Previous

Modifying or Extending the User Object

The user task object is implemented as a script so that administrators can modify or extend it on a per-site basis. For example, administrators might want to add GDS and DFS information to the object. Other possible modifications include the following:

· Changing the location of the CDS directory created for users, or removing it completely.

· Changing the default ACLs placed on the various objects.

· Add an option to give users write access to the clearinghouse where the master replica of the /.:/users/username directory resides. This allows users to create their own subdirectories. The option could add individual principal names to the clearinghouse ACL. An easier method could add principals to a group that has write access to the clearinghouse.

· Setting certain attributes or policies on all newly created principals and accounts to match the site's policies. For example, you could set principals to have a pwd_val_type ERA and set accounts to generate random passwords.

· Setting up site-specific defaults for passwords (to be changed by the user later), groups, organizations, principal directories, and so on.

· Supporting a user modify command. Such a command could change group or organization information or some other attributes associated with users.

Part 1of this guide discusses ways to create new dcecp objects or modify existing objects written with the dcecp language.