MgrpDisallowedBroadcaster LDAP Attribute



 Syntax 

 IA5 string (ASCII) 

 OID 

 2.16.840.1.113894.1009.1.101.0.1129.1.1 



Definition

Identifies mail users not allowed to send messages to the mail group. If no instances of this attribute exist on the  entry, then there are no restrictions on who can send messages to the mail group unless the   and   attributes are used.

Messaging Server expects this attribute to contain either a distinguished name or an RFC822address. If a distinguished name is used, it must represent a mailable entry or entries of type  or. (That is, the  entry must contain an email address in one of the following attributes: ,  ,  .) The distinguished name must be represented in the form of an LDAP URL as described in RFC 1959.

If multi-valued, each URL is expanded into a list of addresses and each address is checked against the current envelope "from" address. The message is disallowed if there is a match.

You can specify metacharacter substitutions in this attribute. In particular, the address-related metacharacter sequences ($A for the entire address, $U for the mailbox part, $D for the domain part) refer to the current envelope "from" address and can in some cases be used to limit the results returned by the URL to entries that are likely (or guaranteed) to match. This may make authorization checks more efficient.

Suppose you define a dynamic list through an LDAP lookup where everyone on the list is prohibited from posting to the mailing group. For example: mgrpDisallowedBroadcaster: ldap:///o=Sesta,c=US??sub?(&(objectClass=inetMailUser) (objectClass=inetOrgPerson) The effect of this definition is to expand the whole list for the authorization check. However, if you add a restriction so only entries containing the current envelope "from" address are returned to the authorization check, the operation may be much more efficient: mgrpDisallowedBroadcaster: ldap:///o=Sesta,c=US??sub?(&(objectClass=inetMailUser) (objectClass=inetOrgPerson)(mail=$A) In this case, only the sender&#x27;s entry is checked for broadcast authorization and prevented from posting the message. In the preceding example, all the mail user entries in the Sesta US domain are checked.

To enable metacharacter substitutions, you must enable the MTA option PROCESS_SUBSTITUTIONS. For details about this option, see the Sun Java System Messaging Server Administration Guide.

Note: LDAP_CANT_URL is the MTA option used to specify a different attribute name for this function.

Example mgrpDisallowedBroadcaster: ldap:///uid=bjensen, o=sesta.com mgrpDisallowedBroadcaster: sys50@sesta.com mgrpDisallowedBroadcaster: ldap:///o=Sesta,c=US??sub?(&(objectClass=inetMailUser)(objectClass=inetOrgPerson)(mail=$A)