| Previous Contents Index DocHome Next |
| iPlanet Web Server, Enterprise Edition Administrator's Guide |
The Users & Groups Tab
The Users & Groups tab contains the following pages:
Note The second level bullets list pages you can bring up from links or buttons on the corresponding first level bullet.
The New User Page
The Edit Users Page
The Manage Users Page
The Edit Groups Page
The Manage Groups Page
The New Organizational Unit Page
The Manage Organizational Units Page
The Edit Organizational Unit Page
The Manage Preferred Language List Page
The New User Page
The New User page allows you to add users to the LDAP database of Netscape Directory Server.For more information, see Creating Users.
The following elements are displayed:
Given name. Specifies the users's given name or first name.
Surname. Specifies the user's surname or last name.
Full name. Specifies the user's given name and surname. If you entered a given name and a surname, this field is automatically filled in.
User ID. Specifies a unique user name for the user. The user ID is generated as the first initial of the user's first name followed by the user's last name. You can replace this user ID with an ID of your own choosing. If you entered a given name and a surname, this field is automatically filled in.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.
Note If you use the ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.
Password. Specifies the password for the user.
Password (again). Confirms the password entered in the Password field. If what you enter in this field is different from what you entered in the Password field, you will be prompted to try again.
E-Mail address.Specifies the email address of the user.
Add new user to. Specifies the organizational unit where you want the new user to be placed. The default location is your directory's root point.
Create user. Adds the user to the LDAP database.
Create and edit user. Adds the user, and then proceeds to The Edit Users Page for the user you have just added.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Edit Users Page
The Edit Users page allows you to edit a user entry in the LDAP database. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility.For more information, see Managing Users.
There are three tabs at the top of the page that give you different sets of fields to edit:
General
The following elements are displayed:Given name (First Name). Specifies the users's given name or first name.
Surname (Last Name). Specifies the user's surname or last name.
Full names. Specifies the user's given name and surname.
Title. Specifies the job title of the user.
User ID. Specifies a unique user name for the user. The user ID generated by the gateway is the first initial of the user's first name followed by the user's last name. You can replace this user ID with an ID of your own choosing.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.
Note If you use the(ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.
E-Mail address. Specifies the email address of the user.
Phone number. Specifies the phone number of the user.
Save changes. Saves changes to the LDAP database.
Rename user. Renames the user entry (including the entry's distinguished name) in the LDAP database.
Delete user. Deletes the user from the LDAP database.
Password
The following elements are displayed:Password. Specifies the new password. This password is used for user entries by the various Netscape/iPlanet servers for user authentication
Password (again). Confirms the password entered in the Password field. If what you enter in this field is different from what you entered in the Password field, you will be prompted to try again.
Set password. Changes the password immediately.
Disable password. Disables the user's password by setting it to an invalid value.
License
This page is no longer used by iPlanet Web Server.
The Manage Users Page
The Manage Users page allows you to find user entries, change user attribute values, change the user's password, rename the user's entry, and delete the user's entry.For more information, see Managing Users.
The following elements are displayed:
Find user. Specifies a descriptive value for the entry that you want to edit. You can enter any of the following in the search field:
A name. Specifies a full name or a partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sound like the search string are found.
Find all users whose. Allows you to build a custom search filter. Use this field to narrow down the search results returned by Find User field. You can specify the following search criteria:A user ID. If you enter only a partial user ID, any entries that contain the string will be returned.
A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned.
An email address. Any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string.
An asterisk (*). Displays all the entries currently in your directory. You can achieve the same effect by simply leaving the field blank.
Any LDAP search filter. Treats any string that contains an equal sign (=) as a search filter (for example, ou=Network).
The left pull-down list allows you to specify the attribute on which the search will be based. You can choose from the following options:
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory's root point (or topmost entry).
full name. Searches each entry's full name for a match.
In the center pull-down list, select the type of search you want to perform. You can choose from the following options:last name. Searches each entry's last name, or surname for a match.
user id. Searches each entry's user id for a match.
phone number. Searches each entry's phone number for a match.
email address. Searches each entry's email address for a match.
contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a user's name probably contains the word "Steve", use this option with the search string "Steve" to find the user's entry.
In the right text field, enter your search string. To display all the user's entries contained in the directory specified in the Look within field, enter either an asterisk (*) or leave this field blank.is. Causes an exact match to be found. This option specifies an equality search. Use this option when you know the exact value of a user's attribute. For example, if you know the exact spelling of the user's name, use this option.
isn't. Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the users in the directory whose name is not "Babs Jensen," use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a user's name is spelled "Sarret", "Sarette", or "Sarett", use this option.
starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a user's name starts with "Mike", but you do not know the rest of the name, use this option.
ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a user's name ends with "Anderson", but you do not know the rest of the name, use this option.
Format. Specifies whether the search results are formatted for display on screen or for printing to a printer.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The New Group Page
The New Group page allows you to create a group entry within the directory server.For more information, see Creating Groups.
The following elements are displayed:
Type of group. Specifies whether the group is static or dynamic. Dynamic groups are generated dynamically based upon LDAP attributes and filters. Dynamic groups can slow your group lookups.
Group name. Specifies the group name.
Description. Specifies a description of the group.
Add new group to. Specifies the directory to which you are adding the group. The default location is your directory's root point.
Create group. Adds the group to the LDAP database.
Create and edit group. Adds the group, and then proceeds to The Edit Groups Page for the group you have just added.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Edit Groups Page
The Edit Groups page allows you to edit a group entry. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility.For more information, see Managing Groups.
The following elements are displayed:
Group name. Specifies the group you want to edit.
Description. Specifies a description of the group.
Group members. Lists the members of the group. Click Edit to add, modify, or delete members in the group.
Group cert members. Specifies the members of the group certificate. Click Add to add members to the group certificate.
Owner. Specifies the owner of the group. Click Edit to add, modify, or delete the group owner.
See also. References other directory entries that may be relevant to the current group. See Also allows users to easily find entries for people and other groups that are related to the current group. Click Edit to add, modify, or delete See Also references.
Save changes. Saves the changes to the LDAP directory.
Rename group. Renames the group in the LDAP directory.
Delete group. Deletes the group from the LDAP directory.
The Edit Members Page
The Edit Members page allows you to add, edit, or delete users or groups in a group or organization. You can add or delete members individually, or by using searches.For more information on groups, see Managing Groups.
For more information or organizations, see Creating Organizational Units.
The following elements are displayed:
Find. Specifies whether you are searching for users or groups.
Matching. Specifies the string or character to search for in the user or the group name.
Find and add. Finds the user or group in the LDAP database and adds them to the group.
Find and remove. Finds the user or group in the LDAP database and deletes the user or group from the group.
Remove from list. Click the checkbox next to the name of the member user or group you want to remove from the list of members.
Save changes. Saves the changes to the LDAP directory.
Cancel. Erases your changes and returns to previous page.
The Group Cert Members Page
The Group Cert Members Page allows you to specify the information necessary to request a certificate from a commercial or an internal certificate authority (CA).The following elements are displayed:
Common name. Specifies the fully qualified hostname used in DNS lookups (for example, www.iplanet.com). This is the hostname in the URL that a browser uses to connect to your site. It's important that these two names are the same, otherwise a client is notified that the certificate name does not match the site name, which will make people doubt the authenticity of your certificate. However, some CAs might require different information, so it's important to contact them.
Email address. Specifies the business email address used for correspondence between the business and the CA.
Organization. Specifies the official, legal name of the company, educational institution, partnership, and so on. Most CAs require that you verify this information with legal documents (such as a copy of a business license).
Organization unit(s). Describes an organization within your company. This can also be used to specify a less formal company name (without the Inc., Corp., and so on).
Locality. Specifies the city, principality, or country for the organization.
State or province. Specifies the state or province in which the organization is located. Most CAs require the full name, not abbreviations.
Country. Specifies the country in which the organization is located. Most CAs require the two-letter country code (for example, US for United States of America).
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Groups Page
The Manage Groups page allows you to manage group memberships. You can find groups, change group attributes, add and delete owners of the group, add and delete members of the group, rename the group, delete the group, and change the group's description.The following elements are displayed:
Find group. Specifies the name of the group that you want to find. You can enter any of the following in the search field:
A name. A full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
Find all groups whose. Allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find Groups. You can specify the following search criteria:An asterisk (*). The groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank.
Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
The left pull-down list allows you to specify the attribute on which the search is based. You can choose from the following options:
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory's root point, or top-most entry.
name. Searches each entry's full name for a match.
In the middle pull-down list, select the type of search you want to perform. You can choose from the following options:description. Searches each group entry's description for a match.
contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a group's name probably contains the word "Administrator", use this option with the search string "Administrator" to find the group entry.
In the right text field, enter your search string. To display all the group entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this field blank.is. Causes an exact match to be found. Use this option when you know the exact value of a group's attribute. For example, if you know the exact spelling of the group's name, use this option.
isn't. Returns all the entries whose attribute value does not exactly match the search string. If you want to find all the groups in the directory whose name does not contain "administrator", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a group's name is spelled "Sarret's list", "Sarette's list", or "Sarett's list", use this option.
starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a group's name starts with "Product", but you do not know the rest of the name, use this option.
ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a group's name ends with "development", but you do not know the rest of the name, use this option.
Format. Specifies whether the output is formatted for display on screen or for printing to a printer.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The New Organizational Unit Page
Organizational units are subdivisions within your company that are use the organizationalUnit object class. The New Organizational Unit page allows you to create a new organizational unit in the directory server.For more information, see Creating Organizational Units.
The following items are displayed:
Unit name. Specifies the name of the organizational unit.
Description. Specifies a description of the organizational unit.
Add organizational unit to. Specifies the parent organizational unit under which this new organizational unit will reside.
Create organizational unit. Adds the organizational unit to the LDAP database.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Organizational Units Page
The Manage Organizational Units page allows you to manage the company's organizational units.For more information, see Managing Organizational Units.
The following elements are displayed:
Find organizational unit. Specifies the name of the organizational unit that you want to find. You can enter any of the following in the search field:
A name. A full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
Find all units whose. Allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find Organizational Unit. You can specify the following search criteria:An asterisk (*). All the groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank.
Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
The left pull-down list allows you to specify the attribute on which the search is based. You can choose from the following options:
Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory's root point, or top-most entry.
full name. Searches each entry's full name for a match.
In the middle pull-down list, select the type of search you want to perform. You can choose from the following options:description. Searches each organizational unit entry's description for a match.
contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an organizational unit's name probably contains the word "Administrator", use this option with the search string "Administrator" to find the organizational unit entry.
In the right text field, enter your search string. To display all the organizational unit entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this field blank.is. Causes an exact match to be found. Use this option when you know the exact value of an organizational unit's attribute. For example, if you know the exact spelling of the organizational unit's name, use this option.
isn't. Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the organizational units in the directory whose name does not contain "administrator", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a organizational unit's name is spelled "Sarret's list", "Sarette's list", or "Sarett's list", use this option.
starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know an organizational unit's name starts with "Product", but you do not know the rest of the name, use this option.
ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know an organizational unit's name ends with "development", but you do not know the rest of the name, use this option.
Format. Specifies whether the search results are formatted for display on screen or for printing to a printer.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Edit Organizational Unit Page
The Edit Organizational Unit page allows you to add, edit, or remove an organizational unit.For more information, see Managing Organizational Units.
The following elements are displayed:
Unit name. Specifies the name of the organizational unit.
Description. Specifies a description of the unit.
Phone. Specifies the phone number of the organizational unit.
Fax. Specifies a fax number of the organizational unit.
Mailing address. Specifies the mailing address of the organizational unit.
Save changes. Saves the changes made on this page.
Rename. Renames the organizational unit in the LDAP database.
Delete. Deletes the organizational unit from the LDAP database.
OK. Saves your entries. You must restart the server in order for your changes to take effect.
Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.
The Manage Preferred Language List Page
The Manage Language Selection List page allows you to specify the languages supported in the LDAP server.For more information, see Managing a Preferred Language List.
The following elements are displayed:
Display language selection list. Specifies whether the languages selected in the language selection list will be displayed upon saving your changes on this page.
Languages in the selection list. Displays all the available languages. Click "Add to list" to add the language to your language selection list. Click "Default value" to designate one language as the default language.
Save changes. Saves your entries. You must restart the server in order for your changes to take effect.
Previous Contents Index DocHome Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated May 10, 2001