InetDomainStatus LDAP Attribute
- directory string (UTF-8), single-valued
Applications using a DC Tree as their entry point (RFC 2247 compliant compatibility mode LDAP data model) may choose to respect application specific status attributes, but must consume and respect this attribute on the affiliated physical node (Organization Tree). In other words, for compatibility mode, both the DC Tree and the Organization Tree contain this attribute and if the two attribute's values differ, the one on the Organization Tree will take precedence.
Specifies the global status of a domain for all services. The intent of this attribute is to allow the administrator to temporarily suspend and then reactivate access, or to permanently remove access, by the domain and all its users to all the services enabled for that domain.
This attribute takes one of three values. Supported values are:
|active||Domain is active and users in the domain may use services enabled by the overlay of service-specific object classes and the service state as indicated by the particular status attribute for that service.|
|inactive||Domain is inactive. The account may not use any services granted by service-specific object classes. This state overrides individual service status set using the service's status attributes.|
|deleted||Domain is marked as deleted. The account may remain in this state within the directory for some time (pending purging of deleted users). Service requests for all users in a domain marked as deleted will return permanent failures.|
A missing value implies status is
active. An illegal value is treated as
There are four status attributes that mail services look at and which are evaluated in this order:
mailUserStatus. The rule is: the first of these attributes that is set to something other than
active takes precedence over all the others.
Similarly, this attribute is used for calendar services when evaluating status. The status attributes used are:
icsStatus (of either
In addition, in compatibility mode, when this attribute decorates both the DC Tree and the Organization Tree, both attributes should agree. Administrators are responsible for keeping the two synchronized. If the two attributes do not have the same value, Messaging Server will use the value found in the Organization Tree, while some other legacy application might be using the DC Tree attribute only. This could cause unpredictable results.
For more information on native and compatibility mode LDAP schemes, see the Sun Java Enterprise System Installation Guide.