Helping Your Admins to Update eGuide
Novell Cool Solutions: Tip
Digg This -
Posted: 17 Mar 2005
A reader described the following challenge at his company:
"I am new to eGuide. We use eDirectory 8.7.3. under NetWare 6.5. I am looking at ways to give non-specialist admin staff the ability to update eGuide. The problem is, I don't really know how to go about this.
There are useful fields that are in eGuide that don't appear to be visible in the user object in either ConsoleOne or NWAdmin, such as mobile phone number and line manager. Am I right in assuming that the only way to get these sort of fields populated in eDirectory is through LDIF? If not, what's the trick for non technical admins?"
You can give your admins eDirectory trustee rights to change certain things (name, title etc). You need to add the rights to your tree (or container), then add them as user administrators in the eGuide admin page. Usually, the biggest challenge is working out which eDirectory field relates to which eGuide entry. Some are the same, others are obscure ...
Attributes will appear in the 'Other' page of ConsoleOne, but unless you're bulk-updating, just point them at eGuide for administering the info (and you'll probably want to keep your admins away from ConsoleOne, iManager, etc.).
There are a couple of things you need to do to get everything working in the way you want:
Adding Fields as Displayed Attributes
The first step is to get the fields you want displayed added to the list of displayed attributes.
- Log in to eGuide as a user with eGuide admin rights.
- Click "Administration Utility."
- Navigate to "LDAP Data Sources" and select your source.
- Click the "Attributes" tab.
- Find the fields you want to display and check the Enable box for them. Don't check Searchable or Editable.
- You may need to stop and restart TomCat to get it to recognize the changes. Use `tc4stop` and `tomcat4` from the console line to stop and restart TomCat.
Enabling Role-Based Security
The next step is to enable Role Based Security.
- Still in eGuide as a user with eGuide admin rights, browse to Security > Administration Roles > RBS Setup.
- Enable 'RBS Discovery'.
- Log in to iManager with an administrative account (usually it will have to be Admin itself).
- Switch to the 'Configure' tab.
- Create eGuide tasks with the fields you want to be editable (group them with similar fields).
- Create an eGuide Role and associate the Tasks with the Role.
- Assign a user object to one of the roles and see what you can see as that user.
Because of the way that the RBS security model is designed, when you log in as a privileged user object in eGuide, you will only see the fields that are part of the "eGuide Default View" Role, even if you can see the extra fields you added above when not logged in! When you are logged in and have editing rights, as soon as you select "Edit Information" all fields that RBS allows for editing become visible. If this bothers you, you'll need to create a new task in iManager and add your extra fields as view only (so you wind up creating a "Edit" task and "View" task for each set of fields). Once you have that task, you can add it to the "eGuide Default View" Role. Again, you may need to stop and restart TomCat at various points to get this visible.
If you have the data already existing, it would make sense to import as much as possible into eDirectory using LDIF (or use a Perl script to update via LDAP).
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com