Novell Documentation: NetMail 3.5 - Leveraging Parent Objects

Leveraging Parent Objects

Two of the most effective ways to leverage the Parent objects in multi-domain environments is to manage agent services and to distribute system management. The following sections, Feature Management and Task-Oriented Management, explore these options in detail.

Feature Management

Many ISPs and ASPs have a fee-per-service arrangement with their clients; that is, they charge their clients based on the level of services they provide. Consequently, it is important that these organizations are able to provide different services for each Internet domain without needing to dedicate a separate messaging server for each set of client services.

NetMail enables administrators to manage agent services for individual users or groups of users. This means that administrators can run an agent on the messaging server, but enable, disable, or selectively define that agent's services for each of their clients. This is accomplished by configuring the agent options in the client's Parent object or individual User objects. An explanation of each option is provided in the following section.

Parent Object Feature Management

The Parent object's primary function is to manage agent services in multi-domain environments. In defining Parent objects, administrators can enable, disable, or configure options for the following agent services:

IMAP

POP

Forward

Autoreply

Messaging Rules

NMAP

Task Oriented Management

ModWeb Mail

ModWeb Preferences

Modular Web Agent

SMTP

Mail Proxy

Calendar Agent

Calendar and Scheduling

AntiVirus

IMPORTANT: The implementation of these options depends on the Default Inheritance setting in the Parent object. For more information, see Configuring Parent Objects.

To associate User objects with a Parent object, administrators can do the following:

Specify a Parent object in each User object's Features page.
Administrators can apply this setting en masse to existing User objects using utilities such as Bulkloader or ICE.
Create new User objects as a TOM administrator in WebAccess. Every User object created by a TOM administrator is automatically associated with the Parent object that corresponds to its assigned domain.
TOM Administrators can associate new User objects with a Parent object en masse by importing lists of users in the TOM administration menu in WebAccess.

NOTE: For assistance in adding, deleting, modifying, or importing domain accounts, TOM administrators can refer to WebAccess help.

For detailed information on the Parent object's configuration options, see Configuring Parent Objects.

User Object Feature Management

The User object replicates most of the configuration options available in Parent objects. This duplication lets the administrator configure general settings in the Parent object, but create exceptions to the rule in individual User objects. For example, in the Parent object the administrator can set a mailbox quota for users in an Internet domain. However, at the User object level, the administrator can allocate a larger mailbox quota for the domain's Webmaster.

For a complete explanation of each option in the User object configuration menu, see User Objects.

Task-Oriented Management

Using Parent objects, you can off-load the task of maintaining user accounts allow you to the individuals who actually manage employee information. For a complete description of this functionality, Task-Oriented Management.

Creating Parent Objects

To create the Parent object, select the Parent Objects container (or the container in which you want to create the Parent object) and choose Parent Object from the Create menu. In creating the Parent object, you are prompted to type the Parent object name.

Configuring Parent Objects

From the Parent object's configuration menu, you can configure the following options:

Option		Function
Features
Options		Changes to these properties are implemented immediately.
Default Inheritance		Determines precedence. If there are conflicting configurations between the Parent and User objects, you can specify which object you want to take precedence.
Parent First		Parent object settings take precedence over the User object settings. If the Parent setting is not configured, the User setting is used.
User First		User object settings take precedence over the Parent object settings. If the User setting is not configured, the Parent setting is used.
Features		Changes to these properties are implemented immediately. IMPORTANT: The implementation of these options depends on the Default Inheritance setting in the Parent object.
IMAP		Allows the administrator to enable or disable IMAP connections for users associated with the current Parent object. Selecting Deferred defers the setting to the User object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
POP		Allows the administrator to enable or disable POP connections for users associated with the current Parent object. Selecting Deferred defers the setting to the User object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
Forwarding		Allows the administrator to enable or disable messaging forwarding for users associated with the current Parent object. If Enabled is selected, the Parent object's Forwarding settings are in effect for all users associated with the Parent object. Selecting Deferred defers the setting to the User object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
AutoReply		Allows the administrator to enable or disable autoreply messaging for users associated with the current Parent object. If Enabled is selected, the Parent object's AutoReply/Vacation settings are in effect for all users associated with the Parent object. Selecting Deferred defers the setting to the User object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
Messaging Rules		Allows the administrator to enable or disable the Rules feature for users associated with the current Parent object. Selecting Deferred defers the setting to the User object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
Modular Web Agent		Allows the administrator to enable or disable the Modular Web client for users associated with the current Parent object. If Enabled is selected, the Parent object's Modular Web Agent settings are in effect for all users associated with the Parent object. Selecting Deferred defers the setting to the User object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
Proxy		Enables or disables the user's ability to proxy other e-mail accounts. Selecting Deferred defers the setting to the Parent object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
Calendar/Scheduling		Enables or disables the user's Calendars and scheduling functions. Selecting Deferred defers the setting to the Parent object. If Deferred is selected in both the Parent and User objects, the calendar and scheduling options are enabled.
Calendar Agent		Allows the administrator to enable or disable iCal functionality, including automatic event status tracking, for users associated with the current Parent object. Selecting Deferred defers the setting to the User object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
AntiVirus		Allows the administrator to enable or disable virus scanning options for users associated with the current Parent object. Selecting Deferred defers the setting to the User object. If Deferred is selected in both the Parent and User objects, the agent is enabled.
Internet Mail
		Changes to these properties are implemented immediately. IMPORTANT: The implementation of these options depends on the Default Inheritance setting in the Parent object.
Forwarding
Enabled		Forwards all messages received by users associated with the current Parent object to the designated e-mail address. Incoming messages are simply forwarded; they are not delivered to the users' mailboxes. You can use this option to provide relaying services for remote messaging systems. For details, see Using Message Forwarding as an Alternative to ETRN.
Enabled and Keep Local Copy		Forwards all messages received by users associated with the current Parent object to the designated e-mail address. A copy of all forwarded messages is kept in the users' mailboxes.
Disabled		Disables message forwarding as configured in the Parent object. IMPORTANT: This option does not disable the Forwarding feature. To disable message forwarding in WebAccess and WebAdmin, disable Forwarding on the Features page in the User or Parent object.
Forward To		The e-mail address where incoming messages are forwarded.
Auto Reply
Enabled		Sends the defined autoreply message in response to all messages received by users associated with the current Parent object. The autoreply message is only sent to the original sender, not all message recipients.
Disabled		Disables Auto Reply as configured in the Parent object. IMPORTANT: This option does not disable the AutoReply feature. To disable message forwarding in WebAccess and WebAdmin, disable Forwarding on the Features page in the User or Parent object.
Message		The message sent in response all messages received by users associated with the current Parent object.
Quota Parameters
Inheritance		Use If Specified Below, Fallback to User uses the mailbox quota configured in the Parent object. If no mailbox quota is configured in the Parent object, the setting defers to the mailbox quota defined in the User object. Disabled disables all mailbox quotas for users associated with the current Parent object. This includes mailbox quotas configured in the Parent object, User object, or NMAP Agent. Use User Values, Fallback to Values Below uses the mailbox quota configured in the User object. If no mailbox quota is configured in the User object, the setting defers to the mailbox quota defined in the Parent object.
Per User Mailbox Quota		If enabled, this is the mailbox quota applied to all users associated with the current Parent object. Type the maximum mailbox size in the kByte field. Messages, folders, and calendar items count against the mailbox quota.
TOM
		The Task Oriented Management (TOM) features allow the administrator to give selected users rights to create, import, modify, or delete user accounts in the contexts and domains designated in the current Parent object. The rights to create, import, modify, or delete user accounts are granted in the User object under the Task-Oriented Management property. See User Objects for more information. These properties only apply to TOM administrators associated with the current Parent object. All changes to Task-Oriented Management properties are implemented immediately. All task-oriented management functions are enabled by the Modular Web Agent Task Management Module. Although the module has no configurable options, it must be running on the server to provide TOM functionality in WebAccess.
Description		Text in this field displays in the Task Oriented Management (TOM) administrator interface if no domains are associated with the Parent object. You can use this field to provide information or instructions for the TOM administrator. The text displayed in the WebAccess TOM Administration window is determined by the following order: The domains assigned to the TOM administrator in the Parent object's Managed Domain Names property. The Description in the TOM administrator's Parent object. The name of the TOM Administrator's Parent object
Managed Domain Names		The Hosting Domains that TOM administrators can select when creating new user accounts. The usernames for new Hosting Domain accounts include the selected domain's name (name@hosted_domain). See Hosting Domains for information on Hosting Domain usernames. If this field is left blank, the domain defaults to the messaging system's Official Domain as defined in the messaging server configuration. Therefore, the default Internet e-mail address for new Global Domain accounts is username@official_domain. However, because of the nature of how Global Domains are handled in NetMail, you can actually address these users at any of the messaging system's Global Domains. See Global Domains for more information on how Global Domain addressing works. If you type any domain in this field, NetMail assumes it is a Hosting Domain and all new users are created with a corresponding username (name@hosted_domain). The TOM module requires that the listed domains are valid Hosting Domains. To be a valid Hosting Domain, the domain must be included in either the SMTP Agent's or the Parent object's Hosting Domains lists. If the Hosting Domain is listed under the Parent object, the Parent object must be included in the SMTP Agent's list of Parent Objects. If the TOM administrator selects multiple Hosting domains when creating the user, the User object is created with the first domain name and Alias objects are created with the subsequent domain names. For example, if the TOM administrator selects domains abc.com and 123.com when creating a user account for jotero, the User object is created as jotero@abc.com. The Alias object, jotero@123.com, points to jotero@abc.com.
Managed Contexts		The NMAP contexts in which TOM administrators can create, modify, delete, or import user accounts. If multiple contexts are selected, NetMail equally distributes User objects among the contexts.
Maximum Number of Allowed Users		The maximum number of users that the TOM administrators associated with the current Parent object can create. This quota is not the maximum per TOM administrator; it is the maximum for all the TOM administrators combined.
ModWeb Mail
		Changes to this property are implemented immediately. IMPORTANT: The implementation of these options depends on the Default Inheritance setting in the Parent object.
Limits
Maximum Number of Recipients per E-mail		The maximum number of recipients for messages sent by users associated with the current Parent object.
Message Size Limit		The maximum size of messages that users associated with the current Parent object can send.
Address Book
Personal		If enabled, this option allows users associated with the current Parent object to create personal address books. A user's personal address book is stored in his or her eDirectory User object. Consequently, users can access their personal address book from any location as long as they are logged in to the network.
System-Wide		If enabled, this option gives users associated with the current Parent object access to a system-wide address book in the Modular Web client (WebAccess or Webmail). In the LDAP URL field, you can type the following LDAP parameters: ldap://user:password@hostname:port/?basedn The user:password variable is the user's name and password. Hostname identifies the LDAP server's host name or IP address. If you type the IP address of a server running the Address Book Agent, users can access address book information from eDirectory. Port specifies the LDAP port assignment. If the LDAP server uses the default LDAP port (port 389), you do not need to specify a port. Basedn identifies the address book context. This is required if the Require DN attribute is added to the Address Book Agent. It is ignored if the Derive DN from Authentication is added to the Address Book Agent. See Address Book Agent Optional Features for more information. If you are using the Address Book Agent to provide a system-wide address book, the only required parameters are hostname:port. Users with the Privacy attribute set to Limited or None in their User objects are visible to other NetMail users in the System-Wide Address Book. Users with an Unlisted privacy setting are not visible in the System-Wide Address Book. For information on providing domain-specific address books, see Managing Multiple Address Books.
Default LDAP Server		If enabled, this option allows users associated with the current Parent object to use the designated LDAP server as a public address book in the Modular Web client (WebAccess or Webmail). To define a default Public LDAP Server, type the host name or IP address of any public LDAP server in the LDAP URL field. You can use the same LDAP parameters discussed under System-Wide LDAP Server. Users can designate a different Public address book in WebAccess or WebAdmin if the default inheritance is User First.
ModWeb Preferences Module
		Changes to this property are implemented immediately. IMPORTANT: The implementation of these options depends on the Default Inheritance setting in the Parent object.
Password Settings
Allow Change		If Yes, users associated with the current Parent object can change their eDirectory passwords in the Modular Web client (Webmail or WebAccess). Because NetMail is completely integrated with eDirectory, the only password it recognizes is the user's eDirectory password. Therefore, enabling this option actually gives users rights to change their eDirectory passwords, regardless of whether they have rights to the actual password property in their User objects.
Require SSL		Requires an SSL connection between the Modular Web client and the messaging server before users associated with the current Parent object can change their password.
Disable Options		Disables user configuration options in the WebAccess and Webmail templates. If Yes, these options do not appear in the User Options menu.
Timeout		The amount of idle time before the user is automatically logged out of the Modular Web client.
Colors		Template color definition options. This option is specific to the Webmail template.
Privacy		The user's level of privacy within the messaging system. The privacy level controls what the Address Book Agent reveals about the user.
Signature		Custom text automatically inserted at the end of each message.
ModWeb
		Changes to this property are implemented immediately. IMPORTANT: The implementation of these options depends on the Default Inheritance setting in the Parent object.
ModWeb Timeout		The default amount of idle time before users associated with this Parent object are automatically logged out of the Modular Web client.
Identifier		Users associated with the current Parent object see this banner in the title bar of each WebAccess page.
Default Language		The default language for the Modular Web Agent and its submodules. This setting is implemented for users associated with the current Parent object.
Default Timezone		The default time zone for the Modular Web Agent and its submodules. This setting is implemented for users associated with the current Parent object.
Template		NetMail WebAccess templates allow you to control the Modular Web Agent client interface. NetMail 3.5 ships with two client templates---WebAccess (Webacc.ctp) and Webmail (WebMail.ctp). The WebAccess interface provides standard mail client functionality including calendaring, scheduling, busy search, assigning tasks, writing notes, and advanced rules. Administrators can also give users access to self-administration features like changing passwords and configuring vacation messages. Furthermore, administrators can use the WebAccess interface to delegate NetMail administrative functions such as adding, modifying, and deleting user accounts. For more information on delegating NetMail administration, see Task-Oriented Management. Webmail is patterned after the NIMS 2.5 mail client interface. It provides all the features of the WebAccess template with the exception of advanced rules and adding, modifying, or deleting user accounts. For more information on templates, see Templates.
Default Template		The default mail client template for users associated with the current Parent object. Select the default template from the Available Templates list. Users can select a different template in the mail client interface.
Available Templates		The templates that users associated with the current Parent object can select in the Modular Web client. To add templates to the list: Click the browse button . In the Contents window, click the Template objects you want to add. The objects are added to Selected Objects list. When finished, click Save. IMPORTANT: To add a template to the list of available templates, you must first create the template object in the Template container.
SMTP
		Changes to this property are effective within 5 minutes.
Global Domains		The Global Domains associated with the current Parent object. You can associate Parent objects with both Global and Hosting Domains. IMPORTANT: Do not list a domain as both a Global Domain and a Hosting Domain. For the SMTP Agent to recognize Global Domains, you must include them in either the SMTP Agent's or the Parent object's Global Domains lists. For a complete discussion on how the messaging system uses Global Domains, see Global Domains. For an explanation of the SMTP Agent's configuration options, see Configuring the SMTP Agent.
Hosting Domains		The Hosting Domains associated with the current Parent object. You can associate Parent objects with both Hosting and Global Domains. IMPORTANT: Do not list a domain as both a Global Domain and a Hosting Domain. For the SMTP Agent to recognize Global Domains, you must include them in either the SMTP Agent's or the Parent object's Global Domains lists. For a complete discussion on how the messaging system uses Hosting Domains, see Hosting Domains. For an explanation of the SMTP Agent's configuration options, see Configuring the SMTP Agent.
Relayed Domains (ETRN)		The current SMTP Agent services the ETRN Domains. To support these domains, you must click the Accept ETRN option in the Options page. For more information on ETRN Domains, see Servicing ETRN Domains.
Allowed Hosts		A list of IP ranges. If Require Sender to Be in "Allowed" List is enabled in the SMTP Agent, only the workstations that fall within the designated IP address ranges can relay messages through the SMTP server. This prevents users who are not members of the messaging system from using the SMTP Agent to relay messages over the Internet. This setting can also be used to prevent internal hosts from relaying Internet messages. By designating ranges of internal IP addresses, you can restrict which workstations are used to send Internet messages. If a workstation's IP address is not in an Allowed Hosts range, you can still use the workstation to send messages to users within the local messaging system.