Skip to main content

Handling account attributes

You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using the Manage the system (PSA) module. To do this, select Lotus Domino Server from the Manage the system > Resources > Account attributes > Target system type menu.

For information about the native Lotus Domino Server attributes managed by Bravura Security Fabric , consult your Lotus Domino documentation.

Bravura Security Fabric explicitly handles the following attributes and pseudo-attributes when creating or modifying recipient accounts for Lotus Domino Server targets:

  • _CertifierName Use _CertifierName to define the certifier to be used for creating the account. The certifier indicates what organizational unit (OU) the account should be in. A certifier must be created for each OU that Bravura Security Fabric could create an account in. In order for this attribute to be passed through, ensure the sequence number is set to -1.

  • _CN_FirstName, _CN_MiddleName, _CN_LastName These three pseudo-attributes can be used to build a CN that is separate from the First, Middle, and Last profile attributes. The default values are the same as the FirstName , MiddleName , and LastName attributes. Using these separate pseudo-attributes means that Bravura Security Fabric can create a CN without interfering with the FirstName , MiddleName , and LastName attributes. It also allows you to use a different naming policy for the CN – for example with no middle name – while still being able to populate the MiddleName attribute in the person record.

  • _CreateMailFile Use _CreateMailFile during account creation to control whether a mail file is created for the account. You must create the attribute as type "string", and assign it one of the following values. The default value is "T".

    T create the account

    F do not create the account

  • _DeleteAdminP Use _DeleteAdminP attribute to control if to use adminP process when deleting user, it overrides delete settings in configuration file. _DeleteAdminP pseudo-attribute can be configured with one of following three values:

    True Use adminP process

    False Don’t use adminp process

    Unset Or if it is not defined then settings in configuration file will be used.

  • _DenyAccessGroup You can use the _DenyAccessGroup pseudo-attribute to specify deny access group, which overrides deny access group setting in the configuration file. If _DenyAccessGroup is not defined the deny access group will be read from configuration file.

  • _FullNameAppend which can be used to append a value to the FullName attribute.

  • groups You can use the groups pseudo-attribute to set group membership on this target system type. You can add new or existing users to a group, or remove an existing user from a group.

  • _IDExpiryTime Use _IDExpiryTime to define the account’s ID file expiry date and time. The date-time value format is "Y-M-D H:M:S" If only the date is provided, Bravura Security Fabric will set the time portion to midnight (00:00:00).

  • _IDFileLocation The _IDFileLocation pseudo-attribute specifies the path in which to place the user’s newly created ID file, or the full path including ID file name. If not specified, the default log directory is used (for example, <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ <psxxxx>). Ensure the sequence number is set to -1.

    For example, set the value type to "PSLang Expression" and set the value to "c:\\idfiles\\" + $USERID[0] + "\\user.id" will create the ID file in the location of c:\idfiles\someuser\user.id

    If the value of the _IDFileLocation attribute is set to a directory that doesn’t exist, Bravura Security Fabric tries to create the specified directory.

    Alternatively, you can use an existing certifier repository by defining database options in the configuration file that is specified in the target address. Configuration options are defined in Writing a configuration file for Lotus Domino target systems.

  • MailFile The short name of the template user is replaced with the short name of the new user when this attribute is set. A mail file is created on the same server as the template’s mail file unless the MailServer attribute specifies something different.

    If you Set the MailFile attribute, the mail file is created in the root directory (usually C:\Lotus\ Domino\Data) unless the path is prepended to the file name. For example, mail/janed is created as:

    C:\Lotus\Domino\Data\mail\janed.nsf.

  • _MailOwnerAccess Controls the ACL level that is given to a new user’s mailbox. _MailOwnerAccess can be assigned the following values:

    • Editor

    • Designer

    • Manager

    The default ACL (Editor) will be assigned when the attribute is unset or if set to an invalid value.

  • MailServer By default, Bravura Security Fabric copies the mail server from the template account. To specify a different mail server, write the value of MailServer in the format:

    CN=<server>/O=<organization>

  • _MailTemplate You can Set the _MailTemplate to determine which mail file template to use when creating a new user’s mail file. If a template is not specified, the Notes configured default template is used.

    The _MailTemplate must be a NTF file located in the Lotus Notes root directory.

  • _MoveMailFile If this pseudo-attribute is Set to true, Bravura Security Fabric makes a request to admin4.nsf to move the user’s mail file when either the MailServer or MailFile attribute changes.

    It may take up to several hours for Notes to move a user’s mail file once the request has been made. For more information, consult your Lotus Notes documentation.

  • _MailFileQuotaSizeLimit Use _MailFileQuotaSizeLimit during account creation to control the mail file quota size limit. The value is an integer measured in KB; 0 means unlimited. If this attribute is not specified, the mail template quota size limit is used.

  • _MailFileQuotaWarningThreshold Use _MailFileQuotaWarningThreshold during account creation to control the mail file quota warning threshold. The value is an integer measured in KB; 0 means unlimited. If this attribute is not specified, the mail template quota warning threshold is used.

  • _ReplicaServers This is a multi-valued pseudo-attribute used to specify additional servers in a clustered Lotus Domino environment. The agtdmno agent creates mail file replicas on each of the listed servers when a new user is created, and deletes mail file replicas on each of the servers when a user is deleted.

    For example, in order to configure _ReplicaServers for two additional Lotus Domino servers:

    1. Navigate to the account attribute configuration page for _ReplicaServers and click Override.

    2. Choose Set for the action to perform.

    3. Set the Maximum number of values to 2.

    4. Set the Attribute value to the host name of the second Lotus Domino server.

    5. Click Update.

    6. In the Add a new value row, set the Attribute value to the host name of the third server and provide it with an appropriate sequence number.

    7. Click Update.

  • domino_dacl Use domino_dacl during nrattributes or nrupdate operations. The nrattributes operation is used for viewing the access level and sub-permissions on a resource whereas nrupdate modifies the user access level and sub-permissions.

    The syntax for calling the nrupdate operation is as follows:

    {[grant][remove]=<userName>;mask={[<level>;][[-]<subperm>;...]};};

    The list of possible access levels:

    • M - Manager

    • D - Designer

    • E - Editor

    • A - Author

    • R - Reader

    • P - Depositor

    • N - No Access

    The list of possible sub-permissions:

    • CD - Create Documents

    • CS - Create Lotus Scripts

    • CPA - Create Personal Agents

    • CPF - Create Personal Folders

    • CSF - Create Shared Folders

    • DD - Delete Documents

    • RD - Read Public Documents

    • WD - Write Public Documents

    • RP - Replicate or Copy Documents

    To remove a permission, affix ’-’; for example: -CD .

In this section: