User Management Guide

CHAPTER 3

Using the Directory Section of the DAC

This chapter describes how to manage the Directory subsystem using the Director Administration Console (DAC). It contains the following sections:

• About the Directory section of the DAC

• Users

• Groups

    For information about how to access the DAC, see the section on accessing the DAC in Developing exteNd Director Applications.

About the Directory section of the DAC

The Directory section of the DAC allows you to view information about the security realm of a deployed exteNd Director application. In the case of a writable realm, you can also change the information.

The Directory section has the following pages:

• Users

• Groups

Search facility

The Directory section provides a search facility for querying users and groups. This is helpful when dealing with large directory structures. A Search dialog appears at appropriate places in the User and Group pages.

To search for a user or group:

• Enter one or more characters that start the user or group name, then click Go.

  For example:

  

Users

The Users page allows authorized users to add and remove users from the authentication realm.

The left side of the page shows a list of users. The user list from an LDAP realm looks like this:

The Realm Name dropdown list is useful only if you have configured separate readable and writable realms.

The Flush Cache button updates the user list to match the realm. This is useful if user data can be concurrently modified by another user. This function also applies to servers running in a cluster.

To change a password:

1. Select one of the users listed in the left panel.

2. In the right panel, click Modify Password:

   

3. Type the new password twice.

4. Click Save.

To add a new user:

1. Click Add.

   

2. Enter the user ID.

3. Enter a Password.

4. Click Save.

To remove a nonadministrative user:

1. Select the user.

2. Click Remove.

To remove an administrative user:

1. Make sure that at least one user will remain in each administrative group. Otherwise, administrative security for that group will become open to everyone.

2. Go to the Groups page in the Directory section of the DAC.

3. Remove the user from all administrative groups.

4. If necessary, remove the user from all administrative ACLs:

   1. Go to the Security section of the DAC.

   2. Remove the user from all admin types and permissions.

5. Go back to the Users page in the Directory section of the DAC.

6. Select the user.

7. Click Remove.

Groups

The Directory section's Groups page in the DAC allows authorized users to add and remove groups from the authentication directory and add and remove users from these groups.

The left side of the page shows a list of groups. The user list from an LDAP realm looks like this:

The Realm Name dropdown list is useful only if you have configured separate readable and writable realms.

The Flush Cache button updates the group list to match the realm. This is useful if group data can be concurrently modified by another user. This function also applies to servers running in a cluster.

To modify a group:

1. Select the group.

   

2. Select the users in the right panel:

   • To select multiple users: click the first user, then Ctrl-click each additional user.

   • To select a range of users: click and drag from the first user to the last user.

   Use the button to add members to the group and the button to remove members from the group.

3. Click Save.

To add a group:

1. Click +Add.

   

2. Enter a name for the group.

3. Click Save.

To remove a group:

1. Select a group.

2. Click Remove.

   TIP:   The users in the group are not removed; only the group itself it removed.

Copyright © 2004 Novell, Inc. All rights reserved. Copyright © 1997, 1998, 1999, 2000, 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved.  more ...