| Sun ONE Web Server 6.1 Administrator's Guide | 
The Users and Groups Tab
The Users and Groups tab contains the following pages:
The New User PageThe New User page allows you to add users to a directory service.
For more information, see Creating Users.
The following elements are displayed:
Select Directory Service. Allows you to select the directory service to which you want to add the user.
Select. Displays user elements corresponding to the type of directory service selected:
- LDAP Server. If the directory service is of type LDAP Server, the following elements are displayed:
- Given Name. Specifies the users’s given name or first name.
- Surname. (Required) Specifies the user’s surname or last name.
- Full name. (Required) Specifies the user’s given name and surname. If you entered a given name and a surname, this field is automatically filled in.
- User ID. (Required) Specifies a unique user name for the user. The user ID is generated as the first initial of the user’s first name followed by the user’s last name. You can replace this user ID with an ID of your own choosing. If you entered a given name and a surname, this field is automatically filled in.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.
Note
If you use the ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.
- Password. Specifies the password for the user.
- Password (Again). Confirms the password entered in the Password field. If what you enter in this field is different from what you entered in the Password field, you will be prompted to try again.
- E-Mail Address. Specifies the email address of the user.
- Add New User To. Specifies the organizational unit where you want the new user to be placed. The default location is your directory’s root point.
- Create User. Adds the user.
- Create and Edit User. Adds the user to the LDAP database and proceeds to the The Edit Users Page to allow you to edit the user entry in the LDAP database.
- Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
- Help. Displays online help.
- Key File. If the directory service is of type Key File, the following elements are displayed:
- User ID. (Required) Specifies a unique user name for the user.
- Password. Specifies the password for the user.
- Password (Again). Confirms the password entered in the Password field.
- Groups. Specifies a comma-separated list of groups of which the user is a member.
- Create User. Adds the user.
- Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
- Help. Displays online help.
- Digest File. If the directory service is of type Digest File, the following elements are displayed:
- User ID. (Required) Specifies a unique user name for the user.
- Realm. Specifies the realm that will authenticate this user.
- Password. Specifies the password for the user.
- Password (Again). Confirms the password entered in the Password field.
- Groups. Specifies a comma-separated list of groups of which the user is a member.
- Create User. Adds the user.
- Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
- Help. Displays online help.
The Edit Users PageThis page pertains to LDAP services only and allows you to edit a user entry in the LDAP database. You can change user attribute values, change the user’s password, rename the user’s entry, and delete the user’s entry. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility.
For more information, see Managing Users.
There are two tabs at the top of the page that give you different sets of fields to edit:
General
The following elements are displayed:
Given Name (First Name). Specifies the users’s given name or first name.
Surname (Last Name). Specifies the user’s surname or last name.
Full Names. Specifies the user’s given name and surname.
Title. Specifies the job title of the user.
User ID. Specifies a unique user name for the user. The user ID generated by the gateway is the first initial of the user’s first name followed by the user’s last name. You can replace this user ID with an ID of your own choosing.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.
Note
If you use the ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.
E-Mail Address. Specifies the email address of the user.
Phone Number. Specifies the phone number of the user.
Save Changes. Saves changes to the LDAP database.
Rename User. Renames the user entry (including the entry’s distinguished name) in the LDAP database.
Delete User. Deletes the user from the LDAP database.
Help. Displays online help.
Password
The following elements are displayed:
New password. Specifies the new password. This password is used for user entries by the various Netscape/Sun ONE servers for user authentication
New password (again). Confirms the password entered in the New password field. If what you enter in this field is different from what you entered in the New password field, you will be prompted to try again.
Set Password. Changes the password immediately.
Disable Password. Disables the user’s password by setting it to an invalid value.
Help. Displays online help.
The Manage Users PageThe Manage Users page allows you to edit user information and attributes. For an LDAP database, the page provides search fields that allow you to find user entries.
The following elements are displayed:
Select Directory Service. Allows you to select the directory service with the user(s) you want to manage.
Select. Displays the user elements corresponding to the type of directory service selected.
For more information about finding and managing users, see Managing Users. For more information about the specific fields on the form used to edit user information, see The Edit Users Page.
Find user. Specifies a descriptive value for the entry that you want to edit. You can enter any of the following in the search field:
- A name. Specifies a full name or a partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sound like the search string are found.
- A user ID. If you enter only a partial user ID, any entries that contain the string will be returned.
- A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned.
- An email address. Any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string.
- An asterisk (*). Displays all the entries currently in your directory. You can achieve the same effect by simply leaving the field blank.
- Any LDAP search filter. Treats any string that contains an equal sign (=) as a search filter (for example, ou=Network).
Find. Launches the search. A list of users matching the search criteria is displayed. Click an entry and then change user information as desired on the resulting edit page. For more information about the specific fields, see The Edit Users Page.
Find all users whose. Allows you to build a custom search filter. Use this field to narrow down the search results returned by Find user field. You can specify the following search criteria:
full name. Searches each entry’s full name for a match.
last name. Searches each entry’s last name, or surname for a match.
user id. Searches each entry’s user id for a match.
phone number. Searches each entry’s phone number for a match.
email address. Searches each entry’s email address for a match.
contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a user’s name probably contains the word “Steve,” use this option with the search string “Steve” to find the user’s entry.
is. Causes an exact match to be found. This option specifies an equality search. Use this option when you know the exact value of a user’s attribute. For example, if you know the exact spelling of the user’s name, use this option.
isn’t. Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the users in the directory whose name is not “Babs Jensen,” use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but you are unsure of the spelling. For example, if you are not sure if a user’s name is spelled “Sarret,” “Sarette,” or “Sarett,” use this option.
starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a user’s name starts with “Mike,” but you do not know the rest of the name, use this option.
ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a user’s name ends with “Anderson,” but you do not know the rest of the name, use this option.
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory’s root point (or topmost entry).
Format. Specifies whether the search results are formatted for display on screen or for printing to a printer.
Find. Launches the search. If multiple users match the search criteria, a list of users is displayed. Click a name in the list and then change user information as desired on the resulting edit page. For more information about the edit page, see The Edit Users Page.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays online help.
User ID. (Required) Specifies a unique user name for the user.
Password. Specifies the password for the user.
Password (Again). Confirms the password entered in the Password field.
Groups. Specifies a comma-separated list of groups of which the user is a member.
Change User. Changes the user information.
Remove User. Removes the user from the directory service.
Help. Displays online help.
User ID. (Required) Specifies a unique user name for the user.
Realm. Specifies the realm that will authenticate this user.
Password. Specifies the password for the user.
Password (Again). Confirms the password entered in the Password field.
Groups. Specifies a comma-separated list of groups of which the user is a member.
Change User. Changes the user information.
Remove User. Removes the user from the directory service.
Help. Displays online help.
The New Group PageThe New Group page pertains to LDAP services only and allows you to create a group entry within the directory server.
For more information, see Creating Groups.
The following elements are displayed:
Type of Group. Specifies whether the group is static or dynamic. Dynamic groups are generated dynamically based upon LDAP attributes and filters. Dynamic groups can slow your group lookups.
Go. Click this button to load data.
Group Name. Specifies the group name.
Description. Specifies a description of the group.
Add New Group To. Specifies the directory to which you are adding the group. The default location is your directory’s root point.
Create Group. Adds the group to the LDAP database.
Create and Edit Group. Adds the group, and then proceeds to The Edit Groups Page for the group you have just added.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays online help.
The Edit Groups PageThe Edit Groups page pertains to LDAP services only and allows you to edit a group entry. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility.
For more information, see Managing Groups.
The following elements are displayed:
Group Name. Specifies the group you want to edit.
Description. Specifies a description of the group.
Member Url. Specifies the LDAP URL. For more information, see Guidelines for Creating Dynamic Groups.
Group Members. Lists the members of the group. Click Edit to add, modify, or delete members in the group.
Group Cert Members. Specifies the members of the group certificate. Click Add to add members to the group certificate.
Owner. Specifies the owner of the group. Click Edit to add, modify, or delete the group owner.
See Also. References other directory entries that may be relevant to the current group. See Also allows users to easily find entries for people and other groups that are related to the current group. Click Edit to add, modify, or delete See Also references.
Save Changes. Saves the changes to the LDAP directory.
Rename Group. Renames the group in the LDAP directory.
Delete Group. Deletes the group from the LDAP directory.
Help. Displays online help.
The Edit Members PageThe Edit Members page pertains to LDAP services only and allows you to add, edit, or delete users or groups in a group or organization. You can add or delete members individually, or by using searches.
For more information on groups, see Managing Groups.
For more information or organizations, see Creating Organizational Units.
The following elements are displayed:
Remove from List? Click the checkbox next to the name of the member user or group you want to remove from the list of members.
Find. Specifies whether you are searching for users or groups.
matching. Specifies the string or character to search for in the user or the group name.
Find and Add. Finds the user or group in the LDAP database and adds them to the group.
Find and Remove. Finds the user or group in the LDAP database and deletes the user or group from the group.
Save Changes. Saves the changes to the LDAP directory.
Cancel. Erases your changes and returns to previous page.
Help. Displays online help.
The Group Cert Members PageThe Group Cert Members Page pertains to LDAP services only and allows you to specify the information necessary to request a certificate from a commercial or an internal certificate authority (CA).
The following elements are displayed:
Common name. Specifies the fully qualified hostname used in DNS lookups (for example, www.sun.com). This is the hostname in the URL that a browser uses to connect to your site. It’s important that these two names are the same, otherwise a client is notified that the certificate name does not match the site name, which will make people doubt the authenticity of your certificate. However, some CAs might require different information, so it’s important to contact them.
Email Address. Specifies the business email address used for correspondence between the business and the CA.
Organization. Specifies the official, legal name of the company, educational institution, partnership, and so on. Most CAs require that you verify this information with legal documents (such as a copy of a business license).
Organization Unit(s). Describes an organization within your company. This can also be used to specify a less formal company name (without the Inc., Corp., and so on).
Locality. Specifies the city, principality, or country for the organization.
State or Province. Specifies the state or province in which the organization is located. Most CAs require the full name, not abbreviations.
Country. Specifies the country in which the organization is located. Most CAs require the two-letter country code (for example, US for United States of America).
Save Changes. Saves your entries.
Help. Displays online help.
The Manage Groups PageThe Manage Groups page pertains to LDAP services only and allows you to manage group memberships. You can find groups, change group attributes, add and delete owners of the group, add and delete members of the group, rename the group, delete the group, and change the group’s description.
The following elements are displayed:
Find group. Specifies the name of the group that you want to find. You can enter any of the following in the search field:
- A name. A full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
- An asterisk (*). The groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank.
- Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
Find all groups whose. Allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find Groups. You can specify the following search criteria:
- The left drop-down list allows you to specify the attribute on which the search is based. You can choose from the following options:
- In the middle drop-down list, select the type of search you want to perform. You can choose from the following options:
- contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a group’s name probably contains the word “Administrator,” use this option with the search string “Administrator” to find the group entry.
- is. Causes an exact match to be found. Use this option when you know the exact value of a group’s attribute. For example, if you know the exact spelling of the group’s name, use this option.
- isn’t. Returns all the entries whose attribute value does not exactly match the search string. If you want to find all the groups in the directory whose name does not contain “administrator,” use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
- sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but you are unsure of the spelling. For example, if you are not sure if a group’s name is spelled “Sarret’s list,” “Sarette’s list,” or “Sarett’s list,” use this option.
- starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a group’s name starts with “Product,” but you do not know the rest of the name, use this option.
- ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a group’s name ends with “development,” but you do not know the rest of the name, use this option.
- In the right text field, enter your search string. To display all the group entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this field blank.
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory’s root point, or top-most entry.
Format. Specifies whether the output is formatted for display on screen or for printing to a printer.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays online help.
The New Organizational Unit PageOrganizational units are subdivisions within your company that use the organizationalUnit object class. The New Organizational Unit page pertains to LDAP services only and allows you to create a new organizational unit in the directory server.
For more information, see Creating Organizational Units.
The following items are displayed:
Unit Name. Specifies the name of the organizational unit.
Description. Specifies a description of the organizational unit.
Add Organizational Unit To. Specifies the parent organizational unit under which this new organizational unit will reside.
Create Organizational Unit. Adds the organizational unit to the LDAP database.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays online help.
The Manage Organizational Units PageThe Manage Organizational Units page pertains to LDAP services only and allows you to manage the company’s organizational units.
For more information, see Managing Organizational Units.
The following elements are displayed:
Find organizational unit. Specifies the name of the organizational unit that you want to find. You can enter any of the following in the search field:
- A name. A full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
- An asterisk (*). All the groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank.
- Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
Find all units whose. Allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find Organizational Unit. You can specify the following search criteria:
- The left drop-down list allows you to specify the attribute on which the search is based. You can choose from the following options:
- In the middle drop-down list, select the type of search you want to perform. You can choose from the following options:
- contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an organizational unit’s name probably contains the word “Administrator,” use this option with the search string “Administrator” to find the organizational unit entry.
- is. Causes an exact match to be found. Use this option when you know the exact value of an organizational unit’s attribute. For example, if you know the exact spelling of the organizational unit’s name, use this option.
- isn’t. Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the organizational units in the directory whose name does not contain “administrator,” use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
- sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but you are unsure of the spelling. For example, if you are not sure if a organizational unit’s name is spelled “Sarret’s list,” “Sarette’s list,” or “Sarett’s list,” use this option.
- starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know an organizational unit’s name starts with “Product,” but you do not know the rest of the name, use this option.
- ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know an organizational unit’s name ends with “development,” but you do not know the rest of the name, use this option.
- In the right text field, enter your search string. To display all the organizational unit entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this field blank.
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory’s root point, or top-most entry.
Format. Specifies whether the search results are formatted for display on screen or for printing to a printer.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
Help. Displays online help.
The Edit Organizational Unit PageThe Edit Organizational Unit page pertains to LDAP services only and allows you to add, edit, or remove an organizational unit.
For more information, see Managing Organizational Units.
The following elements are displayed:
Unit Name. Specifies the name of the organizational unit.
Description. Specifies a description of the unit.
Phone. Specifies the phone number of the organizational unit.
Fax. Specifies a fax number of the organizational unit.
Mailing Address. Specifies the mailing address of the organizational unit.
Save Changes. Saves the changes made on this page.
Rename. Renames the organizational unit in the LDAP database.
Delete. Deletes the organizational unit from the LDAP database.
Help. Displays online help.