Sun Java System Calendar Server 6 2005Q1 Administration Guide |
Chapter 14
Administering Users and ResourcesThis chapter describes how to use the Calendar Server utilities to manage users and resources. This chapter contains the following sections:
Two User Management ToolsCalendar users and resources can be administered using either of the following user management tools:
See also the command-line utility reference in this guide, Appendix D, "Calendar Server Command-Line Utilities Reference".
Creating Users and ResourcesThis section provides the following information about managing new Calendar Server users and resources:
To Create New Users in Schema 2
Use the commadmin utility user create command. For example, to add user jdoe in the sesta.com domain:
commadmin user create -D calmaster -F John -n sesta.com -k hosted -l jdoe -w calmasterpassword -W jdoepassword -L Doe -S cal -B red.sesta.com -E jdoe@sesta.com
For details on all the available options for the commadmin utility, refer to the Sun Java System Communications Systems Delegated Administrator Guide.
To Create New Users For Schema 1
Use the csuser utility. For example, to add user jdoe in the sesta.com domain:
csuser -m email -d sesta.com create jdoe
To Create New Resources for Schema 2
User the commadmin utility rescource create command. For example, to add the conference room Conference_Room_100, whose owner is jdoe, use the following command:
commadmin resource create -D calmaster -w calmasterpassword -n sesta.com -o jdoe -c room100 -N Conference_Room_100
To Create New Resources for Schema 1
Use the csresource utility. For example, to add a projector, P101, use the following command:
csresource -c p101 create P101
To Add the Required mail Attribute
Calendar Server requires users and resources to have the mail attribute. This enables people to search for calendars and resources using an email address or a calid. When you create new users with the Delegated Administrator utility (commadmin), it adds the mail attribute automatically.
However, if your users and resources were added in an earlier version of Calendar Server (when the mail attribute was not required), you may have to add the mail attribute to your existing user and resource entries.
This section covers the following procedures:
To Check if the mail Attribute Has Been Set
To check if the attribute has been set, use the csattribute list command with the -v (verbose) option:
csattribute -v list Room100
The output tells if the mail attribute is present:
cn=Room 100,ou=conferenceRooms,dc=sesta,dc=com has mail: Room100@sesta.com
To Add the Mail Attribute to Existing Schema 1 Users and Resources
To add the mail attribute to existing Schema 1 users and resources, use the Calendar Server csattribute utility. You can also add the attribute directly to the LDAP entry using ldapmodify.
The following example adds the LDAP mail attribute for an existing conference room named “Room100” on the sesta.com server:
csattribute -a mail=Room100@sesta.com add Room100
Administering UsersAfter your users are created, use the csuser utility to perform the following administrative tasks:
To Display User Information
To list all calendar users or to display the calendar attributes of a specified user, use the csuser utility list command.
For example, to display all users enabled for calendaring:
csuser list
To display all of the calendar attributes of a single user such as jsmith:
csuser -v list jsmith
To Disable a User
To prevent a user from logging into Calendar Server, use one of the two user management utilities:
- commadmin user delete (Delegated Administrator Utility)
- csuser disable (Calendar Server utilities)
commadmin user delete
To prevent a user from accessing calendar services, remove the service from the user’s LDAP entry, as shown in the example that follows:
commadmin user delete jsmith -S cal
csuser disable
The disable command prohibits a user from accessing calendar data, but it does not remove the user’s information from the LDAP entry or the Calendar Server database.
For example, to disable jsmith from accessing Calendar Server:
csuser disable jsmith
If jsmith is currently logged into Calendar Server, jsmith retains access to calendar data until he logs off.
To Enable a User
To enable a user, use one of the following utilities:
- commadmin user create(for Schema 2)
- csuser enable (for Schema 1).
commadmin user create
When creating a user, enable the user for calendar services, as illustrated in the example that follows:
commadmin user create jsmith -S cal
If you did not enable the user for calendar services when the user was created, you can add calendar services to the user later, using a modify command, as illustrated in the following example:
commadmin user modify jsmith -S cal
csuser enable
If you used csuser create when you created the user entry, the user is automatically enabled.
If a user sends a request to another user who has not been enabled for calendaring (that is, the user does not have a default calendar), Calendar Server returns the “Calendar not found” error to the user sending the request.
To Set Up Email Aliases
If you need to setup email aliases for a calendar user, use the LDAP mailalternateaddress attribute. The LDAP mail attribute provides the primary mail address, and the LDAP mailalternateaddress attribute is used for email aliases. Both attributes map the mail addresses to the user’s calendar ID (calid).
For example, to add the mailalternateaddress attribute for a user named John Smith with these values:
Use these Calendar Server utility commands:
csattribute -a mailalternateaddress=johns@sesta.com add johnsmith
csattribute -a mailalternateaddress=jsmith@sesta.com add johnsmith
To Check if a User is Enabled for Calendaring
To determine if a specific user exists in your directory server and is enabled to access Calendar Server data, use the csuser utility check command.
For example, to check if jsmith is enabled for calendaring:
csuser check jsmith
If the check command indicates that a user does not exist in your LDAP directory server, you must create a directory server entry for the user.
To Delete a User
To delete a user, use one of the following utilities:
- commadmin user delete(Delegated Administrator Utility for Schema 2)
- csuser delete (for Schema 1).
commadmin user delete
To completely delete a user using the Delegated Administrator Utility, commadmin, you must perform three steps:
- Mark a user entry for deletion, which changes the user’s icsStatus attribute to deleted, as shown in the following example:
commadmin user delete -D chris -n siroe.com -w bolton -l jsmith
In this example, the user jsmith is marked for deletion. There is no undelete command. However, you can reset the icsStatus attribute to active by directly changing the user’s LDAP entry (using ldapmodify).
- Use csclean to remove all calendars belonging to all deleted users in one or all domains, as shown in the following example:
csclean clean sesta.com
In this example, all calendars belonging to all deleted users in the sesta.com domain will be removed. To perform this function for all domains, use the following command:
csclean clean “*”
If you inadvertently run purge (shown in Step 3) before deleting the calendars for a user, you can use the cscal utility to remove the calendars, as described in To Remove All Calendars of a User Deleted with csuser.
- Purge the domain of all users with an icsStatus of deleted, as shown in the following example:
commadmin domain purge -D chris -d sesta.com -n siroe.com -w bolton
In this example, all users in sesta.com that are marked as deleted will be purged, that is, permanently removed.
csuser delete
This utility removes the specified user’s LDAP entry and the user’s default calendar. For example, to delete the LDAP entry and the default calendar for user jsmith use the following command:
csuser delete jsmith
If you wish to remove any other calendars the user might have, you must use cscal as described in To Remove All Calendars of a User Deleted with csuser.
Caution
There is no undelete command. You can only recover the LDAP server information if you have specifically backed it up.
To Reset a User’s Attributes
To restore the default settings of all calendar LDAP attributes for a specific user, use the csuser utility reset command.
For example, to reset all calendar attributes of jsmith to the default configuration settings:
csuser reset jsmith
To Rename a User
If one or more user IDs need to be changed, run the csrename utility. This utility performs the following steps:
For instructions on how to run the csrename utility, see Appendix D, "Calendar Server Command-Line Utilities Reference".
To Disable Users from Having Publicly Writable Calendars
- Log in as an administrator with permission to change the configuration.
- Change to the /etc/opt/SUNWics5/cal/config directory.
- Save your old ics.conf file by copying and renaming it.
- Edit the following ics.conf parameter as shown in Table 14-1 :
- Save the file as ics.conf.
- Restart Calendar Server.
cal_svr_base/SUNWics5/cal/sbin/start-cal
Managing ResourcesAfter your resources are added, you can administer them using csresource:
To List Resources
To Enable Resources
To Disable Resources
To Delete Resources
To Set Up a Bitbucket Channel for Resource Email
This section contains directions for setting up a bitbucket channel for both Messaging Server and Sendmail. The bitbucket channel is a way to discard the email generated for resource calendars. These examples use a resource named “Room100” on the sesta.com server. If you don’t set up the bitbucket channel (or equivalent), you will need to periodically delete the email messages sent to the resource calendar.
This section contains the following procedures:
To Set up the Messaging Server Bitbucket Channel
To Set up a Sendmail Bitbucket Channel
Managing User and Resource LDAP AttributesManage LDAP attributes used by Calendar Server, with the csattribute utility, or ldapmodify. Attributes can be listed, added, or deleted with csattribute. To modify an attribute, use ldapmodify. This section contains the following topics:
To List LDAP Entry Attributes
- Log in as the user or group under which Calendar Server is running (such as icsuser and icsgroup) that was specified during installation, or as root
- Change to the sbin directory.
- Use the csattribute list command to list the attributes for a user or a resource. For example, to list the attributes for tchang@sesta.com:, issue the following command:
./csattribute -t user -d sesta.com list tchang
To Add an LDAP Entry Attribute
- Log in as the user or group under which Calendar Server is running (such as icsuser and icsgroup) that was specified during installation, or as root
- If you want this attribute change to be recognized immediately, stop Calendar Server. Otherwise, you do not have to stop Calendar Server.
- Change to the sbin directory.
- Use the csattribute add command to add an attribute to a user or a resource. For example, to add the LDAP attribute icsCalendar with the value Conference_Schedule to the user tchang:
./csattribute -a icsCalendar=Conference_Schedule add tchang@sesta.com
To Delete an LDAP Entry Attribute
- Log in as the user or group under which Calendar Server is running (such as icsuser and icsgroup) that was specified during installation, or as root
- If you want this attribute change to be recognized immediately, stop Calendar Server. Otherwise, you do not have to stop Calendar Server.
- Change to the sbin directory.
- Use the csattribute delete command to delete an attribute from a user or a resource. For example, to delete the LDAP attribute icsCalendar with the value Conference_Schedule from the user tchang:
./csattribute -a icsCalendar=Conference_Schedule -t user -d sesta.com delete tchang
To Modify an LDAP Entry Attribute
To modify an LDAP entry attribute, use ldapmodify. For example, to change the status of user with uid=tchang, use ldapmodify as shown:
dn:uid=tchang,ou=people,o=sesta.com
changetype: modify
add: objectclass
objectClass: icsCalendarUser
add: icsStatus
icsStatus: active
Note
If your site is using the LDAP CLD plug-in, do not attempt to move a user’s calendars from one back-end host to another by changing the value of icsDWPHost, using csattribute. Modifying icsDWPHost does not cause the calendar to be moved to the new back-end host. For instruction on how to move a calendar from one back-end server to another, see To Move a User Calendar to a Different Back-End Server.