager Syntaxdn, single-valued Object ClassesDefinitionDefines the routing taken (URL the user is directed) if the login succeeds. Any valid URL can be used. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.71 preferredLocaleOriginDirectory Server Syntaxcis, single-valued Object ClassesDefinitionUsed by Access Manager to store user preference for locale. The values accepted by this attribute are described in the Sun Java System Access Manager Administration Guide, chapter 18. Some additional information on locales is located in the Sun Java System Directory Server Reference Manual. ExamplepreferredLocale:en-US OID2.16.840.1.113730.3.1.39 preferredTimeZoneOriginDirectory Server Syntaxcis, single-valued Object ClassesDefinitionUsed by Access Manager to store user preference for time zone. Supported time zone names can be found in the appendix under Standard Time Zones. ExamplepreferredTimeZone: America/Los Angeles OIDUnassigned sunAdditionalTemplatesOriginMessaging Server 6.0, Calendar Server 6.0 Syntaxcis, multi-valued Object ClassesinetDomain, sunManagedOrganization DefinitionSpecifies relative DN (RDN) sequences, that is DN's that are relative to the organization entry. Values identify entries in the configuration templates part of the ou=services tree below this organization. These are additional templates beyond those specified in the global configuration templates. These are used to specify operations private to an organization. This attribute must appear in the top entry for this organization. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.76 sunKeyValueOriginMessaging Server 6.0, Calendar Server 6.0 Syntaxcis, multi-valued Object ClassesDefinitionEach value is a “key=value” pair, where the key is the name of the XML element. table lists the keys for search templates. Table 4–2 Search Template Keys
For more information on templates and the native and compatibility mode LDAP data models, see Chapter 1, Overview. ExampleThe following sunKeyValue attributes appear in the default search template for the native mode LDAP data model: sunKeyValue:attrs=objectclasssunKeyValue: attrs=ousunKeyValue:attrs=inetDomainStatus The following sunKeyValue attributes appear in the default search template for compatibility mode (uses the RFC 2247 algorithm for constructing the search DN): sunKeyValue:attrs=objectclasssunKeyValue: attrs=ousunKeyValue:attrs=inetDomainStatussunKeyValue: rfc2247=truesunKeyValue: baseDN=o=internet OID1.3.6.1.4.1.42.2.27.9.1.83 sunNameSpaceUniqueAttrsOriginMessaging Server 6.0, Calendar Server 6.0 Syntaxcis, multi-valued Object ClassesDefinitionStores the name of an attribute required to be unique across all entries in the subtree. This attribute allows namespace uniqueness to be enforced. For further explanation of namespaces, see the Sun Java Enterprise System Installation Guide and the object class description for sunNameSpace. ExamplesunNameSpaceUniqueAttrs:uid sunNameSpaceUniqueAttrs:c OID1.3.6.1.4.1.42.2.27.9.1.85 sunOrganizationAliasOriginAccess Manager Syntaxcis, single-valued Object ClassesDefinitionAccess Manager uses this attribute for authentication. It holds the fully qualified host name for the server the user is logging into. The format is: server.domain. ExamplesunOrganizationAlias: seaside.siroe.com OIDUnassigned sunOverrideTemplatesOriginMessaging Server 6.0, Calendar Server 6.0 Syntaxcis, multi-valued Object ClassesinetDomain,sunManagedOrganization DefinitionSpecifies relative DN (RDN) sequences, that is DN's that are relative to the organization entry. Values identify entries in the configuration templates part of the ou=services tree below this organization. These templates override global configuration templates for searches and other operations within this organization. This attribute must appear in the top entry for this organization. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.77 sunPreferredDomainOriginMessaging Server 6.0, Calendar Server 6.0 Syntaxcis, single-valued Object Classesiplanet-am-managed-org-unit, sunManagedOrganization DefinitionSpecifies the DNS domain name used to lookup an organization entry when a unique matching organization is required. When a value for this is available, provisioners should set it so as to enable applications to look up organizations using a domain name. The domain name value of this attribute must be unique across all organizations in the directory, including the domains named in associatedDomain. This attribute is for use with Schema 2 native mode LDAP directories only; it must not be used in DC Tree nodes. ExamplesunPreferredDomain:sesta.com OID2.16.840.1.113730.3.1.1086 sunPreferredOrganizationOriginMessaging Server 6.0, Calendar Server 6.0 Syntaxcis, single-valued Object Classesiplanet-am-managed-org-unit, sunManagedOrganization DefinitionSpecifies the DNS name used to lookup an organization entry when a unique matching organization is required. When a value for this is available, provisioners should set it so as to enable applications to look up organizations using the organization’s name. This attribute is for use with Schema 2 native mode LDAP directories only; it must not be used in DC Tree nodes. ExamplesunPreferredOrganization:sesta.com OID1.3.6.1.4.1.42.2.27.9.1.75 sunRegisteredServiceNameOriginAccess Manager Syntaxstring, multi-valued Object Classesiplanet-am-managed-org-unit, sunManagedOrganization DefinitionDefines the set of names of the registered services. The following services are defined for Messaging Server and Calendar Server:
For informational purposes: The following services are used by Access Manager for authentication with SSO (Single Sign-On). These services must be registered to the root suffix node. This step is done by Access Manager as part of its installation process. The services are:
Any one can create a new service and load it into Access Manager. For information on how to do this, see the Access Manager documentation at: http://docs.sun.com/ ExamplesunRegisterdServiceName: DomainMailService OID1.3.6.1.4.1.42.2.27.9.1.593 sunServiceIdOriginMessaging Server 6.0, Calendar Server 6.0 Syntaxcis, single-valued Object ClassesDefinitionThe kind of template being created. For search templates, the value is StuctureUmsObjects. (At this time search templates are the only publicly defined template.) ExamplesunServiceId:StructureUmsObjects OID1.3.6.1.4.1.42.2.27.9.1.79 sunSmsPriorityOriginAccess Manager Syntaxcis, single-valued Object ClassesDefinitionStores the priority of the service with respect to its siblings. ExamplesunSmsPriority: OID1.3.6.1.4.1.42.2.27.9.1.81 sunXmlKeyValueOriginAccess Manager Syntaxcis, single-valued Object ClassesDefinitionNot currently used. ExampleNo example given. OID1.3.6.1.4.1.42.2.27.9.1.84 |
||||||||||||||||||||||||||||||||||||
|