InnerhalbNach weiteren Dokumenten suchenSupport-Ressourcen |  Dieses Buch im PDF-Format herunterladen (2485 KB)
Chapter 6 iPlanet Delegated Administrator Classes and Attributes (Schema 1)This chapter describes LDAP object classes and attributes for iPlanet Delegated Administrator for Messaging implementing LDAP Schema 1. iPlanet Delegated Administrator is a deprecated tool. You can only use it to provision Messaging Server users in an LDAP Schema 1 directory. To provision users in LDAP Schema 2, you must use the Communications Suite Delegated Administrator. For information about object classes and attributes supported by this new version of Delegated Administrator, see Chapter 5, Communications Suite Delegated Administrator Classes and Attributes (Schema 2) The objects and attributes are listed alphabetically. The chapter is divided into two sections: Object ClassesThe following object classes are used by iPlanet Delegated Administrator to provision users in an LDAP Schema 1 directory: inetDomainOrgSupported byMessaging Server 5.0 DefinitionUsed for LDAP Schema 1. Auxiliary class for supporting a Delegated Manager for Messaging managed domain organization. This object class is used in conjunction with the structural class organization to define a domain organization. A domain organization is usually created as a way of introducing hierarchy beneath a customer subtree and assigning administrators for that domain organization. To create a suborganization beneath the parent tree and designate a set of administrators for that suborganization, you would create a domain organization node by using organizationalUnit and inetDomainOrg object classes. For example, siroe.com could have a customer subtree with the DN: ou=east,o=siroe.com,o=basedn. How to provision a domain organization for LDAP Schema 1 is described in the iPlanet Messaging Server 5.2 Provisioning Guide. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.132 Required Attributesnone Allowed AttributesdomOrgMaxUsers, domOrgNumUsers inetMailGroupManagementSupported byMessaging Server 5.0 DefinitionUsed for LDAP Schema 1 only. Used to extend the base entry created by groupOfUniqueNames. inetMailGroupManagement is used to store attributes for managing a distribution list by using Delegated Administrator for Messaging. This object class is used in conjunction with inetMailGroup and inetLocalMailRecipient. The attributes in this object class have no operational impact on the messaging server’s MTA or message access/message store. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.149 Required Attributesnone Allowed AttributesmgrpAddHeader, mgmanDenySubscribe, mgmanGoodbyeText, mgmanHidden, mgmanIntroText, mgmanJoinability, mgmanMemberVisibility, mgmanVisibility, multiLineDescription inetManagedGroupSupported byMessaging Server 5.0 DefinitionUsed to define a managed group. If a managed group is just a department or family group, then the structural class to use is top, but it can also be used to make a statically defined group (from groupOfUniqueNames) and make that a managed group. Superior Classtop Object Class Typeauxiliary OID2.16.840.1.113730.3.2.137 Required AttributesAllowed Attributesdescription, mnggrpAdditionPolicy, mnggrpBillableUser, mnggrpCurrentUsers, mnggrpDeletionPolicy, mnggrpMailQuota, mnggrpMaxUsers, mnggrpStatus, mnggrpUserClassOfServices, nsdaModifiableBy, owner nsManagedDeptSupported byMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. DefinitionThis object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Stores information for a non-administrator group. Superior ClassObject Class Typeauxiliary OID2.16.840.1.113730.3.2.88 Required Attributesnone Allowed AttributesnsMaxDepts, nsMaxUsers, nsNumDepts, nsNumUsers, nsdaModifiableBy, owner nsManagedDeptAdminGroupSupported byMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. DefinitionThis object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Stores information for a group of administrators for iPlanet Delegated Administrator. Superior Classtop Object Class TypeUnknown OID2.16.840.1.113730.3.2.111 Required AttributesAllowed Attributesnone nsManagedDomainSupported byMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. DefinitionThis object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Used only for versions of Messaging Server using iPlanet Delegated Administrator. It contains information necessary to administer domains. Superior Classtop Object Class TypeUnknown OID2.16.840.1.113730.3.2.86 Required AttributesAllowed AttributesnswcalDisallowAccess, nsMaxDepts,nsMaxDomains, nsMaxMailLists, nsMaxUsers, nsNumDepts, nsNumDomains, nsNumMailLists, nsNumUsers, nsdaModifiableBy, owner nsManagedFamilyGroupSupported byMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2 DefinitionThis object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Stores information for a family group managed by a delegated administrator. The family group is like a Group, with a few differences. It was added primarily to support Delegated Administrator deployments using Sun Internet Message Service (SIMS) 4.0. Superior Classtop OID2.16.840.1.113730.3.2.89 Required AttributeAllowed AttributesnsMaxUsers, nsNumUsers, nsdaModifiableBy, owner nsManagedISPSupported byMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2 DefinitionThis object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Tracks the number of suborganizations that can be created under this object. Superior Classtop OID2.16.840.1.113730.3.2.85 Required AttributeAllowed AttributesnsManagedMailListSupported byMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2 DefinitionThis object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Stores information for a mail list created by enabled users. A mail list must contain this object class in order to be managed by Delegated Administrator. Superior Classtop Object Class TypeUnknown OID2.16.840.1.113730.3.2.90 Required AttributesAllowed AttributesnsMaxUsers, nsNumUsers, nsdaModifiableBy, owner nsManagedOrgUnitSupported byMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. DefinitionThis object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Stores information for a Delegated Administrator managed organizational unit. Superior Classtop OID2.16.840.1.113730.3.2.87 Required AttributesAllowed AttributesnsManagedPersonSupported byMessaging Server 5.0; deprecated for Messaging Server 6.0 with LDAP Schema 2 DefinitionThis object class is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Stores information about a user. A user entry must contain this object class in order to be managed by Delegated Administrator. Superior Classtop Object Class TypeUnknown OID2.16.840.1.113730.3.2.91 Required AttributesAllowed AttributesmemberOf, nsdaCapability, nsdaDomain, nsSearchFilter, nsdaModifiableBy, owner nsUniquenessDomainSupported byMessaging Server 5.0; deprecated for Messaging Server 6.0 with LDAP Schema 2 DefinitionLDAP Schema 1 object class in support of Delegated Administrator for Messaging. If you are still using LDAP Schema 1, then this object is still valid; otherwise it is deprecated. This object class is a marker to identify the subtree where the uniqueness of uid should be enforced. The uid uniqueness plug-in used this to determine the scope or sphere of influence for enforcing uniqueness. Superior Classtop OID2.16.840.1.113730.3.2.115 Required AttributesAllowed Attributesnone AttributesThe following attributes are used by iPlanet Delegated Administrator to provision users in an LDAP Schema 1 directory: domainUidSeparatorOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionThis attribute is used only for LDAP Schema 1. This attribute is used by the messaging server to override the default mailbox (MB) home. When present, this attribute specifies that compound user identifications (UID's) are used in this domain and this attribute specifies the separator. For instance, if + is the separator, the mailbox names in this domain are obtained by replacing the right most occurrence of + in the uid with @. To map an internal mailbox name to the UID, the right most occurrence of @ is replaced with a + in the mailbox name. While substitution of an @ for the UID separator is sufficient to generate a mailbox name, this may not be the same as any of the user’s actual email addresses. Note – Format of internal mailbox names is uid@domain, where “domain” is DNS domain mapping to the namespace. The only exception to this rule is mailbox names for users in default domain where only the uid is used to construct internal mailbox names. See inetCanonicalDomainName on how the default value of domain name used can be overridden in specific cases. The MTA option used to override this attribute’s value is LDAP_DOMAIN_ATTR_UID_SEPARATOR. ExampledomainUIDSeparator: # OID2.16.840.1.113730.3.1.702 domOrgMaxUsersOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionThis attribute is used only for LDAP Schema 1. Maximum number of user entries in a domain organization. ExampledomOrgMaxUser: 500 OID2.16.840.1.113730.3.1.697 domOrgNumUsersOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionNumber of current user entries in a domain organization. ExampledomOrgNumUsers: 345 OID2.16.840.1.113730.3.1.698 memberOfManagedGroupOriginMessaging Server 5.0 Syntaxdn, single-valued Object ClassesDefinitionFamily accounts are not supported in LDAP Schema 2. Use this only if you are using LDAP Schema 1. Specifies the DN of the family account of which this user is a member. ExamplememberOfManagedGroup: cn=Addams Family, ou=groups,o=sesta.com,o=isp OID2.16.840.1.113730.3.1.704 mgmanAllowSubscribeOriginMessaging Server 5.0 Syntaxcis, multi-valued Object ClassesDefinitionDomain name(s) or email addresses of users allowed to subscribe to this mailing list. ExamplemgmanAllowSubscribe:sesta.com (Every user at sesta.com would be able to subscribe to the list.) OID2.16.840.1.113730.3.1.790 mgmanDenySubscribeOriginMessaging Server 5.0 Syntaxcis, multi-valued Object ClassesDefinitionDomain name(s) or email addresses of users not allowed to subscribe to this list. The mgmanDenySubscribe attribute takes precedence over mgmanAllowSubscribe. ExamplemgmanDenySubscribe:siroe.com OID2.16.840.1.113730.3.1.791 mgmanGoodbyeTextOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionReserved. ExampleNo example given. OID2.16.840.1.113730.3.1.797 mgmanHiddenOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionUsed with iPlanet Delegated Administrator for Messaging only. A boolean flag specifying whether or not the group should appear in lists that are requested by people other than the group owners. A value of true corresponds with a hidden group, that is, the list is not visible. A value of false means that the list is visible. A missing value is the same as a value of false. ExamplemgmanHidden:true OID2.16.840.1.113730.3.1.792 mgmanIntroTextOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionReserved. ExampleNo example given. OID2.16.840.1.113730.3.1.796 mgmanJoinabilityOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionUsed for LDAP Schema 1 only. Specifies who can subscribe to the group. The allowed values are ANYONE, ALL, and NONE (If this attribute is not specified, the default is NONE):
ExamplemgmanJoinability:All OID2.16.840.1.113730.3.1.793 mgmanMemberVisibilityOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionOnly used in LDAP Schema 1 with iPlanet Delegated Administrator for Messaging. Defines who has rights to view the group membership list (expand the group). This attribute has the keyword values: none, all, true ,anyone. No matter what the setting of this attribute, group owners always retain the right to view (and modify) membership. However, if this attribute is checked in the case of group expansion as part of an SMTP EXPN command (that is, not as part of an administrative tool that can easily identify whether or not the client is the group owner), then a value of none ends up operating as if the list is unconditionally disabled. This is because SMTP doesn’t provided a means of establishing a client’s identity, such as “owner”. The following table lists the keywords and gives a description of each: Table 6–1 Rights Keywords
Unrecognized values are interpreted as none. If the attribute is not present, the MTA option EXPANDABLE_DEFAULT controls whether the expansion is allowed. Note – LDAP_EXPANDABLE is the MTA option used to specify a different attribute name for this function. ExamplemgmanMemberVisibility:all OID2.16.840.1.113730.3.1.795 mgmanVisibilityOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionNot available ExampleNo example given. OID2.16.840.1.113730.3.1.794 mnggrpAdditionPolicyOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionReserved. ExampleNo example given. OID2.16.840.1.113730.3.1.710 mnggrpBillableUserOriginMessaging Server 5.0 Syntaxdn, single-valued Object ClassesDefinitionDN of the user who is responsible for paying the bills for this family account or group of users. ExamplemnggrpBillableUser: uid=John,ou=people,o=sesta.com,o=isp OID2.16.840.1.113730.3.1.711 mnggrpCurrentUsersOriginMessaging Server 5.0 Syntaxinteger, single-valued Object ClassesDefinitionCurrent number of users allowed in the managed group. Intended for reporting purposes only. No operational impact. ExamplemnggrpCurrentUsers: 20 OID2.16.840.1.113730.3.1.714 mnggrpDeletionPolicyOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionReserved. ExampleNo example given. OID2.16.840.1.113730.3.1.709 mnggrpMailQuotaOriginMessaging Server 5.0 Syntaxinteger, single-valued Object ClassesDefinitionCumulative disk quota allowed for all users in the managed group. A value of -1 specifies that there is no limit on space used by users in the managed group. Intended for reporting purposes only. No operational impact. ExamplemnggrpMailQuota:-1 OID2.16.840.1.113730.3.1.715 mnggrpMaxUsersOriginMessaging Server 5.0 Syntaxinteger, single-valued Object ClassesDefinitionMaximum number of users allowed in the managed group. Example30 OID2.16.840.1.113730.3.1.713 mnggrpStatusOriginMessaging Server 5.0 Syntaxcis, single-valued Object ClassesDefinitionReserved. ExampleNo example given. OID2.16.840.1.113730.3.1.712 mnggrpUserClassOfServicesOriginMessaging Server 5.0 Syntaxcis, multi-valued Object ClassesDefinitionReserved. ExampleNo example given. OID2.16.840.1.113730.3.1.716 nsDefaultMaxDeptSizeOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Specifies the default size (in number of users) of a newly created department managed by Delegated Administrator. ExamplensDefaultMaxDeptSize:20 OID2.16.840.1.113730.3.1.562 nsMaxDeptsOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Used with Delegated Administrator. Specifies the maximum number of group entries that can be created under this object. ExamplensMaxDepts:200 OID2.16.840.1.113730.3.1.557 nsMaxDomainsOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. For use with Delegated Administrator. Specifies the maximum number of suborganizations allowed to be created under this object. ExamplensMaxDomains:50 OID2.16.840.1.113730.3.1.561 nsMaxMailListsOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. For use with Delegated Administrator. Specifies the maximum number of mailing lists that can be created under this entry. ExamplensMaxMailLists:200 OID2.16.840.1.113730.3.1.559 nsMaxUsersOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. For use with Delegated Administrator. Specifies the maximum number of users that can be created under this entry. ExamplensMaxUsers:750 OID2.16.840.1.113730.3.1.555 nsNumDeptsOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. For use with Delegated Administrator. Tracks the number of nested departments that exist under this object. ExamplensNumDepts:35 OID2.16.840.1.113730.3.1.556 nsNumDomainsOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Used by Delegated Administrator. Tracks the number of suborganizations that exist under this object. ExamplensNumDomains:5 OID2.16.840.1.113730.3.1.560 nsNumMailListsOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Used by Delegated Administrator. Tracks the number of mail lists that exist under this object. ExamplensNumMailLists:200 OID2.16.840.1.113730.3.1.558 nsNumUsersOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxinteger, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Tracks the number of users that can be created under this object. ExamplensNumUsers:2000 OID2.16.840.1.113730.3.1.554 nsSearchFilterOriginNot currently used; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxcis, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Reserved for future development for Delegated Administrator. ExampleNo example given. OID2.16.840.1.113730.3.1.564 nsdaCapabilityOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxcis, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Specifies whether a user can create a mail list. Supports Delegated Administrator. ExampleNo example given. OID2.16.840.1.113730.3.1.563 nsdaDomainOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxcis, single Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Specifies the user’s organization, for Delegated Administrator. ExampleNo example given. OID2.16.840.113730.3.1.600 nsdaModifiableByOriginMessaging Server 5.0; deprecated in Messaging Server 6.0 with LDAP Schema 2. Syntaxdn, single-valued Object ClassesDefinitionThis attribute is deprecated for LDAP Schema 2, it is supported only for LDAP Schema 1. Used by Delegated Administrator. Specifies who has modify access to the object in which this attribute appears. DN of the administrator’s group used with ACI's to grant rights to manage other groups. ExamplensdaModifiableBy: cn=service administrators,ou=group,o=isp OID2.16.840.1.113730.3.1.565 |
||||||||
|