19.2 Managing Groups

Best Practice: Plan groups in advance and use the following worksheets when working in this dialog:

  • Worksheet 4 - Users and Groups

Table 19-3 Using the Groups dialog

Field, Option, or Button

Information and/or Action

Manage Groups dialog (header row)

  • New button

  • Delete button

  • Click this to remove the selected groups from the list.

  • More drop-down

With one or more groups selected, you can choose from the following options:

  • Add Administrator Rights: Lets you assign selected group members as Designated Administrators.

  • Remove Administrator Rights: Lets you remove Direct-administration rights from selected groups.

  • Filter List field

  • Begin typing a name and press enter to filter the list to only those users who match what you have entered.

Manage Groups (below header row)

  • Type column

  • Icons indicate whether the groups are LDAP, non_LDAP internal, LDAP with Direct Admin rights, non-LDAP with Direct Admin rights.

  • Title column

  • Displays group titles as defined in LDAP or specified when the group was created. LDAP titles cannot be changed in TeamWorks, non-LDAP titles can be changed.

  • Click this to edit the group, including changing the group title and the membership configuration.

  • Arrow drop-down column

  • Provides access to the following settings for the group:

    • Web Access settings: Depending on what has already been configured, you can enable web access for all group members, disable web access for all group members, or specify that the default file downloading settings be used for all group members.

  • Name column

  • Displays group names as defined in LDAP or specified when the group was created. Group names cannot be changed.

  • Admin column

  • This indicates whether the group members are allowed Direct administrative responsibilities because of membership in the group.

Add Group dialog

  • Description: box

  • If desired, include some text that describes the group, such as what the members of this group have in common.

  • Group membership is static option

  • Static groups are groups whose membership is directly specified and does not change based on LDAP queries.

  • Group membership is dynamic option

  • Dynamic groups are populated based on LDAP queries made by TeamWorks. Their membership changes as the meta data returned from TeamWorks’s LDAP queries changes.

  • Edit group membership button

  • Click this to configure the type of group you have selected:

OK or Cancel

  • Click OK to save the changes you’ve made in this dialog or Cancel to discard your changes.

  • Make sure you have edited the group membership. Otherwise your group will have no members.

Static Membership for Group dialog

Allow external users and groups option

  • Select this to allow external users and groups to be added to the list.

Users tab

  • User field: Begin typing a user name, then select a listed user to add it to the Membership list.

Groups tab

  • Group field: Begin typing a group name, then select a listed group to add it to the Membership list.

  • Remove button

  • Click this to remove a selected user or group (depending on which dialog you are in).

Membership list

  • A list of the users/groups in the static group.

OK or Cancel

  • Click OK to save the changes you’ve made in this dialog or Cancel to discard your changes.

Edit Dynamic Membership dialog

Tips and Caveats

  • Users must already have existing TeamWorks user accounts in order for them to be added to a TeamWorks group as described in this section. If your LDAP query includes users who are not already TeamWorks users, the users are not added to the TeamWorks group

  • When you configure your LDAP connection, you must specify the name of the LDAP attribute that uniquely identifies the user (the value of this attribute never changes). For eDirectory, this value is GUID. For Active Directory, this value is objectGUID. For more information about this attribute, see Guid attribute:.

  • The TeamWorks process that creates a dynamic group uses the LDAP configuration settings in TeamWorks to authenticate to the LDAP directory server used to specify the Base DN (below). The credentials that are used are the LDAP server URL, user DN, and password. For more information on how to configure these and other LDAP configuration settings in TeamWorks, see LDAP Servers and Synchronization.

  • The Base DN set below must exist in each LDAP source. Otherwise, the membership of the dynamic group might not be updated correctly.

  • If your TeamWorks site is configured with multiple LDAP sources and the base DN that you define for the dynamic group exists in each LDAP source, the membership of the dynamic group contains users from each LDAP source that match the dynamic group’s filter.

  • Current Membership: button

  • Click this to open the Dynamic Group Membership windows and view the users that are included in the group based on the current configuration.

  • Base DN:

  • Use the LDAP browse button to locate the context where you want the search for users to begin.

  • LDAP Filter:

  • Specify the LDAP filter you want to use for the query. This is required for the search to return any results.

  • For an example and more information, see Filter:.

  • Search subtree option

  • Select this to have the search extended into sub-containers.

  • Update group membership during scheduled ldap synchronization option

  • You must either select this or perform a manual ldap synchronization before any users are added to the group you are defining.

  • If you do not select this option, the group will not be automatically updated when changes occur in your LDAP directory.

  • Test ldap query button

  • Use this to see whether the configuration you have specified is working.

OK or Cancel

  • Click OK to save the changes you’ve made in this dialog or Cancel to discard your changes.

Dynamic Group Membership window

Users tab

  • This displays a list of the users and groups that are members of the dynamic group.

  • Close button

  • Use this to return to the previous window.