Sun ONE Web Server User Interface

Select Directory Service. Allows you to select the directory service to which you want to add the user.

Select. Displays user elements corresponding to the type of directory service selected:

LDAP Server. If the directory service is of type LDAP Server, the following elements are displayed:

Given Name. Specifies the users’s given name or first name.

Surname. (Required) Specifies the user’s surname or last name.

Full name. (Required) Specifies the user’s given name and surname. If you entered a given name and a surname, this field is automatically filled in.

User ID. (Required) Specifies a unique user name for the user. The user ID is generated as the first initial of the user’s first name followed by the user’s last name. You can replace this user ID with an ID of your own choosing. If you entered a given name and a surname, this field is automatically filled in.

The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.



Note	If you use the ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.

Password. Specifies the password for the user.

Password (Again). Confirms the password entered in the Password field. If what you enter in this field is different from what you entered in the Password field, you will be prompted to try again.

E-Mail Address. Specifies the email address of the user.

Add New User To. Specifies the organizational unit where you want the new user to be placed. The default location is your directory’s root point.

Create User. Adds the user.

Create and Edit User. Adds the user to the LDAP database and proceeds to the The Edit Users Page to allow you to edit the user entry in the LDAP database.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Key File. If the directory service is of type Key File, the following elements are displayed:

User ID. (Required) Specifies a unique user name for the user.

Password. Specifies the password for the user.

Password (Again). Confirms the password entered in the Password field.

Groups. Specifies a comma-separated list of groups of which the user is a member.

Create User. Adds the user.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

Digest File. If the directory service is of type Digest File, the following elements are displayed:

User ID. (Required) Specifies a unique user name for the user.

Realm. Specifies the realm that will authenticate this user.

Password. Specifies the password for the user.

Password (Again). Confirms the password entered in the Password field.

Groups. Specifies a comma-separated list of groups of which the user is a member.

Create User. Adds the user.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

The Edit Users Page

This page pertains to LDAP services only and allows you to edit a user entry in the LDAP database. You can change user attribute values, change the user’s password, rename the user’s entry, and delete the user’s entry. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility.

There are two tabs at the top of the page that give you different sets of fields to edit:

General

User ID. Specifies a unique user name for the user. The user ID generated by the gateway is the first initial of the user’s first name followed by the user’s last name. You can replace this user ID with an ID of your own choosing.

The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.


Note	If you use the ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.

Rename User. Renames the user entry (including the entry’s distinguished name) in the LDAP database.

Password

New password. Specifies the new password. This password is used for user entries by the various Netscape/Sun ONE servers for user authentication

New password (again). Confirms the password entered in the New password field. If what you enter in this field is different from what you entered in the New password field, you will be prompted to try again.

Disable Password. Disables the user’s password by setting it to an invalid value.

The Manage Users Page

The Manage Users page allows you to edit user information and attributes. For an LDAP database, the page provides search fields that allow you to find user entries.

Select Directory Service. Allows you to select the directory service with the user(s) you want to manage.

Select. Displays the user elements corresponding to the type of directory service selected.

For more information about finding and managing users, see Managing Users. For more information about the specific fields on the form used to edit user information, see The Edit Users Page.

Find user. Specifies a descriptive value for the entry that you want to edit. You can enter any of the following in the search field:

A name. Specifies a full name or a partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sound like the search string are found.

A user ID. If you enter only a partial user ID, any entries that contain the string will be returned.

A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned.

An email address. Any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string.

An asterisk (*). Displays all the entries currently in your directory. You can achieve the same effect by simply leaving the field blank.

Any LDAP search filter. Treats any string that contains an equal sign (=) as a search filter (for example, ou=Network).

Find. Launches the search. A list of users matching the search criteria is displayed. Click an entry and then change user information as desired on the resulting edit page. For more information about the specific fields, see The Edit Users Page.

Find all users whose. Allows you to build a custom search filter. Use this field to narrow down the search results returned by Find user field. You can specify the following search criteria:

The left drop-down list allows you to specify the attribute on which the search will be based. You can choose from the following options:

full name. Searches each entry’s full name for a match.

last name. Searches each entry’s last name, or surname for a match.

user id. Searches each entry’s user id for a match.

phone number. Searches each entry’s phone number for a match.

email address. Searches each entry’s email address for a match.

In the center drop-down list, select the type of search you want to perform. You can choose from the following options:

contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a user’s name probably contains the word “Steve,” use this option with the search string “Steve” to find the user’s entry.

is. Causes an exact match to be found. This option specifies an equality search. Use this option when you know the exact value of a user’s attribute. For example, if you know the exact spelling of the user’s name, use this option.

isn’t. Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the users in the directory whose name is not “Babs Jensen,” use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.

sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but you are unsure of the spelling. For example, if you are not sure if a user’s name is spelled “Sarret,” “Sarette,” or “Sarett,” use this option.

starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a user’s name starts with “Mike,” but you do not know the rest of the name, use this option.

ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a user’s name ends with “Anderson,” but you do not know the rest of the name, use this option.

In the right text field, enter your search string. To display all the user’s entries contained in the directory specified in the Look within field, enter either an asterisk (*) or leave this field blank.

Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory’s root point (or topmost entry).

Format. Specifies whether the search results are formatted for display on screen or for printing to a printer.

Find. Launches the search. If multiple users match the search criteria, a list of users is displayed. Click a name in the list and then change user information as desired on the resulting edit page. For more information about the edit page, see The Edit Users Page.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

Help. Displays online help.

User ID. (Required) Specifies a unique user name for the user.

Password. Specifies the password for the user.

Password (Again). Confirms the password entered in the Password field.

Groups. Specifies a comma-separated list of groups of which the user is a member.

Change User. Changes the user information.

Remove User. Removes the user from the directory service.

Help. Displays online help.

User ID. (Required) Specifies a unique user name for the user.

Realm. Specifies the realm that will authenticate this user.

Password. Specifies the password for the user.

Password (Again). Confirms the password entered in the Password field.

Groups. Specifies a comma-separated list of groups of which the user is a member.

Change User. Changes the user information.

Remove User. Removes the user from the directory service.

Help. Displays online help.

The New Group Page

The New Group page pertains to LDAP services only and allows you to create a group entry within the directory server.

Type of Group. Specifies whether the group is static or dynamic. Dynamic groups are generated dynamically based upon LDAP attributes and filters. Dynamic groups can slow your group lookups.

Add New Group To. Specifies the directory to which you are adding the group. The default location is your directory’s root point.

Create and Edit Group. Adds the group, and then proceeds to The Edit Groups Page for the group you have just added.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The Edit Groups Page

The Edit Groups page pertains to LDAP services only and allows you to edit a group entry. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility.

Group Members. Lists the members of the group. Click Edit to add, modify, or delete members in the group.

Group Cert Members. Specifies the members of the group certificate. Click Add to add members to the group certificate.

Owner. Specifies the owner of the group. Click Edit to add, modify, or delete the group owner.

See Also. References other directory entries that may be relevant to the current group. See Also allows users to easily find entries for people and other groups that are related to the current group. Click Edit to add, modify, or delete See Also references.

The Edit Members Page

The Edit Members page pertains to LDAP services only and allows you to add, edit, or delete users or groups in a group or organization. You can add or delete members individually, or by using searches.

Remove from List? Click the checkbox next to the name of the member user or group you want to remove from the list of members.

matching. Specifies the string or character to search for in the user or the group name.

Find and Add. Finds the user or group in the LDAP database and adds them to the group.

Find and Remove. Finds the user or group in the LDAP database and deletes the user or group from the group.

The Group Cert Members Page

The Group Cert Members Page pertains to LDAP services only and allows you to specify the information necessary to request a certificate from a commercial or an internal certificate authority (CA).

Common name. Specifies the fully qualified hostname used in DNS lookups (for example, www.sun.com). This is the hostname in the URL that a browser uses to connect to your site. It’s important that these two names are the same, otherwise a client is notified that the certificate name does not match the site name, which will make people doubt the authenticity of your certificate. However, some CAs might require different information, so it’s important to contact them.

Email Address. Specifies the business email address used for correspondence between the business and the CA.

Organization. Specifies the official, legal name of the company, educational institution, partnership, and so on. Most CAs require that you verify this information with legal documents (such as a copy of a business license).

Organization Unit(s). Describes an organization within your company. This can also be used to specify a less formal company name (without the Inc., Corp., and so on).

Locality. Specifies the city, principality, or country for the organization.

State or Province. Specifies the state or province in which the organization is located. Most CAs require the full name, not abbreviations.

Country. Specifies the country in which the organization is located. Most CAs require the two-letter country code (for example, US for United States of America).

The Manage Groups Page

The Manage Groups page pertains to LDAP services only and allows you to manage group memberships. You can find groups, change group attributes, add and delete owners of the group, add and delete members of the group, rename the group, delete the group, and change the group’s description.

Find group. Specifies the name of the group that you want to find. You can enter any of the following in the search field:

Find all groups whose. Allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find Groups. You can specify the following search criteria:

The left drop-down list allows you to specify the attribute on which the search is based. You can choose from the following options:

name. Searches each entry’s full name for a match.

description. Searches each group entry’s description for a match.

In the middle drop-down list, select the type of search you want to perform. You can choose from the following options:

contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a group’s name probably contains the word “Administrator,” use this option with the search string “Administrator” to find the group entry.

is. Causes an exact match to be found. Use this option when you know the exact value of a group’s attribute. For example, if you know the exact spelling of the group’s name, use this option.

isn’t. Returns all the entries whose attribute value does not exactly match the search string. If you want to find all the groups in the directory whose name does not contain “administrator,” use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.

sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but you are unsure of the spelling. For example, if you are not sure if a group’s name is spelled “Sarret’s list,” “Sarette’s list,” or “Sarett’s list,” use this option.

starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a group’s name starts with “Product,” but you do not know the rest of the name, use this option.

ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a group’s name ends with “development,” but you do not know the rest of the name, use this option.

In the right text field, enter your search string. To display all the group entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this field blank.

Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory’s root point, or top-most entry.

Format. Specifies whether the output is formatted for display on screen or for printing to a printer.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The New Organizational Unit Page

Organizational units are subdivisions within your company that use the organizationalUnit object class. The New Organizational Unit page pertains to LDAP services only and allows you to create a new organizational unit in the directory server.

Add Organizational Unit To. Specifies the parent organizational unit under which this new organizational unit will reside.

Create Organizational Unit. Adds the organizational unit to the LDAP database.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The Manage Organizational Units Page

The Manage Organizational Units page pertains to LDAP services only and allows you to manage the company’s organizational units.

Find organizational unit. Specifies the name of the organizational unit that you want to find. You can enter any of the following in the search field:

Find all units whose. Allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find Organizational Unit. You can specify the following search criteria:

The left drop-down list allows you to specify the attribute on which the search is based. You can choose from the following options:

unit name. Searches each entry’s full name for a match.

description. Searches each organizational unit entry’s description for a match.

In the middle drop-down list, select the type of search you want to perform. You can choose from the following options:

contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an organizational unit’s name probably contains the word “Administrator,” use this option with the search string “Administrator” to find the organizational unit entry.

is. Causes an exact match to be found. Use this option when you know the exact value of an organizational unit’s attribute. For example, if you know the exact spelling of the organizational unit’s name, use this option.

isn’t. Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the organizational units in the directory whose name does not contain “administrator,” use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.

sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but you are unsure of the spelling. For example, if you are not sure if a organizational unit’s name is spelled “Sarret’s list,” “Sarette’s list,” or “Sarett’s list,” use this option.

starts with. Causes a sub-string search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know an organizational unit’s name starts with “Product,” but you do not know the rest of the name, use this option.

ends with. Causes a sub-string search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know an organizational unit’s name ends with “development,” but you do not know the rest of the name, use this option.

In the right text field, enter your search string. To display all the organizational unit entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this field blank.

Look within. Specifies the organizational unit under which you want to search for entries. The default is the directory’s root point, or top-most entry.

Format. Specifies whether the search results are formatted for display on screen or for printing to a printer.

Reset. Erases your changes and resets the elements in the page to the values they contained before your changes.

The Edit Organizational Unit Page

The Edit Organizational Unit page pertains to LDAP services only and allows you to add, edit, or remove an organizational unit.

The Users and Groups Tab

The New User Page

The Edit Users Page

General

Password

The Manage Users Page

The New Group Page

The Edit Groups Page

The Edit Members Page

The Group Cert Members Page

The Manage Groups Page

The New Organizational Unit Page

The Manage Organizational Units Page

The Edit Organizational Unit Page