Please enable JavaScript to view this site.

The setuserattr() command adds attributes to a user account or changes existing attributes.

 

The user account can be viewed in the Users.

 

Structure of the command

 

setuserattr('attr','value');

 

 

Return value

positive

always

 

Parameters

ATTR and VALUE

The following system attributes (attr) are available with the corresponding values (value) according to the following table:

 

ATTR

VALUE

accountOptions

Bit 0: User may not encrypt (see USER 'USER@DOMAIN.TLD' User Data May not encrypt mails)

Bit 1: User may not encrypt
Bit 2: User may not sign (see USER 'USER@DOMAIN.TLD' User Data May not sign mails)

Bit 3: Always send GINA notification (see USER 'USER@DOMAIN.TLD' User Data Notifications always:)
Bit 4: GINA Domain Use settings (Change GINA Settings For Extended Settings Sender receives notification when recipient reads GINA mails) (see USER 'USER@DOMAIN.TLD' User Data Notifications domain default)

 

Mask

Bit 0: User may not encrypt

x

 

 

 

 

not allowed

x

x

x

Bit 1: User may not encrypt

 

x

 

 

 

x

 

x

Bit 2: User may not sign

 

 

x

 

 

 

x

x

Bit 3: Always send GINA notification

 

 

 

x

 

x

obsolete, as GINA encryption is not possible with active "Bit 0"

Bit 4: Use GINA Domain settings for notification

 

 

 

 

x

x

Value for value

1

2

4

8

16

--

3

5

7

 

Default value is '0' (may sign, encrypt, no GINA notification)

'5' sets the user to inactive which releases the Signature And Encryption license.

mpkiSubjectPart

User-specific subject part (see USER 'USER@DOMAIN.TLD' User Data MPKI subject part)

SN

Name of the user (see USER 'USER@DOMAIN.TLD' User Data Full name)

variables available!

UID

User ID of the user (see USER 'USER@DOMAIN.TLD' User Data User ID)

variables available!

 

empty

anchor link Note:

All attributes of InetOrgPerson can be used.

The attributes can be displayed in the administration interface.

 

The unique identifier of a SEPPmail Secure E-Mail Gateway user account is the email address, which is why it cannot be changed.

 

Example 1

Line

Code

01

if(ldap_compare('192.168.10.10,192.168.10.11;CN=Peter Mueller,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Company,DC=local;mypassword;OU=SBSUsers,OU=Users,OU=MyBusiness,DC=Company,DC=local;(mail=$sender)','memberOF','SecureMail')) {

02

if(authenticated()) {

03

setuserattr('accountOptions','16');

04

05

}

 

Explanation

This example checks whether the sender is a member of the "support" group (line 01). If yes, it is checked by means of authenticated() whether the sender is already defined as a user in the appliance (line 02). If both these conditions apply, the command setuserattr() is used to assign the right for "encryption and signing" and GINA notifications (read notifications) according to the default settings of the respective GINA domain (line 03).

 

Example 2

Line

Code

01

ldap_read('172.16.161.5;CN=ldapquery,OU=ServiceAccounts,OU=UserDC=customer1,DC=local;Password;OU=User,DC=customer1,DC=local;(mail=$from)','StaticSubjectPart','StaticSubjectPart');

02

ldap_read('172.16.161.5;CN=ldapquery,OU=ServiceAccounts,OU=User,DC=customer1,DC=local;Password;OU=User,DC=customer1,DC=local;(mail=$from)','displayName','displayName');

03

ldap_read('172.16.161.5;CN=ldapquery,OU=ServiceAccounts,OU=User,DC=customer1,DC=local;Password;OU=User,DC=customer1,DC=local;(mail=$from)','sAMAccountName','sAMAccountName');

04

setuserattr('UID','$sAMAccountName');

05

setuserattr('SN','$displayName');

06

setuserattr('mpkiSubjectPart','$StaticSubjectPart');

 

Explanation

In this example, in lines 01 - 03 the values for "Static Subject Part", "display name" and "user ID" are read from an LDAP and written into variables of the same name. In lines 04 - 06 these values are taken over for the SEPPmail user.
  

Keyboard Navigation

F7 for caret browsing
Hold ALT and press letter

This Info: ALT+q
Topic Header: ALT+t
Topic Body: ALT+b
Contents: ALT+c
Search: ALT+s
Exit Menu/Up: ESC