Managing Groups

For LDAP services, the Administration Server enables you to edit groups and manage group memberships on the Manage Groups page on the Administration Server Users and Groups tab.

This section describes the following tasks:

• Finding Group Entries

• Editing Group Entries

• Adding Group Members

• Adding Groups to the Group Members List

• Removing Entries From the Group Members List

• Managing Owners

• Managing See Alsos

• Renaming Groups

• Removing Groups

Finding Group Entries

Before you can edit a group entry, you must first find and display the entry, as described in the following procedure.

To Find Group Entries

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Groups link.

3. Type the name of the group you want to find in the Find Group field.

   You can provide any of the following:

   • An asterisk (*) to see all groups currently residing in your directory. You can achieve the same result by leaving the field blank.

   • Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.

     As an alternative, use the Find All Groups Whose section to build a custom search filter and narrow the results of your search. For more information, see Find All Groups Whose.

   • A name. Provide a full or partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string are found. If no such entries are found, any entries that sound like the search string are found.

4. In the Look Within field, select the organizational unit under which you want to search for entries.

   The default is the directory’s root point, the topmost entry.

5. In the Format field, specify whether the output should be formatted for display on screen or for printing to a printer.

6. To display all groups meeting your criteria at any stage in this process, click the Find button.

7. Click the link for the entry you want to display.

Find All Groups Whose

For LDAP services, the Find All Groups Whose section enables you to build a custom search filter. Use the fields in this section to narrow the search results that are otherwise returned by Find Group.

The left drop-down list specifies the attribute on which the search is based. The following options are available:

• Name. Searches each entry’s full name for a match.

• Description. Searches each group entry’s description for a match.

The center drop-down list specifies the type of search to perform. The following options are available:

• Contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a group’s name probably contains the word “Administrator”, use this option with the search string “Administrator” to find the group entry.

• Is. Causes an exact match to be found. Use this option when you know the exact value of a group’s attribute. For example, you know the exact spelling of the group’s name.

• Isn’t. Returns all entries whose attribute value does not exactly match the search string. Use this option if you want to find all groups in the directory whose name does not contain “administrator.” Be aware, however, that using this option can cause an extremely large number of entries to be returned.

• Sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but are unsure of the spelling. For example, you do not know if a group’s name is spelled “Sarret’s list,” “Sarette’s list,” or “Sarett’s list.”

• Starts with. Causes a sub-string search to be performed. Returns all entries whose attribute value starts with the specified search string. For example, you know a group’s name starts with “Product,” but do not know the rest of the name.

• Ends with. Causes a sub-string search to be performed. Returns all entries whose attribute value ends with the specified search string. For example, you know a group’s name ends with “development,” but do not know the rest of the name.

In the right text field, enter a search string. To display all group entries contained in the Look Within directory, enter an asterisk (*) or leave this field blank.

Editing Group Entries

To Edit Group Entries

The following procedure applies to LDAP services only.

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Groups link.

3. Locate the group you want to edit as described in Finding Group Entries.

4. Make the desired changes.

   For more information about specific fields and buttons, see the online Help.

   ---

   Note –

   You may want to change an attribute value that is not displayed by the group edit page. In this situation, use the directory server ldapmodify command line utility, if available.

   ---

Adding Group Members

To Add Members to a Group

The following procedure applies to LDAP services only.

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Groups link.

3. Locate and display the group you want to manage as described in Finding Group Entries, and click the Edit button next to Group Members.

   Any existing group members are listed on the page that displays. Search fields also display.

   • To add user entries to the list of members, Users must be selected in the Find drop-down list.

   • To add group entries to the group, Groups must be selected.

4. In the Matching text field, enter a search string. Provide information for any of the following options:

   • A name. Enter a full or partial name. All entries whose name matches the search string are returned. If no such entries are found, all entries that contain the search string are found. If no such entries are found, any entries that sound like the search string are found.

   • A user ID. If you enter only a partial user ID, any entries that contain the string are returned.

   • A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number are returned.

   • An e-mail address. Any search string containing an at symbol (@) is assumed to be an e-mail address. If an exact match cannot be found, a search is performed to find all e-mail addresses that begin with the search string.

   • Enter an asterisk (*) or leave this field blank to see all entries or groups currently residing in your directory.

   • Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.

5. Click Add to find all matching entries in the LDAP database and add them to the group.

6. (Optional) If the search returns any entries you do not want added to the group, click the corresponding checkbox in the Remove From List column. You can also construct a search filter to match the entries you want removed from the group, and then click Remove. For more information, see Removing Entries From the Group Members List.

7. When the list of group members is complete, click Save Changes. The entries are added to the group member list.

Adding Groups to the Group Members List

For LDAP services, you can add groups instead of individual members to the group’s members list. Any users belonging to the included group will then become a member of the receiving group. For example, if Neil Armstrong is a member of the Engineering Managers group and you make the Engineering Managers group a member of the Engineering Personnel group, then Neil Armstrong is also a member of the Engineering Personnel group.

To add a group to the members list of another group, add the group as if it were a user entry. For more information, see Adding Group Members.

Removing Entries From the Group Members List

This procedure applies to LDAP services only.

To Remove Entries From the Group Members List

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Groups link.

3. Locate the group you want to manage.

   For more information, see Finding Group Entries. and click the Edit button next to Group Members.

4. Indicate the members that you want to remove.

   • To remove only a few members, click the corresponding checkbox in the Remove From List column.

   • To remove members based on common criteria, construct a search filter to match the entries you want removed from the group, and then click Remove.

   For more information about creating a search filter, see Adding Group Members.

5. Click Save Changes.

   The entries are deleted from the group members list.

Managing Owners

For LDAP services, a group owners list is managed in the same way as a group members list.

The following table lists the topics in this guide that provide more information.

Table 4–5 Managing Owners

To	See
Add owners to the group	Adding Group Members
Add groups to the owners list	Adding Groups to the Group Members List
Remove entries from the owners list	Removing Entries From the Group Members List

Managing See Alsos

See Alsos are references to other directory entries that might be relevant to the current group. These references enable users to easily find entries for people and other groups that are related to the current group. You manage See Alsos the same way you manage the group members list.

The following table lists the topics in this guide that provide more information.

Table 4–6 Managing See Alsos

To	See
Add users to See Alsos	Adding Group Members
Add groups to See Alsos	Adding Groups to the Group Members List
Remove entries from See Alsos	Removing Entries From the Group Members List

Renaming Groups

This procedure applies to LDAP services only. When you rename a group entry, only the group’s name is changed. You cannot use the Rename Group feature to move the entry from one organizational unit to another. For example, a business might have the following organizations:

• Organizational units for Marketing and Product Management

• A group named Online Sales under the Marketing organizational unit

In this example, you can rename the group from Online Sales to Internet Investments, but you cannot rename the entry such that Online Sales under the Marketing organizational unit becomes Online Sales under the Product Management organizational unit.

To Rename Groups

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Groups link and locate the group you want to manage as described in Finding Group Entries.

3. Click the Rename Group button.

4. Specify a new group name on the page that displayed, and click Save Changes.

Removing Groups

This procedure applies to LDAP services only.

To Remove Groups

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Groups link.

3. Locate the group you want to manage as described in Finding Group Entries and click Delete Group.

   ---

   Note –

   Individual members of the group are not removed. Only the group entry is removed.

   ---