Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ users!

Media Vault

Software Library

Restoration Projects

Artifacts Sought

users!

Managing users and groups


his chapter describes how to use the forms in the administration server Users and Groups area. The following topics are covered in this chapter:

 

  • Creating users 
  • Managing users
    • Finding user entries 
    • Managing a user's password 
    • Editing user information 
    • Renaming users 
    • Managing user licenses 
    • Tracking client access licenses
    • Removing users
  • Creating groups 
  • Managing groups
    • Finding group entries 
    • Editing group attributes 
    • Adding group members 
    • Removing entries from the group members list 
    • Adding or editing a Group Certificate Member
    • Managing owners 
    • Adding groups to the group members list 
    • Managing see alsos 
    • Removing groups 
    • Renaming groups
  • Creating organizational units 
  • Managing organizational units
    • Finding organizational units 
    • Editing organizational unit attributes 
    • Renaming organizational units 
    • Deleting organizational units
  • Importing a directory from LDIF 
  • Exporting a database to LDIF

Creating users

To create a user entry within the directory, do the following:

 

  1. From the Server Administration page, go to Users & Groups | New User.

  2. At a minimum, you must specify the user's:
  • surname or last name 
  • full name 
  • user ID 
 
    Note
If you enter a given name (or first name) and a surname, then the gateway automatically fills in the user's full name and user ID for you. The user ID is based on the server's default language, and is generated as the first initial of the user's first name followed by the user's last name. For example, if English is the default language and the user's name is Babs Jensen, then the user ID is automatically set to bjensen. You can replace this user ID with an ID of your own choosing if you wish.
 
    Note
The user ID must be unique. The administration server ensures that the user ID is unique by searching the entire directory from the search base (base DN) down to see if the user ID is in use. Be aware, however, that if you use the ldapmodify command line utility to create a user, that it does not ensure unique user IDs. If duplicate user IDs exist in your directory, the effected users will not be able to authenticate to the directory.
  1. If any organizational units have been defined for your directory, you can specify where you want the new user to be placed using the Add New User To list. The default location is your directory's root point.


  2. Click Create User to add the user and immediately return to the New User form. Click Create and Edit User to add the user and then proceed to the Edit User form for the user you have just added.
For information on editing users, see "Managing users".
 

Representing user or organizational unit information in another language

This is useful when a user's name and other information can be represented more accurately using characters in another languge. For example, if the default language is English and the user's name is Japanese, the user may prefer to see her name in familiar Japanese characters.
 

To change the user's or organizational unit group's Preferred Language:

You can take advantage of this feature only when you are using Netscape Directory server 3.x. If you are using the local database or Directory server 1.x, the Preferred Language information will not be sent to the server.
 
  1. From the Server Administration page, choose Users & Groups | New User.

  2. The user's Preferred Language is indicated the in drop-down list  in the upper right corner of the form.  If no Preferred Language has been selected, the default Language is displayed.
  3. Choose the Preferred Language for this user or organizational unit group only.
  4. Enter the user's name and other information using the preferred language.
  5. If appropriate, enter the user's name and other information using the additional fields provided.
 

To customize the Preferred Language List

This is useful when your users and groups can use more than one language to represent their names and other information, and you routinely switch back and forth from one language to another. This feature requires LDAPv3 or higher; it is not enabled if you are using the local database.
 
  • Use the Display Preferred Language List buttons to Indicate whether you you  want the Preferred Language list to display each time you create or modify user or organizational group unit information.
  • In the Default Value column, select the language you want to see first when the Preferred Language List displays.
  • In the Add to List, select one or more languages you want to see included on the Preferred Language List.
  • Click Save Changes.
  • Notes on user entries

    The following notes may be of interest to the directory administrator:
     
    •  User entries use the inetOrgPerson, organizationalPerson, and person object classes. For more information on how these are used, see Appendix A, Object Classes and Attributes. 
    • By default, the distinguished name for users is of the form: 
    cn=full name, ou=organization, ...,o=base organization, c=country
    For example, if a user entry for Babs Jensen is created within the organizational unit Engineering, and the directory's suffix is o=Ace Industry, c=US, then the person's DN is:

    cn=Babs Jensen, ou=Engineering, o=Ace Industry, c=US
    However, you can change this format to a uid-based distinguised name. For information on how to set this default, see "Using uid-based distinguished names".

  • Suffixes are optional if you are using the local directory. If you did not configure a suffix for your local directory, then you literally use the string "" (quote quote) to represent the search base on calls to ldapsearch. 
  • The values on the user form fields are stored as the following LDAP attributes:
  •  
    User field 

     

    Corresponding LDAP attribute 

     

    Given Name 

     

    givenName 

     

    Surname 

     

    sn 

     

    Full Name 

     

    cn 

     

    User ID 

     

    uid 

     

    Password 

     

    userPassword 

     

    E-Mail Address 

     

    mail 

     

     
    The following fields are also available when editing the user entry:
     
    User field 

     

    Corresponding LDAP attribute 

     

    Title 

     

    title 

     

    Telephone 

     

    telephoneNumber 

     

     
    For information on these attributes, see Appendix A, Object Classes and Attributes.

    Managing users

    You edit user attributes from the Manage Users form. From this form you can:

     

    • Find user entries 
    • Change user attribute values 
    • Change the user's password 
    • Manage the user's licenses 
    • Rename the user's entry 
    • Delete the user's entry 
    • Potentially change product-specific information.
    Some, but not all, Netscape servers add additional forms to this area that allow you to manage product-specific information. For example, if a messaging server is installed under your administration server, then an additional form is added that allows you to edit messaging server-specific information. See the server documentation for details on these additional management capabilities. The following sections describe these activities in detail.
       For more information regarding user entries when using a directory server, see "Notes on user entries".

       

    Finding user entries

    Before you can edit a user entry, you must display the entry. To find an entry:

     

    1. From the administration server manager, go to Users & Groups | Manage Users.

    2. In the Find User field, enter some descriptive value for the entry that you want to edit. You can enter any of the following in the search field:
    • A name. Enter a full name or a partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found. 
    • A user ID. 
    • A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned. 
    • An email address. Any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string. 
    • An asterisk (*) to see all of the entries currently in your directory. You can achieve the same effect by simply leaving the field blank. 
    • Any LDAP search filter. Any string that contains an equal sign (=) is considered a search filter.
    As an alternative, use the pull down menus in Find all users whose: to narrow the results of your search.
    1. In the Look within field, select the organizational unit under which you want to search for entries. The default is the directory's root point (or top most entry).

    2. In the Format: field, choose either On-Screen or Printer.

    3. Click Find. All the users in the selected organizational unit are displayed.

    4. In the resulting table, click the name of the entry that you want to edit.

    5. The user edit form is displayed. Change the displayed fields as desired and click Save Changes. The changes are made immediately.

    The "Find all users whose" field

    The Find all users whose: field allows you to build a custom search filter. Use this field to narrow down the search results returned by Find user.

     Find all users whose: provides the following search criteria:

     

    • The left-most pull-down list allows you to specify the attribute on which the search will be based.
    •  Options are:

      full name
      Search each entry's full name for a match.

      last name
      Search each entry's last name, or surname for a match.

      user id
      Search each entry's user id for a match.

      phone number
      Search each entry's phone number for a match.

      email address
      Search each entry's email address for a match.

    • In the center pull-down list, select the type of search you want to perform.
    •   Options are:

      contains
      Causes a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an user's name probably contains the word "Steve", use this option with the search string "Steve" to find the user's entry.

      is
      Causes an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an user's attribute. For example, if you know the exact spelling of the user's name, use this option.

      isn't
      Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the users in the directory whose name is not "Babs Jensen", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.

      sounds like
      Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a user's name is spelled "Sarret", "Sarette", or "Sarett", use this option.

      starts with
      Causes a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a user's name starts with "Mike", but you do not know the rest of the name, use this option.

      ends with
      Causes a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a user's name ends with "Anderson", but you do not know the rest of the name, use this option.

    • In the right-most text field, enter your search string.
    •  To display all of the users entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this text field blank.

    Editing user information

    To change a user's entry:

     

    1. Display the user entry as described in "Finding user entries".

    2. Edit the field corresponding to the attribute that you wish to change.
    3. You can also represent the user's information in characters of another language if appropriate.

    4. Click Save Changes.

    5. Note
      It is possible that you will want to change an attribute value that is not displayed by the edit user form. In this situation, use the ldapmodify command line utility.
      NoteYou can change the user's first, last, and full name field from this form, but to fully rename the entry (including the entry's distinguished name), you need to use the Rename User form. For more information on how to rename an entry, see "Renaming users".

    Managing a user's password

    The password you set for user entries is used by the various Netscape servers for user authentication.

    To change or create a user's password:

     

    1. Display the user entry as described in "Finding user entries".

    2. Click the Password link at the top of the user edit form.

    3. Enter the new password and then the confirmation password.

    4. Click Set Password. The change takes effect immediately.

    5. You can also disable the user's password by clicking the Disable Password button. Doing this prevents the user from logging into a Netscape server without deleting the user's directory entry. You can reinstate the password by using the Password Management Form to enter a new password.

       To return to the general information form, click General.

       

    Managing user licenses

    This area allows you to track which Netscape server products your users are licensed to use. To manage the licenses available to the user:

     

    1. Display the user entry as described in "Finding user entries".

    2. Click the Licenses link at the top of the User Edit form.

    3. Click next to the Suitespot servers that you want this user to be able to use.

    4. Click Save Changes.

    5. Note that currently Netscape servers do not enforce these licenses.

      To return to the general information form, click General.

    License Tracking

    To count the number of client users licensed for each Suitespot server:
    1. In the Server Administration page, choose Users & Groups|License Tracking.
    2. Select the Suitespot servers you want to include in the count, then click OK.
    The License Count column displays the number of users licensed for each Suitespot server you've selected.
     
       

    Renaming users

    To rename a user entry:

     

    1. Display the user entry as described in "Finding user entries".

    2. Click the Rename User button.

    3. Enter the new name in the resulting dialog box. If you are using common name-based DNs, specify the user's full name. If you are using uid-based distinguished names, enter the new uid value that you want to use for the entry.

    4. Change the Given Name, Surname, full name, or UID fields as is appropriate to match the new distinguished name for the entry. Note that if you are using common name-based distinguished names, and you change the distinguished name to use a new common name, then you should make sure that this new common name is listed as the first choice in the list of full names. This ensures that the appropriate name is displayed when a list is generated that shows this entry.

    5. You can tell the administration server to not retain the old full name or uid values when you rename the entry by setting the keepOldValueWhenRenaming parameter to false. You can find this paramter in the following file:

                      NSHOME/admin-serv/config/dsgw-orgperson.conf
      Note
      The rename feature changes only the user's name; all other fields are left intact. In addition, the user's old name is still preserved so searches against the old name will still find the new entry.
      Note
      When you rename a user entry, you can only change the user's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
    • organizational units for Marketing and Accounting 
    • an entry named Babs Jensen under the Marketing organizational unit 
    • then you can rename the entry from Babs Jensen to Barbara Jensen, but you cannot rename the entry such that Babs Jensen under the Marketing organizational unit becomes Babs Jensen under the Accounting organizational unit.
      To return to the general information form, click General.

       

    Removing users

    To delete a user entry:

     

    1. Display the user entry as described in "Finding user entries".

    2. Click the Delete User button.

    3. Click O.K. in the resulting confirmation box. The user entry is immediately deleted.

    Creating groups

    To create a group entry within the directory, do the following:

     

    1. From the administration server manager, go to Users & Groups | New Group.

    2. Enter the group's name. You can optionally also add a description for the group.

    3. If any organizational units have been defined for your directory, you can specify where you want the new group to be placed using the Add New Group To: list. The default location is your directory's root point, or top-most entry.

    4. Click Create Group to add the group and immediately return to the New Group form. Click Create and Edit Group to add the group and then proceed to the Edit Group form for the group you have just added.

    5. For information on editing groups, see "Editing group attributes".

    Managing groups

    You edit groups and manage group memberships from the Group Edit form. From this form you can:

     

    • Find groups 
    • Change group attributes 
    • Add and delete owners of the group 
    • Add and delete see also information 
    • Add and delete members of the group 
    • Rename the group 
    • Delete the group 
    • Change the group's description The following sections describe these activities in detail.
    •  

    Finding group entries

    To find group entries:

     

    1. Go to Users & Groups | Manage Groups.

    2. Enter the name of the group that you want to find in the Find Group field. You can enter any of the following in the search field:
    • A name. Enter a full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found. 
    • An asterisk (*) to see all of the groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank. 
    • Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
    As an alternative, use the pull down menus in Find all groups whose to narrow the results of your search.
    1. In the Look within field, select the organizational unit under which you want to search for entries. The default is the directory's root point, or top-most entry.

    2. In the Forma: field, choose either On-Screen or Printer.

    3. Click Find. All the groups matching your search criteria are displayed.

    4. In the resulting table, click the name of the entry that you want to edit.

    The "Find all groups whose" field

    The Find all groups whose: field allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find groups:

     Find all groups whose: provides the following search criteria:

     

    • The left-most pull-down list allows you to specify the attribute on which the search is based.
    •  Options are:

      full name
      Searches each entry's full name for a match.

      description
      Searches each group entry's description for a match..

    • In the middle pull-down list, select the type of search you want to perform.
    •   Options are:

      contains
      Causes a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an group's name probably contains the word "Administrator", use this option with the search string "Administrator" to find the group entry.

      is
      Causes an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an group's attribute. For example, if you know the exact spelling of the group's name, use this option.

      isn't
      Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the groups in the directory whose name does not contain "administrator", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.

      sounds like
      Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a group's name is spelled "Sarret's list", "Sarette's list", or "Sarett's list", use this option.

      starts with
      Causes a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a group's name starts with "Product", but you do not know the rest of the name, use this option.

      ends with
      Causes a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a group's name ends with "development", but you do not know the rest of the name, use this option.

    • In the right-most text field, enter your search string.
    •  To display all of the group entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this text field blank.

      For more information on how to find a group entry, see "Finding group entries".

       

    Editing group attributes

    To change a group entry, do the following:

     

    1. Locate the group you want to edit as described in "Finding group entries".

    2. The Group Edit form is displayed. Change the displayed fields as desired and click Save Changes. The changes are made immediately.

    3. Note
      It is possible that you will want to change an attribute value that is not displayed by the group edit form. In this situation, use the ldapmodify command line utility.

    Adding group members

    To add members to the group:

     

    1. Locate the group you want to manage as described in "Finding group entries".

    2. Click the Edit button under Group Members. A new form is displayed that allows you to search for entries. If you want to add user entries to the list, make sure Users is shown in the Find pull-down menu. If you want to add group entries to the group, make sure Group is shown.

    3. In the right-most text field, enter a search string. Enter any of the following:
    • A name. Enter a full name or a partial name. All entries whose name matches the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found. 
    • A user ID if you are searching for user entries. 
    • A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned. 
    • An email address. any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string. 
    • enter either an asterisk (*) or simply leave this text field blank to see all of the entries or groups currently residing in your directory. 
    • Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
    1. Click Find and Add to find all the matching entries and add them to the group.
    If the search returns any entries that you do not want add to the group, click the box in the Remove from list? column. You can also construct a search filter to match the entries you want removed and then click Find and Remove.
    1. When the list of group members is complete, click Save Changes. The currently displayed entries are now members of the group.

    Adding groups to the group members list

    You can add groups (instead of individual members) to the group's members list. Doing so causes any users belonging to the included group to become a member of the receiving group. For example, if Babs Jensen is a member of the Marketing Managers group, and you make the Marketing Managers group a member of the Marketing Personnel group, then Babs Jensen is also a member of the Marketing Personnel group.

     To add a group to the members list of another group, add the group as if it were a user entry. See "Adding group members" for more information.

     

    Removing entries from the group members list

    To delete an entry from the group members list, do the following:

     

    1. Locate the group you want to manage as described in "Finding group entries".

    2. Click Edit under Group Members.

    3. For each member that you want to remove from the list, click the corresponding box under the Remove from list? column.

    4. Alternatively, you can construct a filter to find the entries you want to remove and click the Find and Remove button. For more information on creating a search filter, see "Adding group members".
      1. Click Save Changes. The entry(s) are deleted from the group members list.
     

    Adding or editing a Group Certificate Member

    Create an Attribute Value Assertion (AVA)-certificate group when you want to grant or deny server access to all individuals who share the same group attributes.  This feature allows you to build a dynamic group of users based on the information embedded in each individual's FORTEZZA card.  For example, you can create an AVA-certificate group of  all users who report to the same manager, in the same department of the same business unit.  When an individual inserts his FORTEZZA card, if all of these values do not match the attributes you've mapped, the user is not included in the group.

    You can take advantage of this feature only when you are using a Netscape 3.x server with local database, or when you are using a Netscape LDAP server.

    To edit an AVA-certificate group:

    1. In the Server Administration page, choose Users & Groups|Manage Groups.
    2. In the Find Group: field, enter the name of the group you want to create or edit, then click Find. A list of existing groups displays.
    3. Click the name of the group you want to create or edit.  The group information displays.
    4. Click the Group Cert Members: Add button.
    5. Enter values for the following mapping fields. Note that you do not need to enter a value in all of these fields, but you do need to enter a value for at least one field.
    • Common name is usually the fully qualified hostname used in DNS lookups (for example, www.netscape.com) on servers, or a person's name on clients.
    • Email address is your business email address. This is used for correspondence between you and the CA.
    • Organizational Unit(s) is an optional field that describes an organization within your company. This can also be used to note a less formal company name (without the Inc., Corp., and so on). You can specify more than one organizational unit. If you do, the names must match the ones in the certificate in order.
    • Locality is an optional field that usually describes the city, principality, or country for the organization.
    • State or Province is usually required, but can be optional for some CAs. Most CAs won't accept abbreviations, but check with them to be sure.
    • Country is a required, 2-character abbreviation of your country name (in ISO format). The country code for the United States is US.
    Click Save Changes.

    Managing owners

    You manage a group's owners list the same way as you manage the group members list. The following table shows you which section to read for more information:
     
    If you want to... 

     

    Use the steps in. . . 

     

    Add owners to the group 

     

    "Adding group members" 

     

    Add groups to the owners list 

     

    "Adding groups to the group members list" 

     

    Remove entries from the owners list 

     

    "Removing entries from the group members list" 

     

     

    Managing see alsos

    See alsos are references to other directory entries that may be relevant to the current group. They allow users to easily find entries for people and other groups that are related to the current group.

     You manage see alsos the same way as you manage the group members list. The following table shows you which section to read for more information:

     
    If you want to... 

     

    Use the steps in. . . 

     

    Add users to see alsos 

     

    "Adding group members" 

     

    Add groups to see alsos 

     

    "Adding groups to the group members list" 

     

    Remove entries from see alsos 

     

    "Removing entries from the group members list" 

     

     

    Removing groups

    To delete a group, do the following:

     

    1. Locate the group you want to delete as described in "Finding group entries".

    2. Click Delete Group.

    3. Click O.K. in the resulting confirmation box. The group entry is immediately deleted.

    Renaming groups

    To rename a group, do the following:

     

    1. Locate the group you want to manage as described in "Finding group entries".

    2. Click the Rename Group button.

    3. Enter the new group name in the resulting dialog box.

    4. Note
      When you rename a group entry, you only change the group's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
    • organizational units for Marketing and Accounting 
    • an group named Bean Counters under the Accounting organizational unit 
    • then you can rename the group from Bean Counters to Counters of Beans, but you cannot rename the entry such that Bean Counters under the Accounting organizational unit becomes Bean Counters under the Marketing organizational unit.

    Creating organizational units

    For information on organizational units and how they should be used, see "Planning your directory structure". To create an organizational unit, do the following:

     

    1. From the administration server manager, go to Users & Groups | New Organizational Unit.

    2. In the Unit Name field, enter the name of the organizational unit.

    3. In the Description field, you can optionally add a description of the unit.

    4. In the Add Organizational Unit to list, select the organization under which this new organization will reside.

    5. Click Create Organizational Unit. The new entry is added immediately.
    6. You can also represent organizational unit information using characters in another language if appropriate.
     

    Notes on organizational units

    The following notes may be of interest to the directory administrator:

     

    • New organizational units are created using the organizationalUnit object class. 
    • The distinguished name for new organizational units is of the form: 
    ou=new organization, ou=parent organization, ...,o=base organization, 
    c=country
    For example, if you create a new organization called Accounting within the organizational unit West Coast, and your Base DN is o=Ace Industry, c=US, then the new organization unit's DN is:

    ou=Accounting, ou=West Coast, o=Ace Industry, c=US

    Managing organizational units

    You edit and manage organizational units from the Organizational Unit Edit form. From this form, you can:

     

    • Find organizational units 
    • Remove organizational units 
    • Edit organizational unit attributes 
    • Rename organizational units 
    • Delete organizational units

    Finding organizational units

    To find organizational units:

     

    1. Go to Users & Groups | Manage Organizational Units.

    2. Enter the name of the unit you want to find in the Find organizational unit field. You can enter any of the following in the search field:
    • A name. Enter a full name or a partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found. 
    • An asterisk (*) to see all of the groups currently residing in your directory. You can achieve this same result by simply leaving the field blank. 
    • Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
    As an alternative, use the pull down menus in Find all units whose: to narrow the results of your search.
    1. In the Look within: field, select the organizational unit under which you want to search for entries. The default is the root point of the directory.

    2. In the Format: field, choose either On-Screen or Printer.

    3. Click Find. All the organizational units matching your search criteria are displayed.

    4. In the resulting table, click the name of the organizational unit that you want to find.
    The Find all units whose: field
    The Find all units whose: field allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find organizational unit:

     Find all units whose: provides the following search criteria:

     

    • The left-most pull-down list allows you to specify the attribute on which the search will be based.
    •   Options are:

      unit name
      Search each entry's name for a match.

      description
      Search each organizational unit entry's description for a match..

    • In the middle pull-down list, select the type of search you want to perform.
    •   Options are:

      contains
      Causes a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an organizational unit's name probably contains the word "Marketing", use this option with the search string "Marketing" to find the organizational unit entry.

      is
      Causes an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an organizational unit's attribute. For example, if you know the exact spelling of the organizational unit's name, use this option.

      isn't
      Returns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the organizational units in the directory whose name does not contain "Marketing", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.

      sounds like
      Causes an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a organizational unit's name is spelled "Sarret's Org", "Sarette's Org", or "Sarett's Org", use this option.

      starts with
      Causes a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a organizational unit's name starts with "Product", but you do not know the rest of the name, use this option.

      ends with
      Causes a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a organizational unit's name ends with "Development 1", but you do not know the rest of the name, use this option...

    • In the right-most text field, enter your search string.
    •  To display all of the organizational unit entries contained in the Look Within directory, enter either an asterisk (*) or simply leave this text field blank.

      For more information on how to find an organizational unit entry, see "Finding organizational units".

       

    Editing organizational unit attributes

    To change a organizational unit entry:

     

    1. Locate the organizational unit you want to edit as described in "Finding organizational units".

    2. The organizational unit edit form is displayed. Change the displayed fields as desired and click Save Changes. The changes are made immediately.

    3. Note
      It is possible that you will want to change an attribute value that is not displayed by the organizational unit edit form. In this situation, use the ldapmodify command line utility.

    Renaming organizational units

    To rename an organizational unit entry, do the following:

     

    1. Make sure no other entries exist in the directory under the organizational unit that you want to rename.

    2. Locate the organizational unit you want to edit as described in "Finding organizational units".

    3. Click the Rename button.

    4. Enter the new organizational unit name in the resulting dialog box. .

    5. Note
      When you rename an organizational unit entry, you can only change the organizational unit's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
    • organizational units for Marketing and Accounting 
    • an organizational unit called Widget 1 under the Marketing organizational unit 
    • then you can rename the entry from Widget 1 to Widget 2, but you cannot rename the entry such that Widget 1 under the Marketing organizational unit becomes Widget 1under the Accounting organizational unit.

    Deleting organizational units

    To delete an organizational unit entry do the following:

     

    1. Make sure no other entries exist in the directory under the organizational unit that you want to rename.

    2. Locate the organizational unit you want to delete as described in "Finding organizational units".

    3. Click the Delete button.

    4. Click O.K. in the resulting confirmation box. The organizational unit is immediately deleted.

    Importing a directory from LDIF

    If you do not currently have a directory, or if you want to add a new subtree to an existing directory, you can use the Users and Groups import function. This function accepts a file containing LDIF and attempts to build a directory or a new subtree from the LDIF entries.

     If you are using the Netscape local directory, the import function will optionally overwrite any existing directories. If you are using a directory server and you attempt to import an entry that already exists, then that operation will fail.

     To merge LDIF formatted entries into an existing directory (either for a local directory, or for directory server), it is best to convert the LDIF to LDIF update statements and use ldapmodify to perform the merge.

     To create an new directory or subtree from Users and Groups, do the following:

     

    1. Go to Users & Groups | Import.

    2. Enter the full path name to the LDIF file containing the entries you want to add to your directory.

    3. Check Stop on errors if you want the import to fail completely if any single add operation fails.

    4. If you are using the local directory, then Erase existing database is available to you. Check this field if you want your existing database to be erased when a new directory is imported from LDIF. If Erase existing database is not checked, then the import function will attempt to add the contents of the LDIF file to the existing directory. However, if the import function attempts to add an entry to the directory that already exists, then an error is returned. Whether the import function continues or stops immediately is dependent on whether Stop on errors is checked.

    5. Click Begin Import. The import proceeds immediately.
     

    Exporting a database to LDIF

    You can export your current directory to LDIF using the Users and Groups export function. This function creates an LDIF-formatted file that represents your directory.

    To export your directory to an LDIF file:

     

    1. Go to Users & Groups | Export.

    2. Enter the full path name to the file in which you want the LDIF to be placed. Note that if you do not enter a full path name here, the file is placed in NSHOME\db\ldap\tools where NSHOME is your administration server's installation root directory.

    3. The Suffix to add field is available if you are exporting a local directory to the directory server. In this situation, you must specify a suffix to successfully import your local directory into directory server.

    4. The suffix you specify must match at least one of the suffixes configured for your directory server.
    5. Click OK. The export proceeds immediately.

    6.  

    Working with large LDIF files:

      Netscape doesn't support more than 1000 entries in the local database. If you are working with  large LDIF files, and you see the following message:

      Window.Document.impForm has no property named 'ldif'

      then the Administration Server has timed out.  To avoid this problem, use the following command line procedures.
       

      To import an LDIF file:
    1. cd NSHOME/userdb/ldap/tools
    2. rm ../db/* (optional -- this removes the existing db)
    3. ./ldapmodify -aC ../config/lcache.conf < /tmp/my.ldif
     

    To export an LDIF file:

    1. cd NSHOME/userdb/ldap/tools
    2. ./ldapsearch -C ../config/lcache.conf -b "" "objectclass=*" > /tmp/my.ldif
       
     
    Copyright 1997 Netscape Communications Corporation. All rights reserved.

    Typewritten Software • bear@typewritten.org • Edmonds, WA 98026