Directory Server, Version 6.1

 

Realms, templates, users, and groups

A realm is a collection of users and the groups to which they belong. For example a company, a bowling team, or a club could all be realms.

Realms are defined by creating entries of object class "ibm-realm" anywhere in a user naming context (not under cn=localhost, cn=schema or cn=configuration). The ibm-realm object defines the realm's name (cn), a group of realm administrators (ibm-realmAdminGroup), a user-template object (ibm-realmUserTemplate) specifying the object classes and attributes for users in the realm, and the location of container entries under which user and group entries are stored (ibm-realmUserContainer and ibm-realmGroupContainer). The directory administrator and members of the administrative group are responsible for managing user-templates, realms and realm administrator groups. After a realm is created, members of that realm's administrator group (realm administrators) are responsible for managing the users and groups within that realm.

 

Creating a realm

Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  1. Click Add realm.

    • Enter the name for the realm. For example realm1.

    • Enter the Parent DN that identifies the location of the realm. This entry is in the form of a suffix, for example o=sample. We can also click Browse to select the location of the subtree that you want.

  2. Click Next to continue.

  3. Review the information. At this point you haven't actually created the realm, so User template and User search filter can be ignored.

  4. Click Finish to create the realm.

 

Creating a realm administrator

To create a realm administrator, first create an administration group for the realm.

 

Creating the realm administration group

Expand the Directory management category in the navigation area of the Web Administration Tool.

  1. Click Manage entries.

  2. Expand the tree for the parent DN that identifies the location of the realm you just created, and select the realm you just created, cn=realm1,o=sample.

  3. Expand the Select Action menu, select Edit ACL and click Go.

  4. Click the Owners tab.

  5. Ensure that Propagate owner is checked.

  6. Enter the Subject DN for the realm, cn=realm1,o=sample.

  7. Change the Subject type to group.

  8. Click Add.

  9. Click OK to save your changes and return to the Manage entries panel.

 

Creating the administrator entry

If you do not already have a user entry for the administrator, create one.

Expand the Directory management category in the navigation area of the Web Administration Tool.

  1. Click Manage entries.

  2. Expand the tree to the location where you want the administrator entry to reside.
    Note:

    Locating the administrator entry outside of the realm avoids giving the administrator the ability to accidently delete him or herself. In this example the location might be o=sample.

  3. Click Add.

  4. Select the Structural object class, for example person.

  5. Click Next.

  6. Select any auxiliary object class you want to add.

  7. Click Next.

  8. Enter the required attributes for the entry. For example,

    • Relative DN cn=John Doe

    • Parent DN o=sample (This is pre-filled for you.)

    • cn John Doe

    • sn Doe
    Notes:

    1. If the attribute is multi-valued and you want to add more than one value for a particular attribute, click Multiple values. See Multiple values for attributes.

    2. If an attribute requires binary data, click Binary data. See Binary data for attributes

    3. If your server has language tags enabled, click Language tag value to add or remove language tag descriptors. See Language tags and Language tag values for attributes for more information.

    4. If an attribute contains referrals, click Manage referral. See Referrals and Creating default referrals for more information.

  9. On the Optional attributes tab ensure that you have assigned a user password.

  10. When you are done, click Finish.

 

Adding the administrator to the administration group.

Expand the Directory management category in the navigation area of the Web Administration Tool.

  1. Click Manage entries.

  2. Expand the tree (o=sample) and select the realm you just created, cn=realm1,o=sample.

  3. Expand the Select Action menu, select Manage members and click Go.

  4. The Static group members tab is highlighted. Click Load to display the members of the group. In this example,you have not added any members yet so no entries are displayed in the table.

  5. Type the name of entry that you want to add as a member of the group, for example the entry you created in the previous task,cn=John Doe,o=sample in the member field or select it using the Browse function (expand o=sample and select cn=John Doe,o=sample).

  6. Click Add.

  7. cn=John Doe,o=sample is displayed in the table. Click Apply to save the change and continue adding additional members or if you are finished, click Ok to save the changes and return to the manage entries panel.

You have created an administrator that can manage entries within the realm. SeeManaging members of group entries for additional information about adding members to a group.

 

Creating a template

After you have created a realm, your next step is to create a user template. A template helps you to organize the information you want to enter. Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  1. Click Add user template.

    • If you have preexisting templates, we can select a template to have its settings copied to the template you are creating. However, in this task you are creating your first template.

    • Enter the name for the template, for example, template1.

    • Enter the location where the template is going to reside. For replication purposes, locate the template in the subtree of the realm that is going to use this template. For example, for the realm you created in the previous operations cn=realm1,o=sample, locate the template in the subtree o=sample. We can also click Browse to select a different subtree for the location of the template.

  2. Click Next. We can click Finish to create an empty template. We can later add information to the template, see Editing a template.

  3. If you clicked Next, choose the structural object class for the template, for example inetOrgPerson. You can also add any auxiliary object classes that you want.

  4. Click Next.

  5. Select a naming attribute from the Naming attribute drop-down menu. This attribute is used for the RDN of each entry in a realm that uses the template. The naming attribute, for example givenName, must have a value that is unique to each member in the realm that uses this template. The value is the display name for the user entry in the user lists for user and group tasks. For example, if the givenName is the naming attribute and Bob Garcia is entered, the entry appears as Bob Garcia in the appropriate user lists.

  6. A Required tab has been created on the template. We can modify the information contained on this tab.

    1. Select Required in the tab menu and click Edit. The Edit tab panel is displayed. You see the name of the tab Required and the selected attributes that are required by the object class, inetOrgPerson:

      • *sn - surname

      • *cn - common name
      Note:

      The * denotes required information.

    2. If you want to add additional information to this tab, select the attribute from the Attributes menu. For example, select departmentNumber and click Add. Select employeeNumber and click Add. Select title and click Add. The Selected attributes menu now reads:

      • title

      • employeeNumber

      • departmentNumber

      • *sn

      • *cn

    3. We can rearrange the way that these fields appear on the template by highlighting the selected attribute and clicking Move up or Move down. This changes the position of the attribute by one position. Repeat this procedure until you have the attributes arranged in the order you want them. For example,

      • *sn

      • *cn

      • title

      • employeeNumber

      • departmentNumber

    4. We can also modify each selected attribute.

      1. Highlight the attribute in the Selected attributes box and click Edit.

      2. We can change the display name of the field used on the template. For example, if you want departmentNumber to be displayed as Department number enter that into the Display name field.

      3. We can also supply a default value to prefill the attribute field in the template. For example, if most of the users that are going to be entered are members of Department 789, we can enter 789 as the default value. The field on the template is prefilled with 789. The value can be changed when you add the actual user information.

      4. Click OK.

    5. Click OK.

  7. To create another tab category for additional information, click Add.

    • Enter the name for the new tab. For example, Address information.

    • For this tab, select the attributes from the Attributes menu. For example, select homePostalAddress and click Add. Select postOfficeBox and click Add. Select telephoneNumber and click Add. Select homePhone and click Add. Select facsimileTelephoneNumber and click Add. The Selected attributes menu reads:

      • homePostalAddress

      • postOfficeBox

      • telephoneNumber

      • homePhone

      • facsimileTelephoneNumber

    • We can rearrange the way that these fields appear on the template by highlighting the selected attribute and clicking Move up or Move down. This changes the position of the attribute by one position. Repeat this procedure until you have the attributes arranged in the order you want them. For example,

      • homePostalAddress

      • postOfficeBox

      • telephoneNumber

      • facsimileTelephoneNumber

      • homePhone

    • Click OK.

  8. Repeat this process for as many tabs as you want to create. When you are finished click Finish to create the template.

 

Adding the template to a realm

After you have created a realm and a template, we need to add the template to the realm. Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  1. Click Manage realms.

  2. Select the realm you want to add the template to, in this example, cn=realm1,o=sample and click Edit.

  3. Scroll down to User template and expand the drop-down menu.

  4. Select the template, in this example, cn=template1,o=sample.

  5. Click OK.

  6. Click Close.

 

Creating groups

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Add group.

  2. Enter the name of the group that you want to create. For example group1.

  3. Select the realm that you want to add the user to from the drop-down menu. In this case realm1.

  4. Click Next.

  5. Click Finish to create the group. If you already have users in the realm we can click Next and select users to add to group1. Then click Finish.

See Groups for additional information.

 

Adding a user to the realm

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Add user.

  2. Select the realm that you want to add the user to from the drop-down menu. In this case realm1.

  3. Click Next. The template that you just created, template1, is displayed. Fill in the required fields, denoted by an asterisk (*) and any of the other fields on the tabs.

  4. If you have already created groups within the realm, we can also add the user to one or more groups.

    1. Select the User group tab.

    2. Click Add.

    3. Either type the name of the group (Group1) in the Group name field or click Available groups and select the group or groups that you want to add the user to from the list. We can also select a group and click View to see the existing members of that group. See Managing memberships for an entry for additional information on group memberships.

  5. When you are done, click Finish.

 

Managing realms

After you have set up and populated your initial realm, we can add more realms or modify existing realms.

Expand the Realms and templates category in the navigation area and click Manage realms. A list of existing realms is displayed. From this panel we can add a realm, edit a realm, remove a realm or edit the access control list (acls) of the realm.

 

Adding a realm

Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  1. Click Add realm.

    • Enter the name for the realm. For example realm2.

    • If you have preexisting realms, for example realm1, we can select a realm to have its settings copied to the realm you are creating.

    • Enter the Parent DN that identifies the location of the realm. This entry is in the form of a suffix, for example o=sample. You can also click Browse to select the location of the subtree that you want.

  2. Click Next to continue or click Finish.

  3. If you clicked Next, review the information.

  4. Select a User template from the drop-down menu. If you copied the settings from a preexisting realm, its template is prefilled in this field.

  5. Enter a User search filter.

  6. Click Finish to create the realm.

 

Editing a realm

Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  • Click Manage realms.

  • Select the realm that you want to edit from the list of realms.

  • Click Edit.

    • We can use the Browse buttons to change the

      • Administrator group

      • Group container

      • User container

    • We can select a different template from the drop-down menu.

    • Click Edit to modify the User search filter.

  • Click OK when you are finished.

 

Removing a realm

Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  1. Click Manage realms.

  2. Select the realm you want to remove.

  3. Click Delete.

  4. When prompted to confirm the deletion, click OK.

  5. The realm is removed from the list of realms.

 

Editing ACLs on the realm

To view ACL properties using the Web Administration Tool utility and to work with ACLs, see Working with ACLs.

See Access control lists for additional information.

 

Managing templates

After you have created your initial template, we can add more templates or modify existing templates.

Expand the Realms and templates category in the navigation area and click Manage user templates. A list of existing templates is displayed. From this panel we can add a template, edit a template, remove a template or edit the access control list (ACLs) of the template.

 

Adding a user template

Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  1. Click Add user template or click Manage user templates and click Add.

    • If you have preexisting templates, for example template1, we can select a template to have its settings copied to the template you are creating.

    • Enter the name for the new template. For example template2.

    • Enter the Parent DN that identifies the location of the template. This entry is in the form of a DN, for example o=sample. We can also click Browse to select the location of the subtree that you want.

  2. Click Next. We can click Finish to create an empty template. We can later add information to the template see Editing a template.

  3. If you clicked Next, choose the structural object class for the template, for example inetOrgPerson. You can also add any auxiliary object classes that you want.

  4. Click Next.

  5. From the Naming attribute drop-down menu, select the attribute that is used for the RDN of each entry in a realm that uses the template. This naming attribute, for example employeeNumber, must have a value that is unique to each member in the realm that uses this template. The value of this naming attribute is the display name for the user entry in the user lists for user and group tasks. For example, if the employeeNumber is the naming attribute and 1234abc is entered, the entry appears as 1234abc in the appropriate user lists.

  6. A Required tab has been created on the template. We can modify the information contained on this tab.

    1. Select Required in the tab menu and click Edit. The Edit tab panel is displayed. You see the name of the tab Required and the selected attributes that are required by the object class, inetOrgPerson:

      • *sn - surname

      • *cn - common name
      Note:

      The * denotes required information.

    2. If you want to add additional information to this tab, select the attribute from the Attributes menu. For example, select departmentNumber and click Add. Select employeeNumber and click Add. Select title and click Add. The Selected attributes menu now reads:

      • title

      • employeeNumber

      • departmentNumber

      • *sn

      • *cn

    3. We can rearrange the way that these fields appear on the template by highlighting the selected attribute and clicking Move up or Move down. This changes the position of the attribute by one position. Repeat this procedure until you have the attributes arranged in the order you want them. For example,

      • *sn

      • *cn

      • title

      • employeeNumber

      • departmentNumber

    4. We can also modify each selected attribute.

      1. Highlight the attribute in the Selected attributes box and click Edit.

      2. We can change the display name of the field used on the template. For example, if you want departmentNumber to be displayed as Department number enter that into the Display name field.

      3. We can also supply a default value to prefill the attribute field in the template. For example, if most of the users that are going to be entered are members of Department 789, we can enter 789 as the default value. The field on the template is prefilled with 789. The value can be changed when you add the actual user information.

      4. Click OK.

    5. Click OK.

  7. To create another tab category for additional, click Add.

    • Enter the name for the new tab. For example, Address information.

    • To this tab, select the attribute from the Attributes menu. For example, select homePostalAddress and click Add. Select postOfficeBox and click Add. Select telephoneNumber and click Add. Select homePhone and click Add. Select facsimileTelephoneNumber and click Add. The Selected attributes menu reads:

      • homePostalAddress

      • postOfficeBox

      • telephoneNumber

      • homePhone

      • facsimileTelephoneNumber

    • We can rearrange the way that these fields appear on the template by highlighting the selected attribute and clicking Move up or Move down. This changes the position of the attribute by one position. Repeat this procedure until you have the attributes arranged in the order you want them. For example,

      • homePostalAddress

      • postOfficeBox

      • telephoneNumber

      • facsimileTelephoneNumber

      • homePhone

    • Click OK.

  8. Repeat this process for as many tabs as you want to create. When you are finished click Finish to create the template.

 

Editing a template

Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  • Click Manage user templates.

  • Select the template that you want to edit from the list of templates.

  • Click Edit.

  • If you have preexisting templates, for example template1, we can select a template to have its settings copied to the template you are editing.

  • Click Next.

    • We can use the drop-down menu to change the structural object class of the template

    • We can add or remove auxiliary object classes.

  • Click Next.

  • We can modify the tabs and attributes contained in the template. See 6 for information on how to modify the tabs.

  • When you are done, click Finish.

 

Removing a template

Expand the Realms and templates category in the navigation area of the Web Administration Tool.

  1. Click Manage user templates.

  2. Select the template that you want to remove.

  3. Click Delete.

  4. When prompted to confirm the deletion, click OK.

  5. The template is removed from the list of templates.

 

Editing ACLs on the template

Expand the Realms and template category in the navigation area of the Web Administration Tool.

  1. Click Manage user templates.

  2. Select the template for which you want to edit the ACLs.

  3. Click Edit ACL.

To view ACL properties using the Web Administration Tool utility and to work with ACLs, see Working with ACLs.

See Access control lists for additional information.

 

Managing users

After you have set up your realms and templates, we can populate them with users.

 

Adding users

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Add user or click Managing users and click Add.

  2. Select the realm that you want to add the user to from the drop-down menu.

  3. Click Next. The template that is associated with that realm, is displayed. Fill in the required fields, denoted by an asterisk (*) and any of the other fields on the tabs. If you have already created groups within the realm, we can also add the user to one or more groups.

  4. When you are done, click Finish.

 

Finding users within the realm

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Manage users.

  2. Expand the Select Actions menu, select Show find toolbar and click Go.

  3. Select the realm that you want to search to from the Select realm field.

  4. Enter the search string in the Search field. See Finding for information about how to use the Find utility.

  5. We can perform the following operations on a selected user:

  6. When you are done, click OK.

 

Editing a user's information

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Manage users.

  2. Select a realm from the drop-down menu. Click View users, if the users are not already displayed in the Users box.

  3. Select the user you want to edit and click Edit.

  4. Modify the information on the tabs, modify group membership.

  5. When you are done click, OK.

 

Copying a user

If we need to create a number of users that have mostly identical information, we can create the additional users by copying the initial user and modifying the information.

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Manage users.

  2. Select a realm from the drop-down menu. Click View users, if the users are not already displayed in the Users box.

  3. Select the user you want to copy and click Copy.

  4. Modify the appropriate information for the new user, for example the required information that identifies a specific user, such as sn or cn. Information that is common to both users need not be changed.

  5. When you are done click, OK.

 

Removing a user

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Manage users.

  2. Select a realm from the drop-down menu. Click View users, if the users are not already displayed in the Users box.

  3. Select the user you want to remove and click Delete.

  4. When prompted to confirm the deletion, click OK.

  5. The user is removed from the list of users.

 

Managing groups

After you have set up your realms and templates, we can create groups.

 

Adding groups

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Add group or click Manage groups and click Add.

  2. Enter the name of the group that you want to create.

  3. Select the realm that you want to add the group to from the drop-down menu.

  4. Click Finish to create the group. If you already have users in the realm we can click Next and select users to add to the group. Then click Finish.

See Groups for additional information.

 

Finding groups within the realm

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Manage groups.

  2. Expand the Select Actions menu, select Show find toolbar and click Go.

  3. Select the realm that you want to search to from the Select realm field.

  4. Enter the search string in the Search field. See Finding for information about how to use the Find utility.

  5. We can perform the following operations on a selected group:

  6. When you are done, click Close.

 

Editing a group's information

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Manage groups.

  2. Select a realm from the drop-down menu. Click View groups, if the groups are not already displayed in the Groups box.

  3. Select the group you want to edit and click Edit.

  4. We can add or remove users from the group.

  5. When you are done click, OK.

 

Copying a group

If we need to create a number of groups that have mostly the same members, we can create the additional groups by copying the initial group and modifying the information.

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Manage groups.

  2. Select a realm from the drop-down menu. Click View groups, if the users are not already displayed in the Groups box.

  3. Select the group you want to copy and click Copy.

  4. Change the group name in the Group name field. The new group has the same members as the original group.

  5. We can Add new group members, Delete group members or View a group member's information by selecting the group member and clicking the appropriate operation.

  6. When you are done click, OK. The new group is created and contains the same members as the original group with any addition or removal modifications you made during the copy procedure.

 

Removing a group

Expand the Users and groups category in the navigation area of the Web Administration Tool.

  1. Click Manage groups.

  2. Select a realm from the drop-down menu. Click View groups, if the groups are not already displayed in the Groups box.

  3. Select the group you want to remove and click Delete.

  4. When prompted to confirm the deletion, click OK.

  5. The group is removed from the list of groups.




[ Top of Page | Previous Page | Next Page | Contents | Index ]