Managing Groups

For LDAP services, the Administration Server enables you to edit groups and manage group memberships from the Manage Group form. This section describes the following topics:

• Finding Group Entries

• Editing Group Attributes

• Adding Group Members

• Adding Groups to the Group Members List

• Removing Entries from the Group Members List

• Managing Owners

• Managing See Alsos

• Removing Groups

• Renaming Groups

Finding Group Entries

Before you can edit a group entry, first you must find and display the entry.

To find a group

1. Access the Administration Server and choose the Users and Groups tab.

2. Click Manage Groups.

3. Enter the name of the group that you want to find in the Find group field.

   You can enter any of the following values in the search field:

   • A name: Enter a full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.

     • An asterisk (*) to see all of the groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank.

     • Any LDAP search filter: Any string that contains an equal sign (=) is considered to be a search filter.

       As an alternative, use the drop-down menus in “Find all groups whose” to narrow the results of your search.

4. In the Look within field, select the organizational unit in which you want to search for entries.

   The default is the directory’s root point, or top-most entry.

5. In the Format field, choose either On-Screen or Printer.

6. Click Find.

   All the groups matching your search criteria are displayed.

7. In the resulting table, click the name of the entry that you want to edit.

The “Find all groups whose” Field

For LDAP services, the “Find all groups whose” field allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find groups.

To display all of the group entries contained in the Look within directory, enter either an asterisk (*) or simply leave this text field blank.

For more information regarding how to build a custom search filter, see Building Custom Search Queries.

Editing Group Attributes

To edit a group entry (LDAP services only)

1. Access the Administration Server and choose the Users and Groups tab.

2. Click Manage Groups.

3. Locate the group you want to edit, and type the desired changes.

   For more information regarding how to find specific entries, refer to the concepts outlined in Finding Group Entries.

   ---

   Note –

   You can change the Administration Server user from root to another user on the operating system to enable multiple users (belonging to the group) to edit/manage the configuration files. However,while on UNIX/Linux platforms, the installer can give “rw” permissions to a group for the configuration files, but on Windows platforms, the user must belong to the “Administrators” group.

   ---

   For more information about editing group attributes, see the Manage Groups page in the online help.

   ---

   Note –

   It is possible that you will want to change an attribute value that is not displayed by the group edit form. In this situation, use the Directory Server ldapmodify command line utility, if available.

   ---

Adding Group Members

To add members to a group (LDAP services only)

1. Access the Administration Server and choose the Users and Groups tab.

2. Click Manage Groups.

3. Locate the group you want to manage as described in Finding Group Entries, and click Edit under Group Members.

   Sun Java System Web Server displays a new form that enables you to search for entries. If you want to add user entries to the list, make sure Users are shown in the Find drop-down list. If you want to add group entries to the group, make sure Group is shown.

4. In the right-most text field, enter a search string. Enter any of the following options:

   • A name: Enter a full name or a partial name. All entries whose name matches the search string is returned. If no such entries are found, all entries that contain the search string are found. If no such entries are found, any entries that sounds like the search string are found.

   • A user ID: if you are searching for user entries.

   • A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number are returned.

   • An email address: Any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string.

   • Enter either an asterisk (*) or simply leave this text field blank to see all of the entries or groups currently residing in your directory.

   • Any LDAP search filter: Any string that contains an equal sign (=) is considered to be a search filter.

5. Click Find and Add to find all the matching entries and add them to the group.

   If the search returns any entries that you do not want add to the group, click the box in the Remove from list? column. You can also construct a search filter to match the entries you want remove and then click Find and Remove.

6. When the list of group members is complete, click Save Changes.

   The currently displayed entries are now members of the group.

   For more information about adding groups members, see the Edit Members page in the online help.

Adding Groups to the Group Members List

For LDAP services, you can add groups (instead of individual members) to the group’s members list. Doing so causes any users belonging to the included group to become a member of the receiving group. For example, if Neil Armstrong is a member of the Engineering Managers group, and you make the Engineering Managers group a member of the Engineering Personnel group, then Neil Armstrong is also a member of the Engineering Personnel group.

To add a group to the members list of another group, add the group as if it were a user entry. For more information, see Adding Group Members.

Removing Entries from the Group Members List

To delete an entry from the group members list (LDAP services only)

1. Access the Administration Server and choose the Users and Groups tab.

2. Click Manage Groups locate the group you want to manage as described in Finding Group Entries, and click Edit under Group Members.

3. For each member that you want to remove from the list, click the corresponding box under the Remove from list? column.

   Alternatively, you can construct a filter to find the entries you want to remove and click the Find and Remove button. For more information on creating a search filter, see Adding Group Members.

4. Click Save Changes. The entry(s) are deleted from the group members list.

Managing Owners

For LDAP services, you manage a group’s owners list the same way as you manage the group members list. The following table identifies which section to read for more information:

Table 3–6 Additional Information

Task You Want to Complete	Read Section
Add owners to the group	Adding Group Members..
Add groups to the owners list	Adding Groups to the Group Members List..
Remove entries from the owners list	Removing Entries from the Group Members List..

Managing See Alsos

“See alsos” are references to other directory entries that may be relevant to the current group. They allow users to easily find entries for people and other groups that are related to the current group.

You manage see alsos the same way as you manage the group members list. The following table shows you which section to read for more information:

Table 3–7 Additional Information

Task You Want to Complete	Read Section
Add users to see alsos	Adding Group Members..
Add groups to see alsos	Adding Groups to the Group Members List..
Remove entries from see alsos	Removing Entries from the Group Members List..

Removing Groups

To delete a group (LDAP services only)

1. Access the Administration Server and choose the Users and Groups tab.

2. Click Manage Groups locate the group you want to manage as described in Finding Group Entries, and click Delete Group.

   ---

   Note –

   The Administration Server does not remove the individual members of the group(s) you remove; only the group entry is removed.

   ---

Renaming Groups

To rename a group (LDAP services only)

1. Access the Administration Server and choose the Users and Groups tab.

2. Click the Manage Groups link and locate the group you want to manage as described in Finding Group Entries.

3. Click Rename Group and type the new group name in the resulting dialog box.

   When you rename a group entry, you only change the group’s name. You cannot use the Rename Group feature to move the entry from one organizational unit to another. For example, a business might have the following organizations:

   • organizational units for Marketing and Product Management

   • a group named Online Sales under the Marketing organizational unit

   In this example, you can rename the group from Online Sales to Internet Investments, but you cannot rename the entry such that Online Sales under the Marketing organizational unit becomes Online Sales under the Product Management organizational unit.