This chapter provides information about the Desktop Manager functionality and usage.
The following are some terms you should know in order to work with the Desktop Manager:
Configuration Repository: The organization and domain tree container, together with the profiles stored in it.
Domain: An element in the domain tree. Represents a realm in a computer network. May contain domains and hosts.
Element: A logical object to which configuration data can be assigned. Users, roles/groups, and organizations are examples of entities known to the Desktop Manager
LDAP: Lightweight Directory Access Protocol. LDAP is a directory service protocol that runs over TCP/IP. The details of LDAP are defined in RFC 1777 'The Lightweight Directory Access Protocol'.
Organization: An element in the organization tree. Represents an organization or a sub-organization, for example, “Call Center”. May contain organizations, users, or roles.
Profile: A named container for configuration settings. It is stored in a configuration repository and can be assigned to elements.
The configuration repository is the storage location for the configuration data that you need to configure your applications and where organizational hierarchy information is stored, along with profile and assignment data for each element. In the Configuration Repositories window, you can create new repositories, as well as work with and synchronize existing repositories.
The Configuration Repositories Window consists of a masthead and the Configuration Repositories list.
The masthead provides a number of general links. The upper part of the masthead contains the Utility Bar, which contains four links (from left to right):
The Console button opens the Java Web Console launch page.
The Version button opens a window that displays version information about the Desktop Manager.
The Log Out button logs you out of the Java Web Console, and thus the Configuration Manager, returning you to the Login page.
The Help button opens the online help pages.
The lower section of the masthead contains the product name, the server name, and the name of the administrator currently logged in.
The Configuration Repositories table consists of five columns:
The Selection column, which contains check boxes to select repositories
By selecting one or more repositories, the Remove, Rename, and Synchronize functions are enabled.
Selecting a repository disables the New button.
Name: contains the name of the repositories
The contents of the Name column are links. If you click on one of these links, the Configuration Repositories view is replaced by the Profile Editor page for the selected repository.
Type: can be one of three types, LDAP, file, or hybrid
LDAP: an LDAP repository reads the organizational structure (users, organization, hosts, domains, and so on) of the company from an LDAP server and reads/writes the configuration settings using that same LDAP server.
File: a file repository reads the organizational structure of the company from the file system, and reads/writes the configuration settings using that same file system.
Hybrid: a hybrid repository reads the organizational structure of the company from an LDAP server, and then read/writes the configuration settings into a file system.
Location of Organization Data: either a file, if a file repository, or LDAP URL, if an LDAP or hybrid repository. Designates the storage location of the organizational data.
Location of Profile Data: either a file, if a file repository, or LDAP URL, if an LDAP or hybrid repository. Designates the storage location of the configuration settings. A profile is a named collection of configuration settings that is assigned to users, organizations, hosts, and domains.
You can perform the following actions within the Configuration Repositories table:
New: creates a new configuration repository
Remove: removes an existing configuration repository
Rename: renames a configuration repository
Synchronize: synchronizes configuration repositories
This function is only enabled when one or two repositories are selected
A configuration repository is a place where organizational hierarchy information is stored, along with profile and assignment data for each element.
Click the New button in the Configuration Repositories table
The New Configuration Repository Wizard opens. The wizard is used to create a configuration repository for use with the Desktop Manager.
In the Repository Name field, type a name for the new configuration repository, and then click Next.
Select the repository type from the Repository Type list.
The wizard can be used to configure three types of repositories:
LDAP: The hierarchy is taken from LDAP, and all data is stored in LDAP.
File-Based: The hierarchy is taken from a file, and all data is stored in directories and files.
Hybrid: The hierarchy is taken from LDAP, but all data is stored in directories and files.
Click the Next button.
Enter the details of the LDAP server that you want to configure for this repository.
The Hostname and Port on which the server runs are required. You can also choose whether or not to connect to this server using SSL.
Note To connect to the server using SSL, the proper certifcate needs to be present in the Desktop Manager key store. This key store is located in /etc/opt/webconsole/keystore, and either the Certifcation Authority or the LDAP server certifcate needs to be present in that store. A certifcate can be added to that location by running the command:
keytool -import -file <certificate file> -keystore /etc/opt/webconsole/keystore |
The default password for that key store is changeit. The Java Web Console must be restarted using the smcwebserver restart command for the new certifcate to be recognized by the Desktop Manager.
Further steps are determined by the choices made in the preceding steps. Follow the instructions provided by the wizard.
The directory whose URL is provided for the creation of file-based or hybrid repositories must be owned by user noaccess, group noaccess, and have permissions 755 set. This results in read and write permissions for user noaccess, and read only permissions for all others.
Select the check box corresponding to the configuration repository that you want to remove.
Click the Remove button.
A confirmation dialog appears.
If you really want to remove the configuration repository, click the OK button in the confirmation dialog.
Select the check box corresponding to the configuration repository that you want to rename.
Click the Rename button.
A Rename dialog opens.
Type the new name of the configuration repository in the text field of the dialog, and click OK.
With the Desktop Manager you can manage multiple back ends in parallel. This allows you to define one back end for testing and one back end for the final production. Configuration changes can now be defined and evaluated first in the test back end. Thereafter you can synchronize parts or the complete test back end with the production back end to apply the required changes quickly and safely to the production system. This method can also be used for a simple backup and restore mechanism of the production back end. The Synchronization window allows you to perform this synchronization.
In the Configuration Repositories window, select the repository that you want to synchronize.
The Synchronization window opens.
Select the source repository from the Source Configuration Repository list.
You can change the source repository which serves as source for the changes. This repository is not changed.
(Optional) You can restrict the source repository by clicking the Change button next to Source Starting Point.
This specifies another element than the root as the source starting point for the synchronization.
A dialog opens, which allows you to navigate to the desired organization or domain element. Once an element is selected, the new path is reflected in the Source Starting Point.
Select a target repository from the Target Configuration Repository list.
You can change the target repository which serves as target for the changes. This repository is changed.
(Optional) You can restrict the target repository by clicking the Change button next to Target Starting Point.
This specifies another element than the root as the target for the synchronization.
A dialog opens, which allows you to navigate to the desired organization or domain element. Once an element is selected, the new path is reflected in the Target Starting Point.
Click the Compare button.
The two trees are compared and all differences are listed in a table.
Select the check boxes next to the table rows containing the profiles you want to synchronize and click the Synchronize button.
When the synchronization is finished the target repository matches the source repository regarding the selected profiles.
The Profiles — Tree View page displays all available profiles that are currently assigned to an element. On the left side of the page is a navigation area, where you can browse through the tree hierarchies to find profiles. On the right side of the page is the Content area, which displays information about any profile selected in the navigation area.
The navigation tree is used to browse through the organization and domain trees to select an element. The tree reflects the hierarchy of the elements. If a node has subnodes, a blue triangle is displayed to the left of the node name. Clicking the blue triangle, the node is expanded, and some subnodes are shown.
By default, only 10 subnodes are displayed for each expanded node. If there are more than 10 subnodes, the 11th “node” does not refer to an element, but indicates that there are nodes that are not displayed: “... some elements not displayed”. Clicking this “node” opens the Find function.
To select an element, navigate the tree and click on the desired element. Once an element has been selected, the element is highlighted, and the content area displays the element's assigned and inherited profiles.
The navigation also provides a mechanism for a recursive search (see Searching for an Element) and a non-recursive find (see Using the Find Function), in order to locate elements in the tree hierarchies. Clicking the Search button opens the Search window.
The Search function allows you to recursively search for an element in the domain or organization hierarchy. It searches for not only the direct children of an element, but also all descendents. To perform a search of only the direct children of an element, use the Find function.
A search opens the Search window, which also allows you to perform a more advanced search.
The Search feature only supports LDAP and hybrid repositories, but does not support file-based repositories. If you perform a search on a file-based repository, the result is always reported as Elements Found (0).
Type the name or partial name of the element that you wish to search for into the search field.
The search is not case-sensitive and not strict, for example, the search string "bc" will match "ABC" and "bcd". An asterisk (*) denotes an arbitrary sequence of characters within a search string. You can use more than one asterisk at any location in the string. An empty field is equivalent to a field with the search string “*”.
Click the Search button.
The Search window opens. Any string that you typed into the search field of the Navigation area is moved from that search field to the search field of the Search window, and a search for that string is started automatically. Any results are then displayed in a results table, which shows the name, type and path of any found elements.
The maximum number of results is capped at 100.
If no results were found, or if you left the search field in the Navigation area blank, you can type in the name of an element in the search field of the Search window.
Use the type modifier list, located next to the search field, to search for a specific element type, such as “Search domains”.
If necessary, add advanced options to the search by clicking the Show Advanced Options button.
The advanced options consist of the following:
Restrict to: you can determine the element at which the search algorithm should start to traverse through the tree.
Results displayed per page: allows you to determine the number of results displayed on every page of the results table.
Click the Search button again to view results for a new or modified search.
Clicking the Reset button changes all search parameters to the default and clears the Search field.
The Find function allows you to perform a qualified find for all elements that are direct children of the expanded element. This is in contrast to the search function, which provides a recursive search for elements.
Click the Some Elements are not Displayed node in the navigation tree.
The Find window opens.
Type a string or partial string into the Find field.
The search is not case-sensitive and not strict, for example, the search string "bc" will match "ABC" and "bcd". An asterisk (*) denotes an arbitrary sequence of characters within a search string. You can use more than one asterisk at any location in the search string. An empty field is equivalent to a field with the search string “*”.
Click the Find button.
A list of results is displayed. The number of results is capped at 100.
To add a found element to the navigation tree, click the desired element in the results list.
The Find window closes, and the element is added to the list of subnodes in the navigation tree.
When you select an element, information about that element is displayed in the content area of the Profiles — Tree View page. The content area can contain up to three tables:
Assigned Profiles table: this table is always displayed. This table shows the profiles that are assigned to the currently selected element. It contains three columns, Name, Author, and Last Modified. The value of the Last Modified column changes only if a setting of the profile is changed, but not if the profile itself is renamed, moved or re-prioritized.
Inherited Profiles table: this table is displayed if any element above the selected element in the hierarchy has an assigned profile. This profile is listed in the table. It contains two columns, Name and Assigned To. Assigned To shows the path and name of the element that the profile is assigned to.
Users or Roles table: this table appears when an element of “user” or “role” type is selected. If the element is a user who is a member of at least one role, then those roles are shown in the Roles table. If the element is a role that has members, these members are displayed in the Users table.
Click the New button.
The Profile Editor opens.
Follow the instructions provided by the Profile Editor.
For more information about how to use the Profile Editor to create a new profile, see Profile Editor.
When you have finished creating the new profile, it is automatically assigned to the currently selected element.
Select the check box corresponding to the profile that you want to delete.
A confirmation dialog appears.
It is important to understand that Delete removes all assignments and then physically deletes the profile. You cannot retrieve it, it is gone. Deleting a profile also causes assignments to other elements besides the current element to be removed. To simply remove a profile assignment from an element, use Unassign.
Click the Delete button.
If you really want to delete the profile, click the OK button in the confirmation dialog.
Click the Assign Profile button.
A dialog opens, listing all available profiles that can be assigned to the selected element.
Profiles already assigned to the selected element, as well as profiles that are not stored at or above the currently selected element, are not listed.
Select one or more of the listed profiles, and click OK.
The newly assigned profiles now appear in the Assigned Profiles table.
Select the check box corresponding to the profile that you want to unassign.
Click the Unassign Profile button.
The profile is now unassigned, and disappears from the Assigned Profiles table.
There is no warning dialog, so if you clicked the Unassign Profile button by mistake, you can reverse this by using the Assign Profile function.
Select the check box corresponding to the profile that you want to rename.
Choose Rename from the actions list.
A Rename dialog opens.
Type the new name of the profile in the text field of the dialog, and click OK.
Select the check box corresponding to the profile that you want to copy or move.
Choose Copy and Move from the actions list.
The Copy and Move wizard opens.
Follow the instructions provided by the Copy and Move wizard to perform your task.
Make sure all check boxes are deselected.
Choose Import from the actions list.
The Import Profile dialog opens.
Enter the path of the file that you want to import, or click the Browse button to choose a file from the default file chooser dialog of your operating system.
Click the Import button.
Select the check box corresponding to the profile that you want to export.
Choose Export from the actions list.
A dialog opens, which allows you to specify the location to which you want to export the file.
Select the Save to Disk option in the dialog and click OK.
Choose the location where you want to save the exported file and click OK.
Effective Settings is a read-only view of the effective configuration settings for a given element, such as an organization, domain or host.
The effective settings of a specific user are the result of a merge process, including the configuration settings stored at the involved organization level(s), role(s), and the user. You can display the merged configuration settings of a selected element in a separate Effective Settings window. This allows for easy verification and also error debugging. An Effective Settings report can also be printed and stored for archival purposes.
Click the Effective Settings button in the Assigned Profiles table.
When first opened, the effective settings for the selected element in the navigation tree are displayed.
The Effective Settings window consists of the following two sections:
In the Modify Effective Settings Parameters section, the Create the Effective Settings Using area lets you choose which tree to take into account. The Select an element from the Domain Tree option lets you choose which entities to generate a Effective Settings report for. Use the Browse button to select an element in the organization or domain tree.
The Effective Settings section displays the following:
The location of the selected element in the hierarchy and the hostname.
The time and date when the current effective settings report was generated.
In the Profiles Involved section, the list of profiles involved in generating the effective settings report for the current element. They are listed in merge order form most relevant to least relevant. Each profile is a link that opens the Profile Editor window for the profile.
The Settings Summary area displays the configuration settings for the current effective settings report, grouped into categories. The Settings Summary contains Name, Value, and Status fields.
The Status column contains entries of the type “Defined In <pofileName>”, where <profileName> is a link that opens the Profile Editor for that profile on the Configuration Settings tab, and navigates to the particular setting within this profile.
You can modify a generated effective settings report by changing any relevant effective settings parameters, and then clicking the Generate Effective Settings button at the top of the Effective Settings window.
A new report is then displayed in the Effective Settings window.
To print an effective settings report, click the Print button at the top or bottom of the Effective Settings Window.
The Profiles — All page displays all available profiles, including those that are not assigned to an element. The profiles are shown in two tables, one for domain profiles and one for organization profiles.
The profile tables let you perform the following actions:
Creating a new Profile
Deleting a Profile
Renaming a Profile
Copying and Moving a Profile
Importing Profiles
Exporting Profiles
Click the New button in the desired profile table, either organization or domain.
The Profile Editor wizard opens.
Follow the instructions provided by the wizard.
For more information about creating a new profile using the Profile Editor, see Profile Editor.
Select the check box corresponding to the profile that you want to rename.
Choose Rename from the actions list.
A dialog box appears.
Type the new name of the profile in the text field of the dialog, and click OK.
Select the check box corresponding to the profile that you want to copy or move.
Choose Copy and Move from the actions list.
The Copy and Move wizard opens.
Follow the instructions provided by the Copy and Move wizard to perform your task.
Make sure all check boxes are deselected.
Choose Import from the actions list.
The Import Profile dialog opens.
Enter the path of the file that you want to import, or click the Browse button to choose a file from the default file chooser dialog of your operating system.
Click the Import button.
Select the check box corresponding to the profile that you want to export.
Choose Export from the actions list.
A dialog opens, which allows you to specify the location to which you want to export the file.
Select the Save to Disk option in the dialog and click OK.
Choose the location where you want to save the exported file and click OK.
The Profile Editor is used to create new profiles and edit existing profiles. You can also view the current settings and options for the currently selected profile.
You can open the Profile Editor by either clicking the name of a profile in one of the tables in the Profiles — Tree View content area or in the Profiles — All page.
To create a new profile, see Creating a new Profile.
The Profile Editor contains the following tab pages:
General Properties
Configuration Settings
Assigned Elements
Settings Summary
Advanced Options
The General Properties page allows you to specify general information about a profile. This page is the default view of the Profile Editor window.
The Profile Editor appears when the user creates a new profile by clicking the New button.
In the Name field, type the desired name of the profile.
Add any comments into the Comments field.
You can leave the Comments field blank.
The Author and Last Modified fields are read-only, and cannot be modified. The Author field displays the profiles author, and the Last Modified field shows the date and time of the last modification.
Click the Save button.
If you close the window before saving any new information, and warning dialog appears that prompts you to save the settings.
The Configuration Settings page allows you to view and edit the configuration settings that are stored in the selected profile.
To view a profile's configuration setting, navigate to the setting from the list of categories on the right side of the page.
The configuration settings are organized hierarchically into categories that directly correspond to the configuration options of desktop applications, such as StarOfficeTM, MozillaTM, Evolution or Gnome.
Click the desired configuration setting.
The selected profile's settings appear, which displays the available settings for that profile. If necessary, additional context information is provided, such as the effects of individual settings or the allowed value range.
If you select a category rather than a configuration setting, a table appears that lists that categories settings or sub-categories.
For each configuration setting, you can either specify a concrete value, or you can leave the setting undefined.
If you leave the setting undefined, the application will not be affected by this profile setting, and instead takes advantage of its own factory built-in default value. In general, the Profile Editor lists and applications default value through additional help text or, if possible, through a marker directly in the setting's options list.
It is important to understand that several profiles might affect the same user. For example, you can create a profile with settings for a specific organization. These settings are automatically available for all users that are part of this organization. Similarly, you can define additional profiles with configuration settings for sub-organizations. These may overwrite settings of the parent organization, for example, different proxy settings for sub-organizations would be defined, but leave other settings unchanged. The effective settings for a specific user would then be the result of a merge process including all profiles assigned to the organization, sub-organizations and probably the user.
In some cases you might want to control this merge process and want to enforce a configuration setting, meaning that it should not be possible for other profiles to overwrite your setting and to define a different value. The Profile Editor allows to specify for each setting the desired merging behavior. The default is that other "profiles may overwrite" a setting. Deselecting this option will enforce the setting and other profiles can no longer overwrite your value.
The Assigned Elements page lists the elements that are assigned to the current profile, and allows you to assign or unassign elements.
The current profiles elements are displayed in the Assigned Elements table, which contains the following information:
Name: the name of the element to which the current profile is assigned.
Path: the location of the element to which the current profile is assigned.
Click the Assign Element button.
A window containing a navigation tree appears.
Navigate the tree, and select the desired element.
If you can't find the desired element in the tree, you can click the Search button to open the Search window and find the element.
The element then appears in the Assigned Elements table, now assigned to the current profile.
Select the check box corresponding to the element that you want to unassign.
Click the Unassign Element button.
The element is now not assigned to the current profile, and disappears from the Assigned Elements table.
The Settings Summary is a read-only view of all configuration settings that contain data for the selected profile.
The Settings Summary page contains the Settings Summary table. This table shows the configuration settings that contain data for the current profile, grouped into categories. The table has the following fields:
Name: the setting name
Value: the setting value
Status: the status column contains entries of the type “Defined in <profileName>, where <profileName> is a link that switches the Profile Editor to the Configuration Settings page, and navigates to the particular setting within this profile.
The Advanced Options page allows you to specify advanced options for the current profile. There are two main options available on this page:
Applicable from: allows you to move the profile to a different storage location in the organization or domain tree. By moving the storage location, you are also changing the set of elements that the profile can be assigned or applied to. This is because a profile can only be assigned to the element it is stored at, or assigned to the elements that are in the subtree below the element at which it is stored.
You can not change the “Application from” parameter in a way that the resulting layout would violate the rule mentioned above. For example, this would happen if you move a profile down the tree hierarchy, and an existing assignment connecting the profile to an element below the profile's storage location would, after the movement of the profile, connect the profile to the same element. But now, the element is above the storage location of the profile. If the you try this, the action is cancelled, and a warning message is displayed.
Merge Order: specifies the order in which all profiles stored at the same element are merged.
Because more than one profile can be assigned to a single element and more than one profile can define the same setting, the order in which the profiles are merged for a single element must be defined. This resolves the conflicts of one setting being defined in two or more profiles assigned to the same element.
The storage location is used first to determine the merge order. The profile stored at an element that is located closer to the root of the tree is merged first. As a consequence, the profile that is stored deeper in the tree hierarchy is merged secondly. The settings of a profile merged later overwrite the settings of a profile merged earlier.
Click the Change button.
A window containing a navigation tree appears.
Navigate the tree, and select the desired element.
If you can't find the desired element in the tree, you can click the Search button to open the Search window and find the element.
Click the OK button.