Note
NoteThe user ID must be unique. The administration server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use. Be aware, however, that if you use the ldapmodify command line utility to create a user, that it does not ensure unique user IDs. If duplicate user IDs exist in your directory, the effected users will not be able to authenticate to the directory.
For information on editing users, see "Managing users".
Notes on user entries
The following notes may be of interest to the directory administrator:
cn=full name, ou=organization, ...,o=base organization, c=countryFor example, if a user entry for Babs Jensen is created within the organizational unit Engineering, and the directory's suffix is o=Ace Industry, c=US, then the person's DN is:
cn=Babs Jensen, ou=Engineering, o=Ace Industry, c=USHowever, you can change this format to a uid-based distinguised name. For information on how to set this default, see "Using uid-based distinguished names".
User field
Corresponding LDAP attribute
Given Name
givenName
Surname
sn
Full Name
cn
User ID
uid
Password
userPassword
E-Mail Address
mail
User field | Corresponding LDAP attribute |
---|---|
Title |
title
|
Telephone |
telephoneNumber
|
For information on these attributes, see Appendix A, Object Classes and Attributes.
The "Find all users whose" field
The Find all users whose: field allows you to build a custom search filter. Use this field to narrow down the search results returned by Find user.
Find all users whose: provides the following search criteria:
full nameSearch each entry's full name for a match.
last nameSearch each entry's last name, or surname for a match.
user idSearch each entry's user id for a match.
phone numberSearch each entry's phone number for a match.
email addressSearch each entry's email address for a match.
containsCauses a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an user's name probably contains the word "Steve", use this option with the search string "Steve" to find the user's entry.
isCauses an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an user's attribute. For example, if you know the exact spelling of the user's name, use this option.
isn'tReturns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the users in the directory whose name is not "Babs Jensen", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds likeCauses an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a user's name is spelled "Sarret", "Sarette", or "Sarett", use this option.
starts withCauses a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a user's name starts with "Mike", but you do not know the rest of the name, use this option.
ends withCauses a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a user's name ends with "Anderson", but you do not know the rest of the name, use this option.
Note
It is possible that you will want to change an attribute value that is not displayed by the edit user form. In this situation, use the ldapmodify command line utility.
NoteYou can change the user's first, last, and full name field from this form, but to fully rename the entry (including the entry's distinguished name), you need to use the Rename User form. For more information on how to rename an entry, see "Renaming users".
Managing a user's password
The password you set for user entries is used by the various Netscape servers for user authentication.
To change or create a user's password:
Managing user licenses
This area allows you to track which Netscape server products your users are licensed to use. To manage the licenses available to the user:
Renaming users
To rename a user entry:
NSHOME/admin-serv/config/dsgw-orgperson.conf
Note
The rename feature changes only the user's name; all other fields are left intact. In addition, the user's old name is still preserved so searches against the old name will still find the new entry.
Note
When you rename a user entry, you can only change the user's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
then you can rename the entry from Babs Jensen to Barbara Jensen, but you cannot rename the entry such that Babs Jensen under the Marketing organizational unit becomes Babs Jensen under the Accounting organizational unit.To return to the general information form, click General.
Creating groups
To create a group entry within the directory, do the following:
Managing groups
You edit groups and manage group memberships from the Group Edit form. From this form you can:
The "Find all groups whose" field
The Find all groups whose: field allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find groups:
Find all groups whose: provides the following search criteria:
full nameSearches each entry's full name for a match.
descriptionSearches each group entry's description for a match..
containsCauses a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an group's name probably contains the word "Administrator", use this option with the search string "Administrator" to find the group entry.
isCauses an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an group's attribute. For example, if you know the exact spelling of the group's name, use this option.
isn'tReturns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the groups in the directory whose name does not contain "administrator", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds likeCauses an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a group's name is spelled "Sarret's list", "Sarette's list", or "Sarett's list", use this option.
starts withCauses a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a group's name starts with "Product", but you do not know the rest of the name, use this option.
ends withCauses a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a group's name ends with "development", but you do not know the rest of the name, use this option.
For more information on how to find a group entry, see "Finding group entries".
Note
It is possible that you will want to change an attribute value that is not displayed by the group edit form. In this situation, use the ldapmodify command line utility.
Adding group members
To add members to the group:
Adding groups to the group members list
You can add groups (instead of individual members) to the group's members list. Doing so causes any users belonging to the included group to become a member of the receiving group. For example, if Babs Jensen is a member of the Marketing Managers group, and you make the Marketing Managers group a member of the Marketing Personnel group, then Babs Jensen is also a member of the Marketing Personnel group.
To add a group to the members list of another group, add the group as if it were a user entry. See "Adding group members" for more information.
Removing entries from the group members list
To delete an entry from the group members list, do the following:
Managing owners
You manage a group's owners list the same way as you manage the group members list. The following table shows you which section to read for more information:
Managing see alsos
See alsos are references to other directory entries that may be relevant to the current group. They allow users to easily find entries for people and other groups that are related to the current group.
You manage see alsos the same way as you manage the group members list. The following table shows you which section to read for more information:
Removing groups
To delete a group, do the following:
Renaming groups
To rename a group, do the following:
Note
When you rename a group entry, you only change the group's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
then you can rename the group from Bean Counters to Counters of Beans, but you cannot rename the entry such that Bean Counters under the Accounting organizational unit becomes Bean Counters under the Marketing organizational unit.
Notes on organizational units
The following notes may be of interest to the directory administrator:
ou=new organization, ou=parent organization, ...,o=base organization, c=countryFor example, if you create a new organization called Accounting within the organizational unit West Coast, and your Base DN is o=Ace Industry, c=US, then the new organization unit's DN is:
ou=Accounting, ou=West Coast, o=Ace Industry, c=US
The Find all units whose: field
The Find all units whose: field allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find organizational unit:
Find all units whose: provides the following search criteria:
unit nameSearch each entry's name for a match.
descriptionSearch each organizational unit entry's description for a match..
containsCauses a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an organizational unit's name probably contains the word "Marketing", use this option with the search string "Marketing" to find the organizational unit entry.
isCauses an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an organizational unit's attribute. For example, if you know the exact spelling of the organizational unit's name, use this option.
isn'tReturns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the organizational units in the directory whose name does not contain "Marketing", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds likeCauses an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a organizational unit's name is spelled "Sarret's Org", "Sarette's Org", or "Sarett's Org", use this option.
starts withCauses a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a organizational unit's name starts with "Product", but you do not know the rest of the name, use this option.
ends withCauses a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a organizational unit's name ends with "Development 1", but you do not know the rest of the name, use this option...
For more information on how to find an organizational unit entry, see "Finding organizational units".
Note
It is possible that you will want to change an attribute value that is not displayed by the organizational unit edit form. In this situation, use the ldapmodify command line utility.
Renaming organizational units
To rename an organizational unit entry, do the following:
Note
When you rename an organizational unit entry, you can only change the organizational unit's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
then you can rename the entry from Widget 1 to Widget 2, but you cannot rename the entry such that Widget 1 under the Marketing organizational unit becomes Widget 1under the Accounting organizational unit.
Importing a directory from LDIF
If you do not currently have a directory, or if you want to add a new subtree to an existing directory, you can use the Users and Groups import function. This function accepts a file containing LDIF and attempts to build a directory or a new subtree from the LDIF entries.
If you are using the Netscape local directory, the import function will optionally overwrite any existing directories. If you are using a directory server and you attempt to import an entry that already exists, then that operation will fail. To merge LDIF formatted entries into an existing directory (either for a local directory, or for directory server), it is best to convert the LDIF to LDIF update statements and use ldapmodify to perform the merge.
To create an new directory or subtree from Users and Groups, do the following:
Exporting a database to LDIF
You can export your current directory to LDIF using the Users and Groups export function. This function creates an LDIF-formatted file that represents your directory.
To export your directory to an LDIF file: