MgrpAllowedBroadcaster LDAP Attribute



 Syntax 

 IA5 string (ASCII) 

 OID 

 2.16.840.1.113894.1009.1.101.0.1121.1.1 



Definition

Identifies mail users allowed to send messages to the mail group. The purpose of this attribute is to restrict who can send messages to the mail group. If no instances of this attribute exist on the  entry, there are no restrictions on who can send messages to the mail group unless the ,  , and   attributes are used.

The Messaging Server expects this attribute to contain either a distinguished name or an RFC822address using an LDAP URI or a mailto address (see example). If a distinguished name is used, it must represent a mailable entry or entries of type  or. (That is, the group entry must contain an email address in one of the following attributes:,  ,  .)

If multi-valued, each URL or DN is expanded into a list of addresses and each address is checked against the current envelope "from" address. The message is allowed if there is a match.

Any email addresses specified are expanded as if they are a mailing list. Unlike a mailing list, this expansion includes all the attributes used to store email addresses (normally,  , and  ). Thus, if an address for the list itself is specified as a, a user can subscribe to a restricted list using one address and use an alternate address to send messages to the list.

If none of the attribute values is a valid URL, or none of the members of the group specified in the attribute value have a valid URL, the message will bounce or be directed to a moderator (as determined by the  attribute).

You can specify metacharacter substitutions in this attribute. In particular, the address-related metacharacter sequences ($A for the entire address, $U for the mailbox part, $D for the domain part) refer to the current envelope "from" address and can in some cases be used to limit the results returned by the URL to entries that are likely (or guaranteed) to match. This may make authorization checks more efficient.

Suppose you define a dynamic list through an LDAP lookup where anyone on the list is allowed to post to the mailing group. For example: mgrpAllowedBroadcaster: ldap:///o=Sesta,c=US??sub?(&(objectClass=inetMailUser) (objectClass=inetOrgPerson) The effect of this definition is to expand the whole list for the authorization check. However, if you add a restriction so only entries containing the current envelope "from" address are returned to the authorization check, the operation may be much more efficient: mgrpAllowedBroadcaster: ldap:///o=Sesta,c=US??sub?(&(objectClass=inetMailUser) (objectClass=inetOrgPerson)(mail=$A) In this case, only the sender&#x27;s entry is checked for broadcast authorization. In the preceding example, all the mail user entries in the Sesta US domain are checked.

To enable metacharacter substitutions, you must enable the MTA option PROCESS_SUBSTITUTIONS. For details about this option, see the Sun Java System Messaging Server Administration Guide.

Note: LDAP_AUTH_URL is the MTA option used to specify a different attribute name for this function.

Example mgrpAllowedBroadcaster: uid=bjensen,o=siroe.com mgrpAllowedBroadcaster: ldap:///uid=bjensen,o=siroe.com mgrpAllowedBroadcaster:mailto:group1@siroe.com mgrpAllowedBroadcaster: ldap:///o=Sesta,c=US??sub?(&(objectClass=inetMailUser)(objectClass=inetOrgPerson)(mail=$A)