Chapter 4 User and Group Administration Netscape Console provides you access to a consolidated, networkwide repository for application data about user accounts, group lists, access privileges, and other security information. Use Netscape Console to create or locate and manage records for users and groups on any node in your enterprise. This chapter contains the following sections:
Netscape Console provides you access to a consolidated, networkwide repository for application data about user accounts, group lists, access privileges, and other security information. Use Netscape Console to create or locate and manage records for users and groups on any node in your enterprise.
Interacting with the Directory Server
End users can modify, but not create, a user entry.
Modifying Existing Directory Entries
Tracking User Licenses
create or modify directory entries
set up access controls
set up user accounts for applications such as mail or publishing.
Figure 4.1 The Users and Groups area of Netscape Console.
In Netscape Console, click Users and Groups.
In the Search field, enter a user or group name that can be found in the user directory.
(Optional) To specify more focused search criteria, click Advanced. In the Advanced Search dialog box, use the pull-down menus to first choose an attribute, then a search operator.
.
Click Search. Results are displayed in the list box.
Click Directory.
In the Change Directory dialog box, provide user directory information:
User Directory Host. Enter the fully qualified host name where the user directory is installed.
User Directory Port. Enter the port number you want to use to connect to the user directory.
User Directory Subtree. Use the form o=airius.com to indicate where to find the user directory.
Bind DN. Enter the distinguished name of a user authorized to change entries in the user directory.
Bind Password. Enter the password of the user directory administrator.
Click OK.
Open a browser, then enter the qualified host name and port number for the Administration Server you want to access. Example: Venus.Airius.com:389
In the Administration page, click Edit User Profile. Figure 4.2 End users can modify, but not create, a user entry.
Figure 4.2 End users can modify, but not create, a user entry.
Organizational Units An organizational unit can include a number of groups, and it usually represents a division, department, or other discrete business group. A DN can be in more than one organizational unit (ou).
Use the drop-down list to choose New Organizational Unit, then click Create.
In the Select Organizational Unit window, select the directory subtree (ou) to which the organizational unit will belong, then click OK.
In the Create Organizational Unit dialog box, enter organizational unit information.
Name. Enter the name of the organizational unit.
Description. Enter a description of the organizational unit that's meaningful to you.
Phone. Enter a phone number where one can reach a contact (such as an administrative assistant) for the organizational unit.
Fax. Enter a fax number where one can reach a contact (such as an administrative assistant) for the organizational unit.
Alias. Enter another name, such as a nickname or acronym, that you might use in place of the Name entered above.
Use the drop-down list to choose New Group, then click Create.
In the Select Organizational Unit window, select the directory subtree (ou) to which the group will belong, then click OK.
In the Create Group dialog box, enter group information, then click Members.
Group Name. Enter a name for the group.
Description. (Optional) Enter a description to help you identify this group.
If you only want to create the group now, and plan to add group members later, click OK and skip the rest of this procedure.
To immediately add members to the group, click Members and then continue to the next step.
In the Members dialog box, click Add or Edit as appropriate, then use the Search dialog box to locate a user you want to add to the Members User ID list. Repeat this step until all the users you want to add to the group are displayed in the Member User ID list.
In the Create Group dialog box, enter general group information, then click Members.
Click Dynamic Group, then click Add.
Use the Construct and Test LDAP URL dialog box to specify the criteria for including users in the dynamic group.
Enter an LDAP URL and skip to step 8, or click Construct to build a new URL and continue to the next step.
The LDAP URL will take the form:
ldap:///o=airius.com??sub?(department=marketing)
In the Construct LDAP URL dialog box, provide search criteria:
LDAP Server Host. Enter the fully qualified host name of the user directory you want to search. Example: <host>:<domain>
Port. Enter port number for the Directory Server that contains the specified user directory.
Base DN. Enter the base DN for from which to begin the search. Example: ou=Marketing, o=Klondike Corp, c=US
Search. Indicate the user directory subtree you want to search against.
for. Indicate whether you want to search users, groups, or both.
where. Use the pull-down menus to first choose an attribute, then a search operator. Choices are described in the table below. In the last input field, enter a search string, then click Search.
More. Provides additional fields for specifying more attributes against which to search.
(Optional) In the Construct and Test LDAP URL dialog box, to see a list of users and groups included in the dynamic group, click Test.
To accept the URL and add it to the list of dynamic group members, click OK.
Click Account, then select the accounts the group will use.
Description. (Optional) You can enter a description to help you identify this group.
Click Certificate Group, then click Add or Edit as appropriate.
In the Certificate Group dialog box, provide the following information:
Common Name. Enter the full name of the group. Example: cn=Database Administrators
Organization. Enter the name of the organization the group belongs to. Example: o=Operations Group
Mail. Enter the street address of the groups' business.
Country. Enter the country code for the group's business.
Locality. Enter the city name for the group's business.
State/Province. enter the state or province name for the group's business.
Unit. Enter the name of the unit within an organization that the group belongs to. Example: ou=IS Department
Click Account. Select the accounts the group will use.
Use the drop-down list to choose New User, then click Create.
In the Select Organizational Unit, select the directory subtree (ou) to which the user will belong, then click OK.
In the Create User window, enter user information.
First Name. Enter the user's full given name.
Last Name. Enter the user's full surname.
Full Name(s). This is equivalent to the common name (cn) in the directory and is automatically generated based on the First Name and Last Name entered above. You can edit this name as necessary.
User ID. When you enter a first and last name, the user ID is automatically generated. You can replace this user ID with one of your choosing. The userID must be unique from all other user ID's in the directory.
Password. (Optional) Enter the user's password.
Confirm Password. Enter the user's password again to confirm it.
E-Mail. (Optional) Enter the user's email address.
Phone. (Optional) Enter the user's telephone number.
Access Permissions Help. Provides information about setting access controls that apply to users and groups.
Click Licenses. Select the servers this user is licensed to use, then click OK.
Click Account. Select the accounts the user will use, than then click OK.
(Optional) Click Languages. Use the drop-down list to select the user's preferred language. Select (highlight) a language to see the Pronunciation field when appropriate.
(Optional) Enter language-related information:
First Name. Enter the user's given name.
Last Name. Enter the user's surname.
Full Name(s). Enter the user's name as it should appear on official documents.
Phone. Enter the user's telephone number.
Pronunciation. If the selected language is commonly represented phonetically, additional fields are displayed. Enter the phonetic representation for the user's first, last, and full names.
In the User and Group section of Netscape Console, use the Search function to locate the user or group.
Once the user or group name appears in the Search list, click it to select it, then click Edit.
Modify user or group information as necessary, then click OK.
In the User and Group section of Netscape Console, use the Search function to locate and highlight the user.
Click Change Password.
Enter password as prompted, then click OK.
New Password. Enter a password string. Alphanumeric characters, spaces, and punctuation marks are all acceptable.
Confirmed Password. Enter the password again to confirm. The changes take effect immediately.
In the User and Group section of Netscape Console, use the Search function to locate and highlight the user or group you want to delete.
Click Delete, and when prompted to confirm the deletion, click OK.
Go to Netscape Console.
From the File menu, choose License Tracking.
Select the servers you want to count licenses for, then click Refresh at the bottom of the dialog box.
locate existing users or groups
edit existing user or group data
change a user or group password
create a new user, group, or organizational unit
Search Users, Groups, and Organizational Units for. To locate a user, group, or organizational unit in the directory, enter a unique string that can be found in its directory entry. You can enter an asterisk (*) to see all the entries currently stored in your directory.
Users and Groups Search Directory. Displays the URL of the current user directory. When you perform a search, Netscape Console locates users and groups in this directory.
Directory. Displays dialog box for changing to a different user directory.
Search. Starts searching the selected user directory for the unique string you've entered.
Advanced. Displays input fields for focusing your search criteria.
Edit. Displays forms for modifying existing user or group entries.
Delete. Deletes the selected user or group entry.
Use the drop-down list to indicate whether you're creating a new user, group, or organizational unit.
Create. Displays dialog boxes for selecting an base organizational unit and creating a new user, group, or organizational unit.
LDAP Host. Enter the fully qualified host name where the user directory is installed.
LDAP Port. Enter the port number you want to use to connect to the user directory.
SSL Enabled. Mark this checkbox if the LDAP port is SSL enabled.
BaseDN . Use the form o=airius.com to indicate where to find the user directory.
User DN. Enter the distinguished name of a user authorized to change entries in the user directory.
Password. Enter the password of the user directory administrator.
New Password. Enter a password string. Alpha or numeric characters and spaces are all acceptable.
User ID. When you enter a first and last name, the user ID is automatically generated. You can replace this user ID with one of your choosing. The user ID must be unique from all other user ID's in the directory.
Telephone. (Optional) Enter the user's telephone number.
Fax. (Optional) Enter the user's fax number.
Access Permissions Help. Provides information on setting access controls that apply to users and groups.
Preference Languages. Use the drop-down list to select a user's preferred language.
Available Languages. Select a language from the list box when you want to enter a user's data using that language.
Telephone. Enter the user's telephone number.
Pronunciation. Additional fields display when the user's name can be represented phonetically in the selected language. Enter the phonetic representations for the user's first, last, and full names.
Appendix A, "Distinguished Name Attributes and Syntax,"
Add User. Displays the Search form. Use the Search form to locate and select the user you want to add to this group, and then click OK. The user is added to the group, and the change takes effect immediately.
Remove. Deletes the selected user from a group.
"Creating a New Static Group"
Add. Displays the Building Dynamic Query form for locating users who share a common attribute value.
Remove. Deletes the selected user from the specified dynamic group.
Edit. Displays the Building Dynamic Query form for changing the query that locates dynamic group members.
"Creating a Dynamic Group"
Enter or build a new URL for the User Directory you want to search. The LDAP URL will take the form
ldap:///o=mcom.com??sub?(department=marketing)
If you know the URL, then enter it and skip to Step 3.
If you want to construct a new URL, click Construct.
In the Construct LDAP URL dialog box, provide search criteria, and then click OK
LDAP Server Host. Enter the fully qualified host name of the user directory you want to search. Example: airius.mcom.com.
where. Use the pull-down menus to first choose an attribute, and then a search operator. Choices are described in the table below. In the last input field, enter a search string, and then click Search.
Add. Displays a dialog box for entering Certificate Group information.
Edit.
Displays a dialog box for modifying Certificate Group information..
Remove. Deletes the selected query from the list.
Mail. Enter the street address of the group's business.
Organizational Unit. Enter the name of the unit within an organization that the group belongs to. Example: ou=IS Department
Language. Click a language to select it.
Description. (Optional) Enter a description for the group.
Pronunciation-Group Name. (Optional) When appropriate, enter the phonetic equivalent of the group name.
Alias. Enter another name such as a nickname or acronym that you might use in place of the name you entered above.
Name. Enter a name for the organizational unit.
Description. (Optional) Enter a description for the organizational unit.
Phone. Enter a phone number for the organizational unit.
Fax. Enter a fax number for the organizational unit.
Alias. Enter another name, such as a nickname or acronym, that you might use in place of the name you entered above.
Pronunciation-Address. (Optional) When appropriate, enter the phonetic equivalent of the group address.
Search. Use the pull-down menu to indicate which part of the directory you want to search.
For. Enter a unique string that can be found in a directory entry.
Where. Use the pull-down menus to first choose an attribute, and then a search operator. Choices are described in the table below. In the last input field, enter a search string, and then click Search.
Advanced. this field displays when appropriate, and provides input fields for focusing your search criteria.
Previous
.
Use the drop-down list to indicate whether you're creating a new user, group, or organizational unit.