A Forum reader recently asked:
“One of our customers is attempting to use a group for the mail-acl-manager-name name and is wondering what the correct format should be. We have tried cn=$groupname, but that is not working. Also, the trace shows this on the add – “Notes: createMailFile – Mail ACL Manager Group: null”. Is Mail ACL Manager Group an option we can use? I can’t seem to find it anywhere in the docs.”
And here’s the response from Novell’s Perry Nuffer …
I believe there is an undocumented custom parameter included in the IDM3 version of the NotesDriverShim named mail-acl-manager-group. The ACL entry type created is MIXED_GROUP, to easily allow for support of groups that contain a variety of Notes object types.
Another lesser known feature that was added in the IDM3 NotesDriverShim, is the ability to specify multiple entries for the mail-acl-manager-name, mail-acl-manager-id, and mail-acl-manager-group tags, with the value entries separated by semi-colons. So the XML attribute may look like
If you’re using IDM3, try inserting the following GCV into your configuration:
<definition display-name="Add User E-Mail: Mail ACL Manager Group" item-separator=";" name="account.email.aclmanagergrp" type="list"> <description>Enter the desired Notes E-Mail Database Manager Group Name. Leave blank to not attach extra group manager ACLEntries to the mailfile database. If ACL access of the mail database is less than MANAGER, then an e-mail manager needs to be set using this setting or the 'Mail ACL Manager Person' setting. More than one name can be specified when separated by a semicolon (i.e. LocalDomainAdmins;mailAdminGroup)</description> <value> <item>LocalDomainAdmins</item> <item>MailAdmins</item> </value> </definition>
And then use the following rule somewhere within the subscriber creation policy set or subscriber command transformation policy set:
<rule> <description> Add User E-Mail: ACL Manager Group</description> <conditions> <and> <if-global-variable name="account.email.aclmanagergrp" op="available"/> <if-global-variable name="account.email.aclmanagergrp" op="not-equal"/> </and> </conditions> <actions> <do-set-xml-attr expression="../add[@class-name='User']" name="mail-acl-manager-group"> <arg-string> <token-global-variable name="account.email.aclmanagergrp"/> </arg-string> </do-set-xml-attr> </actions> </rule>
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.