5.2 Creating Groups of Users

This section describes how to create groups within Vibe. You can also synchronize groups of users from your LDAP directory to your Novell Vibe site, as described in Adding Vibe Users from Your LDAP Directory in Basic Installation in the Novell Vibe 3.4 Installation Guide.

You can use existing groups or create additional groups within Vibe to facilitate access control on your Vibe site. For background information on access control, see Controlling Access in the Novell Vibe 3.4 Advanced User Guide.

In addition to creating groups to assist with access control, you might want to create groups for any of the following reasons:

Users are responsible for access control in their personal workspaces and any team workspaces that they create. As the Vibe site administrator, you are responsible for access control in public locations such as global workspaces. By creating groups of users who have attributes in common, you and other Vibe users can set access controls and create teams without listing users individually. Groups can be nested within groups, so create small groups first, then build larger groups from your smaller groups.

You can create either static or dynamic groups.

5.2.1 Creating Static Groups

Static groups are groups whose membership does not change based on LDAP queries.

This section describes how to create static groups directly from Vibe. You can synchronize static groups to Vibe from your LDAP directory as described in Adding Vibe Users from Your LDAP Directory in Basic Installation in the Novell Vibe 3.4 Installation Guide.

To create static groups in Vibe:

  1. Log in to the Vibe site as the Vibe administrator.

  2. Click the Settings icon in the upper right corner of the page, then click the Administration Console icon .

  3. Under Management, click Groups, then click Add.

    Manage Groups page
  4. Fill in the following fields:

    Name: Specify the unique name under which the group is stored in the Vibe database. You can use alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and underscores (_).

    Title: Specify the group name that displays to users on the Vibe site. This string can include any characters that you can type.

    Description: Describe what the members of this group have in common.

  5. Select Group membership is static.

    This means that group membership does not change based on LDAP queries.

  6. Click Edit group membership.

  7. Click the Users or Groups tab, depending on whether you want to add users or groups to the group that you are creating.

  8. In the User or Group field, specify the name of the user or group that you want to add to the group that you are creating, then click the name of the user or group when it appears in the drop-down list.

  9. Repeat Step 7 and Step 8 to add multiple users and groups to the group that you are creating, then click OK when you have finished adding users and groups.

  10. Click OK to create the group.

    After you have created one or more small groups, you can use the Groups field to create larger groups from smaller groups.

5.2.2 Creating Dynamic Groups

Groups based on LDAP queries are dynamic in that they can be configured to have their membership updated when the information in the LDAP directory changes.

Creating groups based on LDAP queries is a quick way to create Vibe groups that consist of users who match specific criteria. You can create dynamic groups as described in the following sections:

Creating Dynamic Groups within LDAP

Depending on the LDAP directory that you are using, you might be able to create dynamic groups within your LDAP directory. For example, you can create dynamic group objects in eDirectory with Novell iManager (for more information, see the iManager Documentation).

Dynamic groups created within LDAP are stored in your LDAP directory and can then be synchronized to Vibe, as described in Adding Vibe Users from Your LDAP Directory in the Novell Vibe 3.4 Installation Guide.

Creating Dynamic Groups within Vibe

You can create dynamic groups in Vibe by querying the LDAP directory.

Prerequisites
  • Users must already have existing Vibe user accounts in order for them to be added to a Vibe group as described in this section. If your LDAP query includes users who are not already Vibe users, the users are not added to the Vibe group

  • When configuring your LDAP connection, you must specify the name of the LDAP attribute that uniquely identifies the user (the value of this attribute never changes). For eDirectory, this value is GUID. For Active Directory, this value is objectGUID. For more information about this attribute, see LDAP Attribute to Identify a User or Group in Gathering Directory Services Information in the Novell Vibe 3.4 Installation Guide.

    The Vibe process that creates a dynamic group uses the LDAP configuration settings in Vibe to authenticate to the LDAP directory server. The credentials that are used are the LDAP server URL, user DN, and password. For more information on how to configure these and other LDAP configuration settings in Vibe, see Adding Vibe Users from Your LDAP Directory in the Novell Vibe 3.4 Installation Guide.

Advantages

Advantages to creating dynamic groups within Vibe rather than within your LDAP directory include:

  • Allows the Vibe administrator to control group membership without having direct access to the group object in the LDAP user store.

  • Your LDAP directory might not support dynamic groups.

  • You do not want dynamic groups to sync to applications other than Vibe that are leveraging your LDAP directory.

Considerations with Multiple LDAP Sources

Consider the following if your Vibe site is configured with multiple LDAP sources:

  • You should not create dynamic groups in Vibe if the base dn that you define for the dynamic group does not exist in each LDAP source. This is because the membership of the dynamic group might not get updated correctly.

  • If your Vibe site is configured with multiple LDAP sources and the base dn that you define for the dynamic group exists in each LDAP source, the membership of the dynamic group contains users from each LDAP source that match the dynamic group’s filter.

Creating the Group

To create the dynamic group within Vibe:

  1. Log in to the Vibe site as the Vibe administrator.

  2. Click the Settings icon in the upper right corner of the page, then click the Administration Console icon .

  3. Under Management, click Groups, then click Add.

    Manage Groups page
  4. Fill in the following fields:

    Name: Specify the unique name under which the group is stored in the Vibe database. You can use alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and underscores (_).

    Title: Specify the group name that displays to users on the Vibe site. This string can include any characters that you can type.

    Description: Describe what the members of this group have in common.

  5. Select Group membership is dynamic.

    This means that group membership is based on an LDAP query that you will define in this procedure.

  6. Click Edit group membership.

    Group Membership box
  7. Specify the following options:

    Base DN: Specify the base DN where you want to start your search.

    If you have multiple LDAP sources, see Considerations with Multiple LDAP Sources before proceeding.

    LDAP Filter: Specify the filter criteria.

    For example, to search for all users located in Utah, specify (st=Utah).

    Search subtree: Select this option if you want to also search for matches in subtrees of the base dn you are currently searching.

    Update group membership during scheduled ldap synchronization: Select this option to update the membership of this group during each scheduled LDAP synchronization. Group membership is updated based on changes that might have occurred in the LDAP directory.

    For information on how to set the LDAP synchronization schedule, see Synchronization Schedule in Basic Installation in the Novell Vibe 3.4 Installation Guide.

  8. (Optional) Click Test ldap query to test the results of your LDAP query.

    This process can take several minutes, depending on the size of your LDAP directory.

  9. Click OK > OK to create the group.