When you add user entries to an LDAP-based directory service, the services of an underlying LDAP-based directory server are used to authenticate and authorize users. This section provides certain guidelines you need to consider while using an LDAP-based authentication database and describes how you can add users through the Administration Server.
Consider the following guidelines when using the administrator forms to create new user entries in an LDAP-based directory service:
If you enter a given name (or first name) and a surname, then the form automatically populates the user’s full name and user ID for you. The user ID is generated as the first initial of the user’s first name followed by the user’s last name. For example, if the user’s name is Billie Holiday, then the user ID is automatically set to bholiday. You can replace this user ID with an ID of your own choice.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use. Be aware, however, that if you use the Directory Server ldapmodify command line utility (if available) to create a user, that it does not ensure unique user IDs. If duplicate user IDs exist in your directory, the affected users will not be able to authenticate to the directory.
Note that the base DN specifies the distinguished name where directory lookups will occur by default, and where all Sun Java System Web Administration Server’s entries are placed in your directory tree. A “DN” is the string representation for the name of an entry in a directory server.
Note that at a minimum, you must specify the following user information when creating a new user entry:
surname or last name
full name
user ID
If any organizational units have been defined for your directory, you can specify where you want the new user to be placed by using the Add New User To list. The default location is your directory’s base DN (or root point).
The user edit text fields for international information differs between the Administration Server and the Sun Java System Web Server Administration Console. In the Sun Java System Web Server Administration Console, in addition to the untagged cn fields, there is a preferred language cn field which doesn’t exist in the Administration Server.
To create a user entry, read the guidelines outlined in Guidelines for Creating LDAP-based User Entries, then perform the following steps:
Access the Administration Server and choose the Users and Groups tab.
Click New User.
Select the LDAP directory service from the Select Directory Service drop-down list, and click Select.
Add the required information to the page that displays.
For more information see Directory Server User Entries.
Click Create User or Create and Edit User.
For more information, see the New User page in the online help.
The following user entry notes may be of interest to the directory administrator:
User entries use the inetOrgPerson, organizationalPerson, and person object classes.
By default, the distinguished name for users is of the form:
cn=full name, ou=organization, ...,o=base organization, c=country
For example, if a user entry for Billie Holiday is created within the organizational unit Marketing, and the directory’s base DN is o=Ace Industry, c=US, then the person’s DN is:
cn=Billie Holiday, ou=Marketing, o=Ace Industry, c=US
However, note that you can change this format to a uid-based distinguished name.
The values on the user form fields are stored as the following LDAP attributes (note that any stored information other than 'user’ and 'group’ requires a full Directory Server license):
User Field |
Corresponding LDAP Attribute |
---|---|
Given Name | |
Surname | |
Full Name | |
User ID | |
Password | |
Email Address |
The following fields are also available when editing the user entry:
Table 3–2 User Entry LDAP Attributes
User Field |
Corresponding LDAP Attribute |
---|---|
Title | |
Telephone |
Sometimes a user’s name can be more accurately represented in characters of a language other than the default language. You can select your preferred language so that their names will be displayed in the characters of selected language, even if the default language is English. For more information regarding setting a user’s preferred language, see the Manage Users page in the online help.