users!
Managing users and groups
his chapter describes how to use the forms in
the administration server Users and Groups area. The following topics are
covered in this chapter:
- Creating users
- Managing users
- Finding user entries
- Managing a user's password
- Editing user information
- Renaming users
- Managing user licenses
- Tracking client access licenses
- Removing users
- Creating groups
- Managing groups
- Finding group entries
- Editing group attributes
- Adding group members
- Removing entries from the group members list
- Adding or editing a Group Certificate Member
- Managing owners
- Adding groups to the group members list
- Managing see alsos
- Removing groups
- Renaming groups
- Creating organizational units
- Managing organizational units
- Finding organizational units
- Editing organizational unit attributes
- Renaming organizational units
- Deleting organizational units
- Importing a directory from LDIF
- Exporting a database to LDIF
Creating users
To create a user entry within the directory, do the following:
- From the Server Administration page, go to Users & Groups | New User.
- At a minimum, you must specify the user's:
Note
-
Note
- If any organizational units have been defined for your directory, you can specify where you want the new user to be placed using the Add New User To list. The default location is your directory's root point.
Click Create User to add the user and immediately return to the New User form. Click Create and Edit User to add the user and then proceed to the Edit User form for the user you have just added.
Representing user or organizational unit information in another language
This is useful when a user's name and other information can be represented more accurately using characters in another languge. For example, if the default language is English and the user's name is Japanese, the user may prefer to see her name in familiar Japanese characters.To change the user's or organizational unit group's Preferred Language:
You can take advantage of this feature only when you are using Netscape Directory server 3.x. If you are using the local database or Directory server 1.x, the Preferred Language information will not be sent to the server.- From the Server Administration page, choose Users & Groups | New User.
- Choose the Preferred Language for this user or organizational unit group only.
- Enter the user's name and other information using the preferred language.
- If appropriate, enter the user's name and other information using the additional fields provided.
The user's Preferred Language is indicated the in drop-down list in the upper right corner of the form. If no Preferred Language has been selected, the default Language is displayed.
To customize the Preferred Language List
This is useful when your users and groups can use more than one language to represent their names and other information, and you routinely switch back and forth from one language to another. This feature requires LDAPv3 or higher; it is not enabled if you are using the local database.Notes on user entries
The following notes may be of interest to the directory administrator:- User entries use the inetOrgPerson, organizationalPerson, and person object classes. For more information on how these are used, see Appendix A, Object Classes and Attributes.
- By default, the distinguished name for users is of the form:
cn=full name, ou=organization, ...,o=base organization, c=countryFor example, if a user entry for Babs Jensen is created within the organizational unit Engineering, and the directory's suffix is o=Ace Industry, c=US, then the person's DN is:
cn=Babs Jensen, ou=Engineering, o=Ace Industry, c=USHowever, you can change this format to a uid-based distinguised name. For information on how to set this default, see "Using uid-based distinguished names".
| User field
|
Corresponding LDAP
attribute
|
|---|---|
| Given Name
|
givenName
|
| Surname
|
sn
|
| Full Name
|
cn
|
| User ID
|
uid
|
| Password
|
userPassword
|
| E-Mail Address
|
mail
|
| User field
|
Corresponding LDAP
attribute
|
|---|---|
| Title
|
title
|
| Telephone
|
telephoneNumber
|
Managing users
You edit user attributes from the Manage Users form. From this form you can:
- Find user entries
- Change user attribute values
- Change the user's password
- Manage the user's licenses
- Rename the user's entry
- Delete the user's entry
- Potentially change product-specific information.
- For more information regarding user entries
when using a directory server, see "Notes on
user entries".
Finding user entries
Before you can edit a user entry, you must display the entry. To find an entry:
- From the administration server manager, go to Users & Groups | Manage Users.
- In the Find User field, enter some descriptive value for the entry that you want to edit. You can enter any of the following in the search field:
- A name. Enter a full name or a partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
- A user ID.
- A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned.
- An email address. Any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string.
- An asterisk (*) to see all of the entries currently in your directory. You can achieve the same effect by simply leaving the field blank.
- Any LDAP search filter. Any string that contains an equal sign (=) is considered a search filter.
- In the Look within field, select the organizational unit under which you want to search for entries. The default is the directory's root point (or top most entry).
- In the Format: field, choose either On-Screen or Printer.
- Click Find. All the users in the selected organizational unit are displayed.
- In the resulting table, click the name of the entry that you want to edit.
- The user edit form is displayed. Change the displayed fields as desired and click Save Changes. The changes are made immediately.
The "Find all users whose" field
The Find all users whose: field allows you to build a custom search filter. Use this field to narrow down the search results returned by Find user.Find all users whose: provides the following search criteria:
- The left-most pull-down list allows you to specify the attribute on which the search will be based.
- In the center pull-down list, select the type of search you want to perform.
- In the right-most text field, enter your search string.
full nameSearch each entry's full name for a match.
last nameSearch each entry's last name, or surname for a match.
user idSearch each entry's user id for a match.
phone numberSearch each entry's phone number for a match.
email addressSearch each entry's email address for a match.
containsCauses a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an user's name probably contains the word "Steve", use this option with the search string "Steve" to find the user's entry.
isCauses an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an user's attribute. For example, if you know the exact spelling of the user's name, use this option.
isn'tReturns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the users in the directory whose name is not "Babs Jensen", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds likeCauses an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a user's name is spelled "Sarret", "Sarette", or "Sarett", use this option.
starts withCauses a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a user's name starts with "Mike", but you do not know the rest of the name, use this option.
ends withCauses a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a user's name ends with "Anderson", but you do not know the rest of the name, use this option.
To
display all of the users entries contained in the Look Within directory,
enter either an asterisk (*) or simply leave this text field blank.
Editing user information
To change a user's entry:
- Display the user entry as described in "Finding user entries".
- Edit the field corresponding to the attribute that you wish to change.
- You can also represent the user's information in characters of another language if appropriate.
- Click Save Changes.
Note
It is possible that you will want to change an attribute value that is not displayed by the edit user form. In this situation, use the ldapmodify command line utility.
NoteYou can change the user's first, last, and full name field from this form, but to fully rename the entry (including the entry's distinguished name), you need to use the Rename User form. For more information on how to rename an entry, see "Renaming users".
Managing a user's password
The password you set for user entries is used by the various Netscape servers for user authentication.To change or create a user's password:
- Display the user entry as described in "Finding user entries".
- Click the Password link at the top of the user edit form.
- Enter the new password and then the confirmation password.
- Click Set Password. The change takes effect immediately.
You can also disable the user's password by clicking the Disable Password button. Doing this prevents the user from logging into a Netscape server without deleting the user's directory entry. You can reinstate the password by using the Password Management Form to enter a new password.
To return to the general information form, click General.
Managing user licenses
This area allows you to track which Netscape server products your users are licensed to use. To manage the licenses available to the user:
- Display the user entry as described in "Finding user entries".
- Click the Licenses link at the top of the User Edit form.
- Click next to the Suitespot servers that you want this user to be able to use.
- Click Save Changes.
Note that currently Netscape servers do not enforce these licenses.
License Tracking
To count the number of client users licensed for each Suitespot server:- In the Server Administration page, choose Users & Groups|License Tracking.
- Select the Suitespot servers you want to include in the count, then click OK.
Renaming users
To rename a user entry:
- Display the user entry as described in "Finding user entries".
- Click the Rename User button.
- Enter the new name in the resulting dialog box. If you are using common name-based DNs, specify the user's full name. If you are using uid-based distinguished names, enter the new uid value that you want to use for the entry.
- Change the Given Name, Surname, full name, or UID fields as is appropriate to match the new distinguished name for the entry. Note that if you are using common name-based distinguished names, and you change the distinguished name to use a new common name, then you should make sure that this new common name is listed as the first choice in the list of full names. This ensures that the appropriate name is displayed when a list is generated that shows this entry.
You can tell the administration server to not retain the old full name or uid values when you rename the entry by setting the keepOldValueWhenRenaming parameter to false. You can find this paramter in the following file:
NSHOME/admin-serv/config/dsgw-orgperson.conf
Note
The rename feature changes only the user's name; all other fields are left intact. In addition, the user's old name is still preserved so searches against the old name will still find the new entry.
Note
When you rename a user entry, you can only change the user's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
- organizational units for Marketing and Accounting
- an entry named Babs Jensen under the Marketing organizational unit
then you can rename the entry from Babs Jensen to Barbara Jensen, but you cannot rename the entry such that Babs Jensen under the Marketing organizational unit becomes Babs Jensen under the Accounting organizational unit.To return to the general information form, click General.
Removing users
To delete a user entry:
- Display the user entry as described in "Finding user entries".
- Click the Delete User button.
- Click O.K. in the resulting confirmation box. The user entry is immediately deleted.
Creating groups
To create a group entry within the directory, do the following:
- From the administration server manager, go to Users & Groups | New Group.
- Enter the group's name. You can optionally also add a description for the group.
- If any organizational units have been defined for your directory, you can specify where you want the new group to be placed using the Add New Group To: list. The default location is your directory's root point, or top-most entry.
- Click Create Group to add the group and immediately return to the New Group form. Click Create and Edit Group to add the group and then proceed to the Edit Group form for the group you have just added.
For information on editing groups, see "Editing group attributes".
Managing groups
You edit groups and manage group memberships from the Group Edit form. From this form you can:
- Find groups
- Change group attributes
- Add and delete owners of the group
- Add and delete see also information
- Add and delete members of the group
- Rename the group
- Delete the group
- Change the group's description The following sections describe these activities in detail.
Finding group entries
To find group entries:
- Go to Users & Groups | Manage Groups.
- Enter the name of the group that you want to find in the Find Group field. You can enter any of the following in the search field:
- A name. Enter a full name or a partial name. All entries that equally match the search string are returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
- An asterisk (*) to see all of the groups currently residing in your directory. You can achieve the same effect by simply leaving the field blank.
- Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
- In the Look within field, select the organizational unit under which you want to search for entries. The default is the directory's root point, or top-most entry.
- In the Forma: field, choose either On-Screen or Printer.
- Click Find. All the groups matching your search criteria are displayed.
- In the resulting table, click the name of the entry that you want to edit.
The "Find all groups whose" field
The Find all groups whose: field allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find groups:Find all groups whose: provides the following search criteria:
- The left-most pull-down list allows you to specify the attribute on which the search is based.
- In the middle pull-down list, select the type of search you want to perform.
- In the right-most text field, enter your search string.
full nameSearches each entry's full name for a match.
descriptionSearches each group entry's description for a match..
containsCauses a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an group's name probably contains the word "Administrator", use this option with the search string "Administrator" to find the group entry.
isCauses an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an group's attribute. For example, if you know the exact spelling of the group's name, use this option.
isn'tReturns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the groups in the directory whose name does not contain "administrator", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds likeCauses an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a group's name is spelled "Sarret's list", "Sarette's list", or "Sarett's list", use this option.
starts withCauses a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a group's name starts with "Product", but you do not know the rest of the name, use this option.
ends withCauses a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a group's name ends with "development", but you do not know the rest of the name, use this option.
To
display all of the group entries contained in the Look Within directory,
enter either an asterisk (*) or simply leave this text field blank.
For more information on how to find a group entry, see "Finding group entries".
Editing group attributes
To change a group entry, do the following:
- Locate the group you want to edit as described in "Finding group entries".
- The Group Edit form is displayed. Change the displayed fields as desired and click Save Changes. The changes are made immediately.
Note
It is possible that you will want to change an attribute value that is not displayed by the group edit form. In this situation, use the ldapmodify command line utility.
Adding group members
To add members to the group:- Locate the group you want to manage as described in "Finding group entries".
- Click the Edit button under Group Members. A new form is displayed that allows you to search for entries. If you want to add user entries to the list, make sure Users is shown in the Find pull-down menu. If you want to add group entries to the group, make sure Group is shown.
- In the right-most text field, enter a search string. Enter any of the following:
- A name. Enter a full name or a partial name. All entries whose name matches the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
- A user ID if you are searching for user entries.
- A telephone number. If you enter only a partial number, any entries that have telephone numbers ending in the search number will be returned.
- An email address. any search string containing an at (@) symbol is assumed to be an email address. If an exact match cannot be found, then a search is performed to find all email addresses that begin with the search string.
- enter either an asterisk (*) or simply leave this text field blank to see all of the entries or groups currently residing in your directory.
- Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
- When the list of group members is complete, click Save Changes. The currently displayed entries are now members of the group.
Adding groups to the group members list
You can add groups (instead of individual members) to the group's members list. Doing so causes any users belonging to the included group to become a member of the receiving group. For example, if Babs Jensen is a member of the Marketing Managers group, and you make the Marketing Managers group a member of the Marketing Personnel group, then Babs Jensen is also a member of the Marketing Personnel group.To add a group to the members list of another group, add the group as if it were a user entry. See "Adding group members" for more information.
Removing entries from the group members list
To delete an entry from the group members list, do the following:
- Locate the group you want to manage as described in "Finding group entries".
- Click Edit under Group Members.
- For each member that you want to remove from the list, click the corresponding box under the Remove from list? column.
Alternatively, you can construct a filter to find the entries you want to remove and click the Find and Remove button. For more information on creating a search filter, see "Adding group members".
Adding or editing a Group Certificate Member
Create an Attribute Value Assertion (AVA)-certificate group when you want to grant or deny server access to all individuals who share the same group attributes. This feature allows you to build a dynamic group of users based on the information embedded in each individual's FORTEZZA card. For example, you can create an AVA-certificate group of all users who report to the same manager, in the same department of the same business unit. When an individual inserts his FORTEZZA card, if all of these values do not match the attributes you've mapped, the user is not included in the group.You can take advantage of this feature only when you are using a Netscape 3.x server with local database, or when you are using a Netscape LDAP server.
To edit an AVA-certificate group:
- In the Server Administration page, choose Users & Groups|Manage Groups.
- In the Find Group: field, enter the name of the group you want to create or edit, then click Find. A list of existing groups displays.
- Click the name of the group you want to create or edit. The group information displays.
- Click the Group Cert Members: Add button.
- Enter values for the following mapping fields. Note that you do not need to enter a value in all of these fields, but you do need to enter a value for at least one field.
- Common name is usually the fully qualified hostname used in DNS lookups (for example, www.netscape.com) on servers, or a person's name on clients.
- Email address is your business email address. This is used for correspondence between you and the CA.
- Organizational Unit(s) is an optional field that describes an organization within your company. This can also be used to note a less formal company name (without the Inc., Corp., and so on). You can specify more than one organizational unit. If you do, the names must match the ones in the certificate in order.
- Locality is an optional field that usually describes the city, principality, or country for the organization.
- State or Province is usually required, but can be optional for some CAs. Most CAs won't accept abbreviations, but check with them to be sure.
- Country is a required, 2-character abbreviation of your country name (in ISO format). The country code for the United States is US.
Managing owners
You manage a group's owners list the same way as you manage the group members list. The following table shows you which section to read for more information:| If you want to...
|
Use the steps in.
. .
|
|---|---|
| Add owners to the group
|
"Adding group members"
|
| Add groups to the owners list
|
"Adding groups to
the group members list"
|
| Remove entries from the owners list
|
"Removing entries
from the group members list"
|
Managing see alsos
See alsos are references to other directory entries that may be relevant to the current group. They allow users to easily find entries for people and other groups that are related to the current group.You manage see alsos the same way as you manage the group members list. The following table shows you which section to read for more information:
| If you want to...
|
Use the steps in.
. .
|
|---|---|
| Add users to see alsos
|
"Adding group members"
|
| Add groups to see alsos
|
"Adding groups to
the group members list"
|
| Remove entries from see alsos
|
"Removing entries
from the group members list"
|
Removing groups
To delete a group, do the following:
- Locate the group you want to delete as described in "Finding group entries".
- Click Delete Group.
- Click O.K. in the resulting confirmation box. The group entry is immediately deleted.
Renaming groups
To rename a group, do the following:
- Locate the group you want to manage as described in "Finding group entries".
- Click the Rename Group button.
- Enter the new group name in the resulting dialog box.
Note
When you rename a group entry, you only change the group's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
- organizational units for Marketing and Accounting
- an group named Bean Counters under the Accounting organizational unit
then you can rename the group from Bean Counters to Counters of Beans, but you cannot rename the entry such that Bean Counters under the Accounting organizational unit becomes Bean Counters under the Marketing organizational unit.
Creating organizational units
For information on organizational units and how they should be used, see "Planning your directory structure". To create an organizational unit, do the following:
- From the administration server manager, go to Users & Groups | New Organizational Unit.
- In the Unit Name field, enter the name of the organizational unit.
- In the Description field, you can optionally add a description of the unit.
- In the Add Organizational Unit to list, select the organization under which this new organization will reside.
- Click Create Organizational Unit. The new entry is added immediately.
- You can also represent organizational unit information using characters in another language if appropriate.
Notes on organizational units
The following notes may be of interest to the directory administrator:
- New organizational units are created using the organizationalUnit object class.
- The distinguished name for new organizational units is of the form:
ou=new organization, ou=parent organization, ...,o=base organization, c=countryFor example, if you create a new organization called Accounting within the organizational unit West Coast, and your Base DN is o=Ace Industry, c=US, then the new organization unit's DN is:
ou=Accounting, ou=West Coast, o=Ace Industry, c=US
Managing organizational units
You edit and manage organizational units from the Organizational Unit Edit form. From this form, you can:
- Find organizational units
- Remove organizational units
- Edit organizational unit attributes
- Rename organizational units
- Delete organizational units
Finding organizational units
To find organizational units:
- Go to Users & Groups | Manage Organizational Units.
- Enter the name of the unit you want to find in the Find organizational unit field. You can enter any of the following in the search field:
- A name. Enter a full name or a partial name. All entries that equally match the search string will be returned. If no such entries are found, all entries that contain the search string will be found. If no such entries are found, any entries that sounds like the search string are found.
- An asterisk (*) to see all of the groups currently residing in your directory. You can achieve this same result by simply leaving the field blank.
- Any LDAP search filter. Any string that contains an equal sign (=) is considered to be a search filter.
- In the Look within: field, select the organizational unit under which you want to search for entries. The default is the root point of the directory.
- In the Format: field, choose either On-Screen or Printer.
- Click Find. All the organizational units matching your search criteria are displayed.
- In the resulting table, click the name of the organizational unit that you want to find.
The Find all units whose: field
The Find all units whose: field allows you to build a custom search filter. Use this field to narrow down the search results that are otherwise returned by Find organizational unit:Find all units whose: provides the following search criteria:
- The left-most pull-down list allows you to specify the attribute on which the search will be based.
- In the middle pull-down list, select the type of search you want to perform.
- In the right-most text field, enter your search string.
unit nameSearch each entry's name for a match.
descriptionSearch each organizational unit entry's description for a match..
containsCauses a substring search to be performed. Entries with attribute values containing the specified search string are returned. For example, if you know an organizational unit's name probably contains the word "Marketing", use this option with the search string "Marketing" to find the organizational unit entry.
isCauses an exact match to be found. That is, this option specifies an equality search. Use this option when you know the exact value of an organizational unit's attribute. For example, if you know the exact spelling of the organizational unit's name, use this option.
isn'tReturns all the entries whose attribute value does not exactly match the search string. That is, if you want to find all the organizational units in the directory whose name does not contain "Marketing", use this option. Be aware, however, that use of this option can cause an extremely large number of entries to be returned to you.
sounds likeCauses an approximate, or phonetic, search to be performed. Use this option if you know an attribute's value, but you are unsure of the spelling. For example, if you are not sure if a organizational unit's name is spelled "Sarret's Org", "Sarette's Org", or "Sarett's Org", use this option.
starts withCauses a substring search to be performed. Returns all the entries whose attribute value starts with the specified search string. For example, if you know a organizational unit's name starts with "Product", but you do not know the rest of the name, use this option.
ends withCauses a substring search to be performed. Returns all the entries whose attribute value ends with the specified search string. For example, if you know a organizational unit's name ends with "Development 1", but you do not know the rest of the name, use this option...
To
display all of the organizational unit entries contained in the Look
Within directory, enter either an asterisk (*) or simply leave this
text field blank.
For more information on how to find an organizational unit entry, see "Finding organizational units".
Editing organizational unit attributes
To change a organizational unit entry:
- Locate the organizational unit you want to edit as described in "Finding organizational units".
- The organizational unit edit form is displayed. Change the displayed fields as desired and click Save Changes. The changes are made immediately.
Note
It is possible that you will want to change an attribute value that is not displayed by the organizational unit edit form. In this situation, use the ldapmodify command line utility.
Renaming organizational units
To rename an organizational unit entry, do the following:
- Make sure no other entries exist in the directory under the organizational unit that you want to rename.
- Locate the organizational unit you want to edit as described in "Finding organizational units".
- Click the Rename button.
- Enter the new organizational unit name in the resulting dialog box. .
Note
When you rename an organizational unit entry, you can only change the organizational unit's name; you cannot use the rename feature to move the entry from one organizational unit to another. For example, suppose you have:
- organizational units for Marketing and Accounting
- an organizational unit called Widget 1 under the Marketing organizational unit
then you can rename the entry from Widget 1 to Widget 2, but you cannot rename the entry such that Widget 1 under the Marketing organizational unit becomes Widget 1under the Accounting organizational unit.
Deleting organizational units
To delete an organizational unit entry do the following:
- Make sure no other entries exist in the directory under the organizational unit that you want to rename.
- Locate the organizational unit you want to delete as described in "Finding organizational units".
- Click the Delete button.
- Click O.K. in the resulting confirmation box. The organizational unit is immediately deleted.
Importing a directory from LDIF
If you do not currently have a directory, or if you want to add a new subtree to an existing directory, you can use the Users and Groups import function. This function accepts a file containing LDIF and attempts to build a directory or a new subtree from the LDIF entries.If you are using the Netscape local directory, the import function will optionally overwrite any existing directories. If you are using a directory server and you attempt to import an entry that already exists, then that operation will fail.
To merge LDIF formatted entries into an existing directory (either for a local directory, or for directory server), it is best to convert the LDIF to LDIF update statements and use ldapmodify to perform the merge.
To create an new directory or subtree from Users and Groups, do the following:
- Go to Users & Groups | Import.
- Enter the full path name to the LDIF file containing the entries you want to add to your directory.
- Check Stop on errors if you want the import to fail completely if any single add operation fails.
- If you are using the local directory, then Erase existing database is available to you. Check this field if you want your existing database to be erased when a new directory is imported from LDIF. If Erase existing database is not checked, then the import function will attempt to add the contents of the LDIF file to the existing directory. However, if the import function attempts to add an entry to the directory that already exists, then an error is returned. Whether the import function continues or stops immediately is dependent on whether Stop on errors is checked.
- Click Begin Import. The import proceeds immediately.
Exporting a database to LDIF
You can export your current directory to LDIF using the Users and Groups export function. This function creates an LDIF-formatted file that represents your directory.To export your directory to an LDIF file:
- Go to Users & Groups | Export.
- Enter the full path name to the file in which you want the LDIF to be placed. Note that if you do not enter a full path name here, the file is placed in NSHOME\db\ldap\tools where NSHOME is your administration server's installation root directory.
- The Suffix to add field is available if you are exporting a local directory to the directory server. In this situation, you must specify a suffix to successfully import your local directory into directory server.
- Click OK. The export proceeds immediately.
The suffix you specify must match at least one of the suffixes configured for your directory server.
Working with large LDIF files:
- Netscape doesn't support more than 1000 entries in the local database.
If you are working with large LDIF files, and you see the following
message:
Window.Document.impForm has no property named 'ldif'
then the Administration Server has timed out. To avoid this problem,
use the following command line procedures.
- To import an LDIF file:
- cd NSHOME/userdb/ldap/tools
- rm ../db/* (optional -- this removes the existing db)
- ./ldapmodify -aC ../config/lcache.conf < /tmp/my.ldif
To export an LDIF file:
- cd NSHOME/userdb/ldap/tools
- ./ldapsearch -C ../config/lcache.conf -b "" "objectclass=*" > /tmp/my.ldif