In this Appnote I will explain how you can use eGuide as a help desk tool.
In some organizations it can be a lot of work to update all the user address book information. From my own experience, I know that users will call you when their name or phone number is incorrect in the GroupWise address book - and if you ask me, they are right about that. If you publish some kind of information, it should be correct.
Another issue is when a user is moved to another department, if you use the Department field in ConsoleOne you also have to change that.
Now let's say you are a very busy administrator (even though Novell products are making your life easier :-) and you don't have time to change all these little settings. Wouldn't be nice if you could let someone else do it for you, without giving them full rights to your eDirectory object? eGuide can be your tool to accomplish this.
So let's see how ...
Creating a User Administrator
1. Open the eGuide Administration Utility (http://<ip-address>/eGuide/admin/index.html).
Figure 1 - Starting eGuide
2. Enter the eGuide administrator username and password.
3. Click Login.
Once you are logged in you see the this window:
Figure 2 - eGuide login
The first step is to set a User to be an administrator, to change all the settings you like.
4. To select a user to be a User Administrator, click Administration Roles in the left-hand menu.
Figure 3 - Administration Roles
5. Click Edit, next to User Administrators.
I will select a user named Dave to be the User Administrator.
6. In the search field, enter the CN for this user.
7. Click Search.
Figure 4 - Searching for the user by CN
8. In the Available field, select this user and move it to the Selected side.
9. Click Save.
Now you see that you have two users: the first one is the eGuide admin, and the second is the user to be the User Administator.
Figure 5 - eGuide admin and User Administrator
Configuring the User Administrator
First you have to decide what data the User Administrator user can change. In this AppNote, I will configure the User Administartor so that it can change the following properties:
- Given name
- Last name
- Phone number
For a normal eDirectory user, it is impossible to change these user attributes. If you would like to enable this for a normal non-admin user, you have to assign the user special eDirectory rights. This can be done with ConsoleOne.
1. Open ConsoleOne and log in to your tree.
Figure 6 - Tree login with ConsoleOne
I always create a User Goup and assign the proper rights to that Group. That way I can always add a second user to the group, and I don't have to edit the properties again.
2. Create a User Group in the OU where your eGuide server is placed. I call the Group eGuideUserAdmin.
Figure 7 - Creating a User Group
I've added user cn=Dave.ou=Users.o=Disney to the membership list of this group.
Figure 8 - User added to membership list
3. After you are logged in and created the Group, decide from what Parent container you would like your Administrative User to have rights to change the attributes we just mentioned (given name, last name, phone number, and department).
I've decided to use the ou=Users.o=Disney Contrainer to be the top container where the User may change attributes. This meens that the Administrative User (Dave) can only change the attributes of users directly underneath, and in the child containers of OU=Users.O=Disney.
4. To configure that, right-click the User Container in ConsoleOne and select "Trustees of this Object".
Figure 9 - Selecting object trustees
5. Click Add Trustee.
6. Select the User Group just created.
Figure 10 - User Group selected
7. Click OK to display the Properties window.
Figure 11 - Rights for selected objects
In this window you can add the rights the user needs to change the given name, last name, phone number, and department properties.
8. To do this, click Add Property.
9. In the next window, click Show All Properties.
Figure 12 - x
10. Search for the Given Name property, select it, and click OK.
11. In the next window, add the Write rights. If you don't do this, the Administrative User can't change the Given Name.
Figure 13 - Adding properties
12. Select Inheritable and click OK.
Figure 14 - User properties
Now you need to give the eGuideUserAdmin Group rights to change the other settings as well.
13. Select the Group and click Assigned Rights.
Figure 15 - Assigned rights for trustees
As you can see, the given name is still there.
14. Click Add properties and repeat the same steps for the other three attributes (Last name (Surname), Phone number (Telephone Number), and Department (OU)).
Figure 16 - Adding rights for more properties
15. Click OK to save the settings.
Now that you have done this, the user Dave should be able to modify the given attributes.
Let's test what we have done so far.
1. Open the eGuide client (http://<ip-address>/eGuide).
Figure 17 - Opening the eGuide client
2. Click the Login button in the top of the window.
3. Enter the username and password of user Dave.
4. Click Login.
Once you are logged in, you see the next window:
Figure 18 - eGuide Directory Search window
Now let's see if we can change some user data.
5. In the search field, search for a user created under the OU=Users.O=Disney (in my case, Brouwers).
Figure 18 - User search
I see a user named Grad Brouwers.
6. To change his phone number, click Edit Information in the top of the screen. In the upcoming windows, I will change the phone number and the user's first name.
Figure 19 - User information
7. Click Save.
When you see the following window, you'll know everything is working.
Figure 20 - User information saved
If you look closely, you'll see there is no option for admin User Dave to change the Full Name, Last Name and Department attribute.
Figure 21 - User information (again)
You have to enable this in the Administration Utility first.
8. To do this, open the Administration Utility again.
9. Click on LDAP Data Sources.
Figure 23 - Admin Utility, LDAP Data Sources
10. In the left-hand window, click Edit.
11. In the next window, click the Attributes tab.
Figure 24 - LDAP Attributes
12. Make sure the Tree boxes are checked for all four attributes (Given name, Last name, Phone number, and Department).
13. Scroll down and click Save.
Now let's try to change the Last name and the Department of the user object for Grad Brouwers.
Here's how it looks before the change action:
Figure 25 - Before change action
And after the change action:
Figure 26 - After change action
As you can see, the last name is changed to Simons, and the Department is changed to Staff.
If you experiment a bit, you can configure eGuide just as you would like it to be. You can assign an admin user that can change eDirectory properties of all the users you like, without granting that user full eDirectory rights. And the most important thing is that admin users can change things from within eGuide. Because it's a very user friendly interface, admins won't need much study before working with it.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.