Contents

Identity Management 

 

Organizations


This object represents the top level of a hierarchical structure used by an enterprise to manage its departments and resources. Upon installation, Identity Server dynamically creates a top-level organization (defined during installation) to manage the Identity Server enterprise configurations. Additional organizations can be created after installation to manage separate enterprises. All created organizations fall beneath the top-level organization.

Create an Organization

  1. Choose Organizations from the View menu in the Identity Management module.
  2. Click New in the navigation pane.
  3. The New Organization template displays in the data pane.

  4. Enter a value for the name of the Organization in the New Organization template.
  5. Choose a status of active or inactive.
  6. The default is active. This can be changed at any time during the life of the organization by selecting the Properties icon. Choosing inactive disables log in to the organization.

  7. Enter the values, if desired, for the optional fields. The optional fields are:
    • Full DNS Name - Enter the full Domain Name System (DNS) name for the organization, if it has one.
    • DNS Alias Name - Allows you add alias names for the DNS name for the organization.
    • Unique Attribute List - Allows you to add a list of unique attributes for users in the organization. For example, if you add a unique attribute specifying an email address, you would not be able to create two users with the same email address.

  8. DNS alias name, and click Add to add it to the List of DNS Alias Names.
  9. Enter a value for the unique attribute and click add to add it to the Unique Attribute list.
  10. This attribute is a list of attributes defined in the Sun ONE Directory Server schema.

  11. Click Create.
  12. The new organization displays in the navigation pane.

Delete an Organization

  1. Choose Organizations from the View menu in Identity Management.
  2. All created organizations are displayed. To display specific organizations, enter a search string and click Filter.

  3. Select the checkbox next to the name of the Organization to be deleted.
  4. Click Delete.


  5. Note

    There is no warning message when performing a delete. All entries within the organization will be deleted. All selected entries within the organization will be deleted.



Groups


This grouping represents a collection of users with a common function, feature or interest. Typically, this grouping has no privileges associated with it. They can exist at two levels, within an organization and within other managed groups as a sub group. Users can be added to Managed Groups either statically or dynamically (filtered).

Membership By Subscription.

A group created by subscription creates a group based on the option chosen in Managed Group Type. If the Managed Group Type value is static, group members are added to a group entry using the groupOfNames or groupOfUniqueNames object class. If the Managed Group Type value is dynamic, a specific LDAP filter is used to search and return only user entries that contain the memberof attribute.

Membership By Filter.

A filtered group is one that is created through the use of a LDAP filter. All entries are funneled through the filter and dynamically assigned to the group. The filter would look for any attribute in an entry and return those that contain the attribute. For example, if you were to create a group based on a building number, you can use the filter to return a list all users containing the building number attribute.

Create a Managed Group

  1. Navigate to the organization (or group) where the group will be created.
  2. Choose Groups from the View menu.
  3. Click New.
  4. Select the group type from within the data pane.
    1. If a static subscription group is to be created, select Membership By Subscription.
      1. Enter a name for the group in the Name field. Click Next
      2. Select Users Can Subscribe to this Group to allow users to subscribe to the group themselves.
      3. Add users to the group by selecting Add from the Member List.
      4. Enter the search criteria and click Show. When the user list is returned, select the users you wish to add and click Submit. Adding users to the group is optional. They can be added after the group is created.

      5. Click Create.

    2. If a dynamic (LDAP filtered) group is to be created, select Membership By Filter and click Save.
      1. Enter a name for the group in the Name field. Click Next.
      2. Construct the LDAP search filter.
      3. The fields used to construct the filter use either an OR or AND operator. All the fields listed in the UI are used. If a field is left blank it will match all possible entries for that particular attribute.

      4. Click Create.

Delete a Managed Group

  1. Navigate to the organization where the group exists.
  2. Choose Groups from the View menu.
  3. Select the checkbox next to the name of the group to be deleted.
  4. Click Delete.

Users


Users represent the identity of a person. Users can be created and deleted, and added or removed from services, roles or groups through the Identity Management module.

Create a User

  1. Navigate to the organization where the user should be created.
  2. Choose Users from the View menu.
  3. Click New.
  4. This displays the New User page in the Data pane.

  5. Enter values for the required attributes and any optional fields.
  6. Information on the user profile attributes can be found in User Attributes.

  7. Click Create.

Add a User to Services, Roles and Groups

  1. Navigate to the Organization where the user should be modified.
  2. Choose Users from the Show menu.
  3. In the Navigation pane, select the user you wish to modify and click the Properties arrow.
  4. From the View menu in the Data pane, select Services, Roles or Groups.
  5. The User view allows you to modify any attributes defined the User service.

  6. Select the service, role, or group that to which you wish to add the user, and click Save.

Delete a User

  1. Navigate to the Organization where the user exists.
  2. Choose Users from the View menu.
  3. Select the checkbox next to the name of the user to be deleted.
  4. Click Delete.

Services


Activating a service for an organization is a two step process. In the first step you need to register the service with the organization. After a service is registered, a template configured specifically for that organization must be created. For additional information, see Service Configuration."



Note

A new service must first be imported into the Identity Server through the command line's amadmin. Information on importing a service's XML schema can be found in the Sun One™ Identity Server Programmer's Guide.



Register a Service

  1. Navigate to the Organization where you will add services.
  2. Choose Organizations from the Show menu in the Identity Management module and select the organization from the navigation pane. The Location path displays the default top-level organization and chosen organization.

  3. Choose Services from the Show menu.
  4. Click Register.
  5. The data pane will display a list of services available to register to this organization.

  6. Select the checkbox next to the services to be added.
  7. Click Register.

Create a Template for a Service

  1. Navigate to the organization or role where the registered service exists.
  2. Choose Organizations from the Show menu in the Identity Management Management module and select the organization from the navigation pane.

  3. Choose Services from the Show menu
  4. Click the properties icon next to the name of the service to be activated.
  5. The data pane displays the message No Template Available For This Service. Do you want to create it?

  6. Click Create.
  7. A template is created for this service for the parent organization or role. The data pane displays the default attributes and values for this service.

  8. Accept or modify the default values and click Save.

Unregister a Service

  1. Navigate to the organization where you will remove services.
  2. Choose Organizations from the Show menu in Identity Management module and select the organization from the navigation pane.

  3. Choose Services from the Show menu.
  4. Select the checkboxes for the services to remove.
  5. Click Unregister.

Roles


Create a Role

  1. Navigate to the navigation pane of the Organization where the role will be created.
  2. Choose Roles from the View menu.
  3. A set of default roles are created when an organization is configured, and are displayed in the navigation pane

    For descriptions of these roles, see Dynamic Admin Roles ACIs of the Attribute Reference section.

  4. Click New in the navigation pane.
  5. The New Role template appears in the Data pane.

  6. Enter a name for the role.
  7. Enter a description of the role.
  8. Choose the role type from the Type menu.
  9. The role can be either an Administrative role or a Service role. The role type is used by the console to figure out where to start the user in the DIT. An administrative role notifies the console that the possessor of the role has administrative privileges; the service role notifies the console that the possessor is an end user.

  10. Choose a default set of permissions to apply to the role from the Access Permission menu.
  11. The permissions access entries within the organization. They are discussed in the section Default Role Permissions (ACIs). No permissions can also be chosen. (The default permissions shown are in no particular order.)

  12. Click Create.
  13. The created role is displayed in the Navigation pane and status information about the role is displayed in the Data pane. You can add or remove services to the Role by clicking the Edit link in the Services display.

Delete a Role

  1. Navigate to the organization that contains the role for deletion.
  2. Choose Organizations from the Show menu in User Management and select the organization from the navigation pane. The Location path displays the default top-level organization and chosen organization.

  3. Choose Roles from the View menu.
  4. Select the checkbox next to the name of the role.
  5. Click Delete.

Add Users to a Role

  1. Navigate to the Organization that contains the role to modify.
  2. Choose Roles from the View menu.
  3. Select the role to modify and click on the Properties arrow.
  4. Choose Users from the View menu in the Data pane.
  5. Click Add.
  6. A search window appears in the data pane.

  7. Enter a user id.
  8. Search criteria can also be entered (including first name, last name or active/inactive) if specific user id information is not available.

  9. Choose the users from the names returned by selecting the checkbox next to the user name.
  10. Click Save.
  11. The Users are now assigned to the role.

Remove Users from a Role

  1. Navigate to the Organization that contains the role to modify.
  2. Choose Organizations from the Show menu in Identity Management module and select the organization from the navigation pane.

  3. Choose Roles from the Show menu.
  4. Select the role to modify.
  5. Choose Users from the View menu.
  6. Select the checkbox of the users for removal.
  7. Click Remove.
  8. The users are now removed from the role.

Containers


The container entry is used when, due to object class and attribute differences, it is not possible to use an organization entry. It is important to remember that the Identity Server container entry and the Identity Server organization entry are not necessarily equivalent to the LDAP object classes organizationalUnit and organization. They are abstract Identity entries. Ideally, the organization entry will be used instead of the container entry.



Note

The display of containers is optional. To view containers you must select Display Containers in Menu in the Identity Server Administration service. For more information, see Display Containers In Menu.



Create a Container

  1. Navigate to the Organization or Container where the new Container will be created.
  2. Select Containers from the View menu.

  3. Click New.
  4. A Container template displays in the data pane.

  5. Enter the name of the Container to be created.
  6. Click Create.

Delete a Container

  1. Navigate to the organization or container which contains the container to be deleted.
  2. Choose Containers from the View menu.
  3. Select the checkbox next to the name of the container to be deleted.
  4. Click Delete.


  5. Note

    Deleting a container will delete all objects that exist in that Container. This includes all objects and sub containers.



People Containers


A People Container is the default LDAP organizational unit to which all users are assigned when they are created within an organization. People containers can be found at the organization level and at the people container level as a sub People Container. They can only contain other people containers and users. Additional people containers can be added into the organization, if desired.



Note

The display of people containers is optional. To view People Containers you must select Show People Containers in the Identity Server Administration service. For more information, see Show People Containers.



Create a People Container

  1. Navigate to the organization or people container where the new people container will be created.
  2. Select People Containers from the View menu.

  3. Click New.
  4. The People Container template displays in the data pane.

  5. Enter the name of the people container to be created.
  6. Click Create.

Delete a People Container

  1. Navigate to the organization or people container which contains the people container to be deleted.
  2. Choose People Containers from the Show menu.
  3. Select the checkbox next to the name of the people container to be deleted.
  4. Click Delete.


  5. Note

    Deleting a people container will delete all objects that exist in that people container. This includes all users and sub people containers.



Group Containers


A Group Container is used to manage groups. It can only contain groups and other group containers. The group container Groups is dynamically assigned as the parent entry for all managed groups. Additional group containers can be added, if desired.



Note

The display of group containers is optional. To view group containers you must select Show Group Containers in the Identity Server Administration service. For more information, see Show Group Containers.



Create a Group Container

  1. Navigate to the organization or the group container which contains the group container to be created.
  2. Choose group containers from the View menu.
  3. The default Groups was created during the organization's creation.

  4. Click New.
  5. Type a value in the Name field and press Create.
  6. The new group container displays in the navigation pane.

Delete a Group Container

  1. Navigate to the organization which contains the group container to be deleted.
  2. Choose Group Containers from the View menu.
  3. The default Groups and all created group containers display in the navigation pane.

  4. Select the checkbox next to the group container to be deleted.
  5. Click Delete Selected.


Contents      Next     
Copyright 2003 Sun Microsystems, Inc. All rights reserved.