![]() | |
Sun Java System Web Proxy Server User Interface |
The Users and Groups Tab
The Users and Groups tab is used to add and manage users, groups, and organizational units. The tab contains the following pages:
The Create User PageThe Create User page is used to add users to a directory service. For more information, see "Creating Users" in the Proxy Server Administration Guide.
The following elements are displayed:
Select Directory Service. From the drop-down list, select the directory service to which you want to add the user.
Select. Click this button to display user elements corresponding to the type of directory service selected.
- LDAP Server. If the directory service is of type LDAP Server, the following elements are displayed:
- Given Name. Specify the users’s given name or first name.
- Surname. Specify the user’s surname or last name.
- Full name. Specify the user’s given name and surname. If you entered a given name and a surname, this field is automatically completed.
- User ID. Specify a unique user name for the user. The user ID is generated as the first initial of the user’s first name followed by the user’s last name. You can replace this user ID with an ID of your own choosing. If you entered a given name and a surname, this field is automatically completed.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.
If you use the ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.
- Password. Specify the password for the user.
- Password (Again). Confirm the password. If what you enter is different from what you entered in the Password field, you will be prompted to try again.
- E-Mail Address. Specify the email address of the user.
- Add New User To. Specify the organizational unit to which you want the new user added. The default location is your directory’s root point.
- Create. Click this button to add the user.
- Create and Edit. Click this button to add the user to the LDAP database and proceed to The Edit Users Page to edit the user entry in the LDAP database.
- Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
- Key File. If the directory service is of type Key File, the following elements are displayed:
- User ID. Specify a unique user name for the user.
- Password. Specify the password for the user.
- Password (Again). Confirm the password entered in the Password field.
- Groups. Specify a comma-separated list of groups of which the user is a member.
- Create User. Click this button to add the user.
- Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
- Digest File. If the directory service is of type Digest File, the following elements are displayed:
- User ID. Specify a unique user name for the user.
- Realm. Specify the realm that will authenticate this user.
- Password. Specify the password for the user.
- Password (Again). Confirm the password entered in the Password field.
- Groups. Specify a comma-separated list of groups of which the user is a member.
- Create User. Click this button to add the user.
- Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Edit Users PageThe Edit Users page pertains to LDAP services only and is used to edit a user entry in the LDAP database. You can change user attribute values, change the user’s password, rename the user’s entry, and delete the user’s entry. If you want to change an attribute value that does not appear on this page, use the ldapmodify command line utility. For more information, see "Managing Users" in the Proxy Server Administration Guide.
There are two tabs that provide different sets of fields to edit:
General
The following elements are displayed:
Given Name (First Name). Specify the users’s given name or first name.
Surname (Last Name). Specify the user’s surname or last name.
Full Name. Specify the user’s given name and surname.
Title. Specify the job title of the user.
User ID. Specify a unique user name for the user. The user ID is generated as the first initial of the user’s first name followed by the user’s last name. You can replace this user ID with an ID of your own choosing.
The user ID must be unique. The Administration Server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use.
If you use the ldapmodify command line utility to create a user, unique user IDs cannot be ensured. A user with a duplicate user ID will not be able to authenticate to the directory.
E-Mail Address. Specify the email address of the user.
Phone Number. Specify the phone number of the user.
Save Changes. Saves changes to the LDAP database.
Rename User. Renames the user entry in the LDAP database (only the user ID is changed). The Rename User Page displays.
Delete User. Deletes the user from the LDAP database.
Password
The following elements are displayed:
New Password. Specify the new password. This password is used for user entries by the various servers for user authentication.
New Password (again). Confirm the password. If what you enter is different from what you entered in the New Password field, you will be prompted to try again.
Set Password. Click this button to change the password immediately.
Disable Password. Click this button to disable the user’s password by setting it to an invalid value. Doing this prevents the user from logging into a server, without your having to delete the user’s directory entry. You can allow access for the user again by entering a new password.
The Rename User PageThe Rename User page pertains to LDAP services only and is used to rename users in the LDAP database. The rename feature changes only the user ID. All other fields are left intact. You cannot use the rename feature to move the entry from one organizational unit to another.
For more information, see "Renaming Users" in the Proxy Server Administration Guide.
The following elements are displayed:
User ID. Specify a new user ID.
Save Changes. Saves changes to the user ID in the LDAP database.
Delete User. Deletes the user from the LDAP database.
The Manage Users PageThe Manage Users page is used to edit user information and attributes. For an LDAP database, the page provides search fields that allow you to find user entries.
The following elements are displayed:
Select Directory Service. From the drop-down list, select the directory service that contains the user or users you want to manage.
Select. Click this button to display the user elements corresponding to the type of directory service selected.
For more information about finding and managing users, see "Managing Users" in the Proxy Server Administration Guide. For more information about the specific fields on the form used to edit user information, see The Edit Users Page.
Find User. Specify a descriptive value for the entry you want to edit. Enter any of the following in the search field:
- A name. Specify a full or partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sound like the search string are found.
- A user ID. If you enter only a partial user ID, any entries that contain the string will be returned.
- A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned.
- An email address. Any search string containing an at symbol (@) is assumed to be an email address. If an exact match cannot be found, a search is performed to find all email addresses that begin with the search string.
- An asterisk (*). Displays all entries currently in your directory. You can achieve the same effect by leaving the field blank.
- Any LDAP search filter. Treats any string that contains an equal sign (=) as a search filter (for example, ou=Network).
Find. Click this button to launch the search. A list of users matching the search criteria is displayed. Click an entry and then change user information as desired on the resulting edit page. For more information about the specific fields, see The Edit Users Page.
Find All Users Whose. Allows you to build a custom search filter. Use this field to narrow the search results returned by the Find User field. You can specify the following search criteria:
Full name. Searches each entry’s full name for a match.
Last name. Searches each entry’s last name, or surname, for a match.
User id. Searches each entry’s user ID for a match.
Phone number. Searches each entry’s phone number for a match.
Email address. Searches each entry’s email address for a match.
Contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a user’s name probably contains the word "Steve," use this option with the search string "Steve" to find the user’s entry.
Is. Causes an exact match to be found. This option specifies an equality search. Use this option when you know the exact value of a user’s attribute. For example, you know the exact spelling of the user’s name.
Isn’t. Returns all entries whose attribute value does not exactly match the search string. That is, use this option if you want to find all users in the directory whose name is not "Babs Jensen." Be aware, however, that use of this option can cause an extremely large number of entries to be returned.
Sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but are unsure of the spelling. For example, you are not sure if a user’s name is spelled "Sarret," "Sarette," or "Sarett."
Starts with. Causes a sub-string search to be performed. Returns all entries whose attribute value starts with the specified search string. For example, use this option if you know a user’s name starts with "Mike," but do not know the rest of the name.
Ends with. Causes a sub-string search to be performed. Returns all entries whose attribute value ends with the specified search string. For example, use this option if you know a user’s name ends with "Anderson," but do not know the rest of the name.
Look Within. From the drop-down list, specify the organizational unit under which you want to search for entries. The default is the directory’s root point (or topmost entry).
Format. From the drop-down list, specify whether the output should be formatted for display on screen or for printing to a printer. (This element may not display on all search pages.)
Find. Click this button to launch the search. If multiple users match the search criteria, a list of users is displayed. Click a name in the list and then change user information as desired on the resulting edit page. For more information about the edit page, see The Edit Users Page.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
User ID. Shows the unique user name for the user.
Password. Specify the password for the user.
Password (Again). Confirm the password entered in the Password field.
Groups. Specify a comma-separated list of groups of which the user is a member.
Change User. Click this button to change the user information.
Remove User. Click this button to remove the user from the directory service.
User ID. Shows the unique user name for the user.
Realm. Shows the realm that will authenticate this user.
Password. Specify the password for the user.
Password (Again). Confirm the password entered in the Password field.
Groups. Specify a comma-separated list of groups of which the user is a member.
Change User. Click this button to change the user information.
Remove User. Click this button to remove the user from the directory service.
The Create Group PageThe Create Group page pertains to LDAP services only and is used to create a group entry within the directory server. For more information, see "Creating Groups" in the Proxy Server Administration Guide.
The following elements are displayed:
Select Directory Service. From the drop-down list, select the directory service to which you want to add the group.
Select. Click this button to display user elements.
Type of Group. From the drop-down list, specify whether the group is static or dynamic. Dynamic groups are generated dynamically based upon LDAP attributes and filters. Dynamic groups can slow group lookups.
Go. Click this button to load data.
Group Name. Specify the group name.
Ldap Url. (Dynamic Group only) Specify the LDAP URL. For more information, see "Guidelines for Creating Dynamic Groups" in the Proxy Server Administration Guide.
Description. Specify a description of the group.
Add New Group To. From the drop-down list, specify the directory to which you are adding the group. The default location is your directory’s root point.
Create. Click this button to add the group to the LDAP database.
Create and Edit. Click this button to add the group and then proceed to The Edit Groups Page for the group you have just added.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Edit Groups PageThe Edit Groups page pertains to LDAP services only and is used to edit a group entry. To change an attribute value that does not appear on this page, use the ldapmodify command line utility. For more information, see "Managing Groups" in the Proxy Server Administration Guide.
The following elements are displayed:
Group Name. Specify the group name.
Description. Specify a description of the group.
Member Url. (Dynamic Group only) Specify the LDAP URL. For more information, see "Guidelines for Creating Dynamic Groups" in the Proxy Server Administration Guide.
Group Members. Click the Edit button to add, modify, or delete members in the group. For more information, see The Edit Group Members Page.
Group Cert Members. Click the Add button to add members to the group certificate. For more information, see The Add Group Cert Members Page.
Owner. Click the Edit button to add, modify, or delete the group owner. For more information, see The Edit Owner Page.
See Also. References other directory entries that may be relevant to the current group. Click the Edit button to add, modify, or delete See Also references. For more information, see The Edit Others Page.
Save Changes. Saves the changes to the LDAP directory.
Rename Group. Renames the group in the LDAP directory. The Rename Group Page displays.
Delete Group. Deletes the group from the LDAP directory.
The Edit Group Members PageThe Edit Group Members page pertains to LDAP services only and is used to add, edit, or delete users or groups in a group or organization. You can add or delete members individually, or by using searches.
For more information on groups, see "Managing Groups" in the Proxy Server Administration Guide. For more information on organizations, see "Creating Organizational Units" in the Proxy Server Administration Guide.
The following elements are displayed:
Remove from List. Click the checkbox next to the name of the member user or group you want to remove from the list of members.
Find. Specify whether you are searching for users or groups.
Matching. Specify the string or character to search for in the user or group name.
Add. Click this button to add the user or group.
Remove. Click this button remove the user or group.
Save Changes. Saves changes to the LDAP directory.
Cancel. Erases your changes and returns to the previous page.
The Add Group Cert Members PageThe Add Group Cert Members page pertains to LDAP services only and is used to specify the information necessary to request a certificate from a commercial or internal certificate authority (CA).
The following elements are displayed:
Common name. Specify the fully qualified host name used in DNS lookups (for example, www.example.com). This is the host name in the URL that a browser uses to connect to your site. These two names should be the same, otherwise a client is notified that the certificate name does not match the site name, which may make people doubt the authenticity of your certificate. Some CAs might require different information, so verify this requirement with your specific CA.
Email Address. Specify the business email address used for correspondence between the business and the CA.
Organization. Specify the official, legal name of the company, educational institution, partnership, and so on. Most CAs require you to verify this information with legal documents (such as a copy of a business license).
Organization Unit(s). Specify an organization within your company. This can also be used to specify a less formal company name (without the Inc., Corp., and so on).
Locality. Specify the city, principality, or country for the organization.
State or Province. Specify the state or province in which the organization is located. Most CAs require the full name, not abbreviations.
Country. Specify the country in which the organization is located. Most CAs require the two-letter country code (for example, US for the United States).
Save Changes. Saves your entries.
The Edit Owner PageThe Edit Owner page pertains to LDAP services only and is used to add, edit, or delete the group owner. You can add or delete owners individually, or by using searches.
The following elements are displayed:
Remove from List. Click the checkbox next to the name of the user or group you want to remove from the list.
Find. Specify whether you are searching for users or groups.
Matching. Specify the string or character to search for in the user or group name.
Add. Click this button to add the user or group.
Remove. Click this button to remove the user or group.
Save Changes. Saves changes to the LDAP directory.
Cancel. Erases your changes and returns to the previous page.
The Edit Others PageThe Edit Others page pertains to LDAP services only and is used to add, modify, or delete other directory entries that may be relevant to the current group (also referred to as See Also entries).
The following elements are displayed:
Remove from List. Select the checkbox next to the entry you want to remove.
Find. Specify whether you are searching for users or groups.
Matching. Specify the string or character to search for in the user or group name.
Add. Click this button to add the user or group.
Remove. Click this button remove the user or group.
Save Changes. Saves changes to the LDAP directory.
Cancel. Erases your changes and returns to the previous page.
The Rename Group PageThe Rename Group page pertains to LDAP services only and is used to rename groups in the LDAP database. The rename feature changes only the group name. All other fields are left intact. You cannot use the rename feature to move the entry from one organizational unit to another.
For more information, see "Renaming Groups" in the Proxy Server Administration Guide.
The following elements are displayed:
Group Name. Specify a new group name.
Save Changes. Saves changes to the group name in the LDAP database.
Delete Group. Deletes the group from the LDAP database.
The Manage Groups PageThe Manage Groups page pertains to LDAP services only and is used to manage group memberships. You can find groups, change group attributes, add and delete owners of the group, add and delete members of the group, rename the group, delete the group, and change the group’s description.
The following elements are displayed:
Select Directory Service. From the drop-down list, select the directory service that contains the group you want to manage.
Select. Click this button to display user elements.
Find Group. Specify the name of the group you want to find. You can enter any of the following in the search field:
- A name. A full or partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sound like the search string are found.
- An asterisk (*). The groups currently residing in your directory. You can achieve the same effect by leaving the field blank.
- Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
Find. Click this button to launch the search. If multiple names match the search criteria, a list of names is displayed. Click a name in the list and then change group information as desired on the resulting edit page. For more information about the edit page, see The Edit Groups Page.
Find All Groups Whose. Allows you to build a custom search filter. Use this field to narrow the search results that are otherwise returned by Find Groups. You can specify the following search criteria:
- The left drop-down list specifies the attribute on which the search is based. The following options are available:
- The middle drop-down list specifies the type of search to perform. The following options are available:
- Contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know a group’s name probably contains the word "Administrator," use this option with the search string "Administrator" to find the group entry.
- Is. Causes an exact match to be found. Use this option when you know the exact value of a group’s attribute. For example, you know the exact spelling of the group’s name.
- Isn’t. Returns all the entries whose attribute value does not exactly match the search string. For example, use this option if you want to find all groups in the directory whose name does not contain "administrator." Be aware, however, that use of this option can cause an extremely large number of entries to be returned.
- Sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but are unsure of the spelling. For example, use this option if you are unsure if a group’s name is spelled "Sarret’s list," "Sarette’s list," or "Sarett’s list."
- Starts with. Causes a sub-string search to be performed. Returns all entries whose attribute value starts with the specified search string. For example, use this option if you know a group’s name starts with "Product," but you do not know the rest of the name.
- Ends with. Causes a sub-string search to be performed. Returns all entries whose attribute value ends with the specified search string. For example, use this option if you know a group’s name ends with "development," but you do not know the rest of the name.
- In the right text field, enter your search string. To display all group entries contained in the Look Within directory, enter either an asterisk (*) or leave this field blank.
Look Within. From the drop-down list, specify the organizational unit under which you want to search for entries. The default is the directory’s root point (or topmost entry).
Format. From the drop-down list, specify whether the output should be formatted for display on screen or for printing to a printer. (This element may not display on all search pages.)
Find. Click this button to launch the search. If multiple names match the search criteria, a list of names is displayed. Click a name in the list and then change group information as desired on the resulting edit page. For more information about the edit page, see The Edit Groups Page.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Create Organizational Unit PageOrganizational units use the organizationalUnit object class and usually represent subdivisions, departments, or other discrete business groups within your company. The Create Organizational Unit page pertains to LDAP services only and is used to create a new organizational unit in the directory server.
For more information, see "Creating Organizational Units" in the Proxy Server Administration Guide.
The following items are displayed:
Select Directory Service. From the drop-down list, select the directory service to which you want to add the new organizational unit.
Select. Click this button to display user elements.
Unit Name. Specify the name of the organizational unit.
Description. Specify a description of the organizational unit.
Add Organizational Unit To. Specify the parent organizational unit under which this new organizational unit will reside.
Create. Adds the organizational unit to the LDAP database.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Manage Organizational Units PageThe Manage Organizational Units page pertains to LDAP services only and is used to manage organizational units.
For more information, see "Managing Organizational Units" in the Proxy Server Administration Guide.
The following elements are displayed:
Select Directory Service. From the drop-down list, select the directory service that contains the organizational unit you want to manage.
Select. Click this button to display user elements.
Find Organizational Unit. Specify the name of the organizational unit you want to find. You can enter any of the following in the search field:
- A name. A full or partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sound like the search string are found.
- An asterisk (*). All groups currently residing in your directory. You can achieve the same effect by leaving the field blank.
- Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
Find. Click this button to launch the search. If multiple names match the search criteria, a list of names is displayed. Click a name in the list and then change organizational unit information as desired on the resulting edit page. For more information about the edit page, see The Edit Organizational Unit Page.
Find All Units Whose. Allows you to build a custom search filter. Use this field to narrow the search results that are otherwise returned by Find Organizational Unit. You can specify the following search criteria:
- The left drop-down list specifies the attribute on which the search is based. The following options are available:
- The middle drop-down list specifies the type of search to perform. The following options are available:
- Contains. Causes a sub-string search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an organizational unit’s name probably contains the word "Administrator," use this option with the search string "Administrator" to find the organizational unit entry.
- Is. Causes an exact match to be found. Use this option when you know the exact value of an organizational unit’s attribute. For example, if you know the exact spelling of the organizational unit’s name.
- Isn’t. Returns all entries whose attribute value does not exactly match the search string. That is, use this option if you want to find all organizational units in the directory whose name does not contain "administrator." Be aware, however, that use of this option can cause an extremely large number of entries to be returned.
- Sounds like. Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute’s value, but are unsure of the spelling. For example, if you are not sure if a organizational unit’s name is spelled "Sarret’s list," "Sarette’s list," or "Sarett’s list."
- Starts with. Causes a sub-string search to be performed. Returns all entries whose attribute value starts with the specified search string. For example, use this option if you know an organizational unit’s name starts with "Product," but you do not know the rest of the name.
- Ends with. Causes a sub-string search to be performed. Returns all entries whose attribute value ends with the specified search string. For example, use this option if you know an organizational unit’s name ends with "development," but you do not know the rest of the name.
- In the right text field, enter your search string. To display all organizational unit entries contained in the Look Within directory, enter either an asterisk (*) or leave this field blank.
Look Within. Specify the organizational unit under which you want to search for entries. The default is the directory’s root point (or topmost entry).
Format. From the drop-down list, specify whether the search results should be formatted for display on screen or for printing to a printer.
Find. Click this button to launch the search. If multiple names match the search criteria, a list of names is displayed. Click a name in the list and then change organizational unit information as desired on the resulting edit page. For more information about the edit page, see The Edit Organizational Unit Page.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Edit Organizational Unit PageThe Edit Organizational Unit page pertains to LDAP services only and is used to add, edit, or remove an organizational unit.
For more information, see "Managing Organizational Units" in the Proxy Server Administration Guide.
The following elements are displayed:
Select Directory Service. From the drop-down list, select the directory service that contains the organizational unit you want to edit.
Select. Click this button to display user elements.
Unit Name. Specify the name of the organizational unit.
Description. Specify a description of the organizational unit.
Phone. Specify the phone number of the organizational unit.
Fax. Specify the fax number of the organizational unit.
Mailing Address. Specify the mailing address of the organizational unit.
Save Changes. Saves changes to the LDAP directory.
Rename. Renames the organizational unit in the LDAP database. The Rename Organizational Unit Page displays.
Delete. Deletes the organizational unit from the LDAP database.
The Rename Organizational Unit PageThe Rename Organizational Unit page pertains to LDAP services only and is used to rename organizational units in the LDAP database. The rename feature changes only the organizational unit name. All other fields are left intact. You cannot use the rename feature to move the entry from one organizational unit to another.
For more information, see "Renaming Organizational Units" in the Proxy Server Administration Guide.
The following elements are displayed:
Organizational Unit Name. Specify a new organizational unit name.
Save Changes. Saves changes to the organizational unit name in the LDAP database.
Delete. Deletes the organizational unit from the LDAP database.