A Forum reader recently asked:

“One of our customers is attempting to use a group for the mail-acl-manager-name name and is wondering what the correct format should be. We have tried cn=$groupname, but that is not working. Also, the trace shows this on the add – “Notes: createMailFile – Mail ACL Manager Group: null”. Is Mail ACL Manager Group an option we can use? I can’t seem to find it anywhere in the docs.”

And here’s the response from Novell’s Perry Nuffer …


I believe there is an undocumented custom parameter included in the IDM3 version of the NotesDriverShim named mail-acl-manager-group. The ACL entry type created is MIXED_GROUP, to easily allow for support of groups that contain a variety of Notes object types.

Another lesser known feature that was added in the IDM3 NotesDriverShim, is the ability to specify multiple entries for the mail-acl-manager-name, mail-acl-manager-id, and mail-acl-manager-group tags, with the value entries separated by semi-colons. So the XML attribute may look like
mail-acl-manager-name=”CN=Moe Manager/OU=west/O=acme;CN=Larry
Manager/OU=east/O=acme;CN=Curly Manager/OU=south/O=acme”

If you’re using IDM3, try inserting the following GCV into your configuration:

<definition display-name="Add User E-Mail: Mail ACL Manager Group"
item-separator=";" name="" type="list">
  <description>Enter the desired Notes E-Mail Database Manager Group Name.
Leave blank to not attach extra group manager ACLEntries to the mailfile
database. If ACL access of the mail database is less than MANAGER, then an
e-mail manager needs to be set using this setting or the 'Mail ACL Manager
Person' setting. More than one name can be specified when separated by a
semicolon (i.e. LocalDomainAdmins;mailAdminGroup)</description>

And then use the following rule somewhere within the subscriber creation policy set or subscriber command transformation policy set:

  <description>    Add User E-Mail: ACL Manager Group</description>
        <if-global-variable name=""
        <if-global-variable name=""
      <do-set-xml-attr expression="../add[@class-name='User']"
          <token-global-variable name=""/>
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: pnuffer
Jan 17, 2007
2:45 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow