Managing Users

You can edit user attributes on the Manage Users page of the Administration Server Users and Groups tab. On this page you can find, change, rename, and delete user entries.

This section describes the following topics:

• Finding User Information

• Editing User Information

• Managing User Passwords

• Renaming Users

• Removing Users

Finding User Information

Before you can edit a user entry you must first find and display the entry. For LDAP-based directory services, you can provide descriptive values for the entry you want to edit.

You can provide any of the following information.:

• A name. Enter a full or partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string are found. If no such entries are found, any entries that sound like the search string are found.

• A user ID. If you enter only a partial user ID, any entries that contain the string are returned.

• A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number are returned.

• An email address. Any search string containing an at symbol (@) is assumed to be an email address. If an exact match cannot be found, a search is performed to find all email addresses that begin with the search string.

• Any LDAP search filter. Any string that contains an equal sign (=) is considered a search filter.

• An asterisk (*) to see all entries currently in your directory. You can achieve the same result by leaving the field blank.

Building Custom Search Queries

For LDAP services, the Find All Users Whose section enables you to build a custom search filter. Use the fields to narrow search results returned by a Find User search.

The left drop-down list specifies the attribute on which the search will be based. The following tables lists the available search attribute options.

Table 4–2 Search Attribute Options

Option	Searches for a Match
Full name	Each entry’s full name
Last name	Each entry’s last name, or surname
User ID	Each entry’s user ID
Phone number	Each entry’s phone number
E-mail address	Each entry’s e-mail address

The center drop-down list specifies the type of search to perform. The following tables lists the available search type options.

Table 4–3 Search Type Options

Option	Description
Contains	Causes a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a user’s name probably contains the word "Dylan," use this option with the search string "Dylan" to find the user’s entry.
Is	Causes an exact match to be found (specifies an equality search). Use this option when you know the exact value of a user’s attribute. For example, you know the exact spelling of the user’s name.
Isn’t	Returns all entries whose attribute value does not exactly match the search string. Use this option to find all users in the directory whose name is not "John Smith." Note that use of this option can cause an extremely large number of entries to be returned.
Sounds like	Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value but do not know the spelling. For example, you do not know if a user’s name is spelled "Sarret," "Sarette," or "Sarett."
Starts with	Causes a substring search to be performed. Returns all entries whose attribute value starts with the specified search string. For example, you know a user’s name starts with "Miles," but do not know the rest of the name.
Ends with	Causes a substring search to be performed. Returns all entries whose attribute value ends with the specified search string. For example, you know a user’s name ends with "Dimaggio," but do not know the rest of the name.

The right text field is used to enter a search string. To display all user entries contained in the directory specified in the Look Within field, type an asterisk (*) or leave this field blank.

To find user information

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Users link.

3. Select a directory service from the drop-down list and click Select.

   For key file or digest file directory services, a list of users displays. For LDAP-based directory services, search fields display.

4. Find user information:

   For key file or digest file directory services, click the link for the user to display the edit page and make changes. For more information about specific fields, see the online Help.

   For LDAP-based directory services, do the following:

   1. In the Find User field, enter a descriptive value for the entry you want to edit.

      As an alternative, use the drop-down menus in the Find All Users Whose section to narrow the results of your search. For more information, see Building Custom Search Queries.

   2. In the Look Within field, select the organizational unit under which you want to search for entries.

      The default is the directory’s root point, the topmost entry.

   3. In the Format field, specify whether the output should be formatted for display on screen or for printing to a printer.

   4. At any stage in this process, click the Find button.

      All users matching your search criteria will be displayed.

   5. Click the link for the entry you want to display.

Editing User Information

To Edit User Entries

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Users link.

3. Display the user entry as described in Finding User Information.

4. Make the desired changes.

   For more information about specific fields, see the online Help.

   ---

   Note –

   To change an attribute value that is not displayed by the edit user page, use the directory server ldapmodify command-line utility, if available.

   ---

   For information about changing a user’s user ID, see Renaming Users.

Managing User Passwords

The following procedure describes how to change or create user passwords.

To Change or Create User Passwords

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Users link.

3. Display the user entry as described in Finding User Information.

4. Make the desired changes.

   For more information about specific fields, see the online Help.

   For LDAP databases, you can also disable the user’s password by clicking the Disable Password button on the page used to edit user password information, accessed from the Manage Users page. This action prevents the user from logging into a server without your having to delete the user’s directory entry. You can allow access for the user again by providing a new password.

Renaming Users

For LDAP databases, the rename feature changes only the user ID. All other fields are left intact. You cannot use the rename feature to move the entry from one organizational unit to another.

To Rename User Entries

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Users link.

3. Display the user entry as described in Finding User Information.

4. Click the Rename User button on the edit user page.

5. Type the user ID on the page that is displayed, and click Save Changes.

   ---

   Note –

   You can specify that the Administration Server no longer retains the old values when an entry is renamed by setting the keepOldValueWhenRenaming parameter to false (the default). This parameter is found in the following file:

   server-root/proxy-admserv/config/dsgw-orgperson.conf

   ---

Removing Users

To Remove User Entries

1. Access the Administration Server and click the Users and Groups tab.

2. Click the Manage Users link.

3. Display the user entry as described in Finding User Information.

4. Click the appropriate button.

   • For LDAP servers, click Delete User.

   • For key file and digest file databases, click Remove User.