The table in this section lists each Identity Vault (eDirectory) class and attribute used by the GroupWise driver. The Secondary Effects column in the table contains information about how the attribute is used, special handling, conversions, and relationships of the attributes to other attributes.
|
eDirectory Class or Attribute |
GroupWise Attribute |
Description |
Secondary Effects |
|---|---|---|---|
|
NDS User |
|
|
|
|
50319 |
Preferred Internet eMail ID |
Example: JohnDoe “mapi” is not allowed because it is reserved. This ID must be unique in the entire GroupWise system. It contains 1 to 256 characters, and cannot contain the ( ) @ . : , { } * ” characters. The ID must be unique within its namespace (UserID, nicknames, resources, and distribution lists share the same namespace.) |
|
|
50045 |
Internet domain name |
Example: MyDomain.com |
|
|
59028 |
LDAP authentication ID in typeful format |
Example: cn=admin, o=novell |
|
|
50013 |
Preferred Internet address format (numeric value) |
0 - Full (Name.PostOffice.Domain@IDomain.com) 1 - Host and User ID (Name.PostOffice@IDomain.com) 2 - User ID (Name@IDomain.com) 3 - Lastname.firstname 4 - Firstname.lastname 5 - No setting (reserved) 6 - First initial and last name |
|
|
50320 |
Disallowed Internet address formats (bit settings) |
0 - None 1 - Full (never set this bit) 2 - Host 4 - User ID 8 - Lastname.Firstname 16 - Firstname.Lastname 32 - First initial and last name You should not set bit one in this attribute value. It is an illegal operation to disallow the Full format. You can “or” values together. For instance, to allow only full name you use a value of 62 (0x3E). |
|
|
50157 |
Exclusive use of Internet domain name |
0 = Off (requires setting an Internet domain name: 50045) 1 = On (only recognizes the domain name set in the Internet domain name: 50045) |
|
|
GroupWise External Entity |
|
|
|
|
50319 |
Preferred Internet eMail ID |
Example: JohnDoe “mapi” is not allowed because it is reserved. This ID must be unique in the entire GroupWise system. It contains 1 to 256 characters, and cannot contain the ( ) @ . : , { } * ” characters. The ID must be unique within its namespace (UserID, nicknames, resources, and distribution lists share the same namespace.) |
|
|
50045 |
Internet domain name |
Example: MyDomain.com |
|
|
59028 |
LDAP authentication ID in typeful format |
Example: cn=admin, o=novell |
|
|
50013 |
Preferred Internet address format (numeric value) |
0 - Full (Name.PostOffice.Domain@IDomain.com) 1 - Host and User ID (Name.PostOffice@IDomain.com) 2 - User ID (Name@IDomain.com) 3 - Lastname.firstname 4 - Firstname.lastname 5 - No setting (reserved) 6 - First initial and last name |
|
|
50320 |
Disallowed Internet address formats (bit settings) |
0 - None 1 - Full (never set this bit) 2 - Host 4 - User ID 8 - Lastname.Firstname 16 - Firstname.Lastname 32 - First initial and last name You should not set bit one in this attribute value. It is an illegal operation to disallow the Full format. You can “or” values together. For instance, to allow only full name you use a value of 62 (0x3E). |
|
|
50157 |
Exclusive use of Internet domain name |
0 = Off (requires setting an Internet domain name: 50045) 1 = On (only recognizes the domain name set in the Internet domain name: 50045) |
|
|
CN |
None |
Common Name of a User object |
When a GroupWise account is created or renamed, this value is used to name the GroupWise account and to set NGW: Object ID. For all other operations, this value is ignored. |
|
Given Name |
50091 |
User’s first name |
Synchronizes from eDirectory™ to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
Surname |
50093 |
User’s last name |
Synchronizes from eDirectory to GroupWise on Create and Modify events. This attribute is only used on the Publisher channel when creating a default user for resource reassignment. See the note at the end of this table for additional information. |
|
Title |
50096 |
User’s title |
Synchronizes from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
OU |
50089 |
User’s department |
Synchronizes from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
Telephone Number |
50095 |
User’s telephone number |
Synchronizes from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
Facsimile Telephone Number |
50145 |
User’s facsimile telephone number |
Only synchronizes the telephone number portion from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
Description |
50032 |
Provides additional information |
Synchronizes from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
company |
55022 50310 for GW 6.5 or later |
User’s company |
Synchronizes from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
Initials |
55019 50322 for GW 6.5 or later |
Middle initials, up to 8 characters |
Synchronizes from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
Generational Qualifier |
55020 50323 for GW 6.5 or later |
Jr., III, and so forth, up to 8 characters |
Synchronizes from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
personalTitle |
55021 50324 for GW 6.5 or later |
Dr., Mr., Ms., and so forth, up to 8 characters |
Synchronizes from eDirectory to GroupWise on Create and Modify events. See the note at the end of this table for additional information. |
|
NGW: Object ID |
50073 |
GW mailbox name. The name must be unique within a post office. The name contains 1 to 256 characters, and cannot contain the ()@.:",{}* characters. |
This attribute takes its value from the CN attribute. The shim writes it via the Publisher channel to eDirectory. It is set when an account is created and modified, and when an account is renamed. Modifying this value might cause the following attributes to be modified:
This attribute should not be modified except as the result of a rename. |
|
NGW: Account ID |
50116 |
Optional field for accounting. It can contain a cost account used for posting charges to this user. |
When an account is created, the shim queries GroupWise for this value and writes it via the Publisher channel to eDirectory. Normally the driver does not set this value. However, this attribute can be set through the Create rule or Create style sheet. See the note at the end of this table for additional information. |
|
NGW: Gateway Access |
59001 |
|
When an account is created, the shim queries GroupWise for this value and writes it via the Publisher channel to eDirectory. Normally the driver does not set this value. However, this attribute can be set through the Create rule or style sheet. See the note at the end of this table for additional information. |
|
NGW: Mailbox Expiration Time |
50138 |
|
When an account is created, the shim queries GroupWise for this value and writes it via the Publisher channel to eDirectory. This attribute can be set through the Create rule or style sheet. For example, the default Output Transformation style sheet uses the eDirectory login expiration time to set this value. |
|
Login Disabled |
50058 |
A Boolean value that indicates whether eDirectory login (authentication) is allowed. |
Synchronizes from eDirectory to GroupWise on Create and Modify events. The shim converts true to 1 and false to 0. Setting the GroupWise 50058 attributes to 1 disables the GroupWise account. See the note at the end of this table for additional information. |
|
Login Expiration Time |
None |
Date and time when authentication rights expire. |
This eDirectory attribute has no corresponding GroupWise attribute. The value of this attribute is used to set the eDirectory attribute NGW: Mailbox Expiration Time and the GW attribute 50138, which are connected through the Schema Mapping rule. |
|
NGW: File ID |
50038 |
Three characters used to name system files for the user. The value must be unique within a post office. This value is set by GroupWise. |
This attribute is set in GroupWise when an account is created. The shim queries GroupWise for this value and writes it via the Publisher channel to eDirectory. A Move event could cause this attribute to change. This attribute should not be modified in any style sheet. |
|
NGW: GroupWise ID |
None |
Uniquely identifies an object in GroupWise. This value is used for the Identity Manager association. |
When an account is created or modified, the shim queries GroupWise for this value and writes it via the Publisher channel to eDirectory. A GroupWise Move or a Rename event causes this attribute to change. On any Modify event, the shim reads this value through the GroupWise API and, if it has changed, writes it to eDirectory through the Publisher channel. The shim also changes the Identity Manager association value. This attribute only comes through the Subscriber channel when the GroupWise snap-ins change this value. The shim then changes the Identity Manager association key. This value, not the association key, is used to read the GroupWise object. If the association key does not match this attribute value, the association key is updated. This is because the GroupWise snap-ins can change this attribute and the GroupWise snap-ins do not update the association key. On all events, except delete, the shim queries eDirectory for this value. If the value does not exist, the event is discarded. If the shim cannot read the GroupWise object using this value, an error is returned to Identity Manager. This is a rare occurrence. |
|
NGW: Visibility |
50076 |
Visibility is used to specify the databases into which an object should be replicated. Controls whether objects appear in the address book. |
This attribute is set in GroupWise by GroupWise when an account is created. The shim queries GroupWise for this value and writes it via the Publisher channel to eDirectory. Normally, the driver does not set this value. However, this attribute can be set through the Create rule or style sheet. To set it, add code to the Create rule. Use 2 for global visibility, or 4 for no visibility. See the note at the end of this table for additional information. |
|
Email Address |
None |
|
This attribute is generated by GroupWise on Create, Rename, or Move events. The shim queries GroupWise for this value and writes it via the Publisher channel to eDirectory. |
|
Internet Email Address |
None |
|
This attribute is generated by GroupWise on a Create or Rename event, or when any attributes used to generate Internet Email Address are modified. The shim queries GroupWise for this value and writes it via the Publisher channel to eDirectory. |
|
NGW: Post Office |
None |
DN of the Post Office object. |
The driver writes this on Create and Move events. |
|
Any User attribute whose value can be represented as a string. |
50106 to 50115, 55002 to 55011 |
Up to 20 eDirectory user attributes can be mapped to generic GroupWise attributes and displayed in the address book. |
The eDirectory attribute names must be added to the filter. The eDirectory and GroupWise attribute names must be added to the Schema Mapping rule. NOTE:For these attributes to appear in the address book, GroupWise must be configured through ConsoleOne®. See the note at the end of this table for additional information. |
|
GroupWise Post Office |
|
|
|
|
Member |
None |
|
On a user create, the shim writes the eDirectory DN of the user to this attribute using the Publisher channel. On a post office move, the shim deletes the user DN from the old post office and writes the user DN to the new post office. |
|
GroupWise Resource |
|
|
|
|
NGW: Owner |
50081 |
The user (NGW: Object ID) that owns the resource. An owner is identified by its Object Name. |
The shim writes this value to GroupWise and to eDirectory via the Publisher channel. The value is provided by a style sheet or driver option. See the note at the end of this table for additional information. |
|
GroupWise Distribution List |
|
|
|
|
Member |
None |
|
On eDirectory user Create or Modify events, a set of distribution lists can be specified. The user can be added as a Member, BC, or CC. The shim fills in this attribute through the Publisher channel. On a modify event, a user can be removed from a specified distribution list (member, BC or CC) or from all distribution lists (member, BC or CC). The shim removes the user from the appropriate distribution list. |
|
NGW: Blind Copy Member |
None |
|
Use the gw:participation=“bc” attribute to have the driver set this information. For more information, see Adding a User as a Blind Copy or Carbon Copy Participant in a Distribution List. |
|
NGW: Carbon Copy Member |
None |
|
Use the gw:participation=“cc” attribute to have the driver set this information. For more information, see Adding a User as a Blind Copy or Carbon Copy Participant in a Distribution List. |
IMPORTANT:When the Visibility GroupWise attribute is explicitly changed by a style sheet, the corresponding eDirectory attribute must also be updated by the style sheet. Otherwise, the eDirectory User and the GroupWise account are not properly synchronized.
For this attribute, eDirectory is considered the authoritative data source. When the attributes are not synchronized, it is possible that the old value in eDirectory could be used to incorrectly update the correct value in the GroupWise account. Updating the corresponding attribute in eDirectory can prevent this. In the example XSLT and DirXML script code segments below, when an eDirectory User is disabled, the GroupWise account is disabled and the visibility attribute is set to 4. This prevents the account from appearing in the address book. The visibility attribute (50076) is set in GroupWise, together with the disable. The visibility attribute (NGW: Visibility) is set in eDirectory using the channel write-back Identity Manager functionality.
<!-- User Disable, Remove Address Book Visibility
When a GroupWise Account is Disabled
remove the account from the address book visibility.
Keep eDirectory and GroupWise object synchronized by
updating the attributes in both systems.
-->
<xsl:template match="modify-attr[@attr-name=’50058’]">
<!-- When Login Disabled is true -->
<xsl:if test="add-value//value[.=’true’]">
<!-- Update the visibility attribute in GroupWise -->
<!-- Copy the <modify> through to update GroupWise -->
<xsl:copy>
<!-- copy everything through -->
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
<!-- Set the GroupWise visibility attribute (50076) to "4"
so the account does not show in the address book -->
<modify-attr attr-name="50076">
<remove-all-values/>
<add-value>
<value type="int">4</value>
</add-value>
</modify-attr>
<!-- Update the visibility attribute in eDirectory -->
<!-- Send a command to modify "NGW: Visibility" in the eDirectory User object -->
<xsl:variable name="command">
<modify class-name="User">
<!-- dest-dn and dest-entry-id identify the User object in eDirectory -->
<xsl:attribute name="dest-dn">
<xsl:value-of select="../@src-dn"/>
</xsl:attribute>
<xsl:attribute name="dest-entry-id">
<xsl:value-of select="../@src-entry-id"/>
</xsl:attribute>
<!-- Set NGW: Visibility (50076) in eDirectory to "4" -->
<modify-attr attr-name="NGW: Visibility">
<remove-all-values/>
<add-value>
<value type="int">4</value>
</add-value>
</modify-attr>
</modify>
</xsl:variable>
<xsl:variable name="result" select="cmd:execute($srcCommandProcessor, $command)"/>
</xsl:if>
</xsl:template>
For use in an Output Transformation policy.
<rule>
<description>Adjust GW Visibility when 'Login Disabled' (50058) is changing to TRUE</description>
<conditions>
<and>
<if-op-attr mode="case" name="50058" op="changing-to">true</if-op-attr>
<if-class-name op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<!-- Set the GroupWise visibility attribute (50076) to "4" so the account does not show in the GW address book -->
<do-set-dest-attr-value class-name="User" name="50076">
<arg-value type="string">
<token-text xml:space="preserve">4</token-text>
</arg-value>
</do-set-dest-attr-value>
<!-- Update the visibility attribute in eDirectory -->
<!-- Send a command to modify "NGW: Visibility" in the eDirectory User object -->
<do-set-src-attr-value class-name="User" name="NGW: Visibility">
<arg-value type="string">
<token-text xml:space="preserve">4</token-text>
</arg-value>
</do-set-src-attr-value>
</actions>
</rule>
<rule>
<description>Adjust GW Visibility when 'Login Disabled' (50058) is changing to FALSE</description>
<conditions>
<and>
<if-op-attr mode="case" name="50058" op="changing-to">false</if-op-attr>
<if-class-name op="equal">User</if-class-name>
</and>
</conditions>
<actions>
<!-- Set the GroupWise visibility attribute (50076) to "2" so the account shows in the GW address book -->
<do-set-dest-attr-value class-name="User" name="50076">
<arg-value type="string">
<!-- Post Office -->
<!-- <token-text xml:space="preserve">1</token-text> -->
<!-- System -->
<token-text xml:space="preserve">2</token-text>
<!-- Domain -->
<!-- <token-text xml:space="preserve">3</token-text> -->
<!-- None -->
<!-- <token-text xml:space="preserve">4</token-text> -->
</arg-value>
</do-set-dest-attr-value>
<!-- Update the visibility attribute in eDirectory -->
<!-- Send a command to modify "NGW: Visibility" in the eDirectory User object -->
<do-set-src-attr-value class-name="User" name="NGW: Visibility">
<arg-value type="string">
<!-- Post Office -->
<!-- <token-text xml:space="preserve">1</token-text> -->
<!-- System -->
<token-text xml:space="preserve">2</token-text>
<!-- Domain -->
<!-- <token-text xml:space="preserve">3</token-text> -->
<!-- None -->
<!-- <token-text xml:space="preserve">4</token-text> -->
</arg-value>
</do-set-src-attr-value>
</actions>
</rule>