 |
 |
 |
 |
Managing Users and Groups
This chapter describes the different tasks involved in managing users and groups in a CorporateTime node. Whether this information is stored internally, or in an LDAP directory, the administrative procedures required to manage users and groups differ little.
For installations using an LDAP directory, administrators must be familiar with user creation and management for the directory server, or should refer to the appropriate on-line help, as users are generally in the directory server before they are added to a CorporateTime node. It is also possible to take an existing CorporateTime node and migrate the necessary information to a directory server.
The following topics are dealt with in this chapter:
- Creating CorporateTime users
- Managing CorporateTime users
- Deleting CorporateTime users
- Managing user defaults
- Assigning administration rights
- Managing groups
Creating CorporateTime users
Each employee in your company, or member in your organization, who plans to use CorporateTime must first become a user. Once a user's profile has been created and added to a node, the employee can then use a CorporateTime client to connect to the node and manage his/her personal agenda.
An administrator is presented with two possible scenarios when adding CorporateTime to an installation that uses an LDAP directory service. In the most common situation, the enterprise-wide database of users and resources will already exist on the directory server. This data is then used to create the CorporateTime users on the newly created nodes. Alternatively, the administrator may wish to take one or more existing CorporateTime databases and export the user and resource data in an LDIF format that is then used to populate the directory server. Users must be in the directory server before they can be added to a CorporateTime node.
Adding users to the internal directory of CorporateTime
Cmd line
Users are added to CorporateTime's internal directory using the uniuser utility. See the relevant man page or Appendix G for a full description of the options and syntax of this utility.
uniuser -add "S=Addison/G=Thomas/I=W/O=acme" -n 786 -p sysopuniuser: added "Addison,Thomas,W"
To add users to an internal directory using the CorporateTime Server Administrator:
- Run CorporateTime Server Administrator.
- Sign in to the node you wish to populate.
- Select User | New User to open the New User dialogue box.
- Type the new user's surname in the Last Name box. This is the only value required to create a new user.
- Enter values in all other entry boxes as desired.
- You may set a password for the user by entering matching values in the Password and Confirm Password boxes. If a password is not set by the administrator, the user will be permitted to sign in without a password.
- Click OK to create the new user.
Adding users to CorporateTime from a pre-populated directory server:
Cmd line
Adding CorporateTime users from an existing directory server is a two step process. Identifying the directory server users who are not CorporateTime users is the first step. The utility unidssearch will search the directory server DNs and return all entries without the attribute ctCalXItemId (object class = OrganizationalPerson [ISOCOR, GDS500]; objectclass = inetOrgPerson [Netscape DS] ). These users can then be added to a CorporateTime node using the uniuser command. See Appendix G for full instructions on the use and syntax of these utilities.
Determine which users in the directory server are not attached to a CorporateTime Server node:
Use unidssearch to search the directory server for entries not added to a CorporateTime node. See Appendix G for a description of the options and syntax of this utility.
% unidssearch -c 10A DID=cn=Lan Nguyen, ou=Research, o=Acme, c=US
A DID=cn=James Alexander, ou=Research, o=Acme, c=US
A DID=cn=Chris Robbins, ou=Research, o=Acme, c=US
A DID=cn=Thomas Addison, ou=Administration, o=Acme, c=US
A DID=cn=Claire Roslyn, ou=Administration, o=Acme, c=US
A DID=cn=Denis Tremblay, ou=Administration, o=Acme, c=US
A DID=cn=Maija Laine, ou=Finance, o=Acme, c=US
A DID=cn=Elizabeth McKinley, ou=Finance, o=Acme, c=US
A DID=cn=Walter Chen, ou=Finance, o=Acme, c=US
A DID=cn=Oliver Maxwell, ou=Finance, o=Acme, c=US
If you are using a Netscape Directory Server, the attribute cn (common name) might be replaced by the attribute uid (user ID or login).
To add the users one at a time:
Use uniuser -add to add a single user. See Appendix G for a description of the options and syntax of this utility.
% uniuser -add "DID=cn=James Alexander, ou=Research, o=Acme, c=US" 134uniuser is working, please wait ...
uniuser: [cn=James Alexander, ou=Research, o=Acme, c=US] add success
To add several users:
Admin GUI
- Create a file of all users in the directory server who are not CorporateTime users. The number of non-CorporateTime users returned by a search may be limited by maximum search settings on the directory server. You can also limit the scope of the search as in the following example where 5 users are selected from the directory server.
- The file created may then be modified, filtered or added to as required and according to a set format and syntax. For example, if you are using Control Data's Global Directory Server, you would be advised to add an attribute and value for the user's given name as this is used by CorporateTime and is not included in the directory schema. Additions are made in X.400 format. See the uniuser documentation in Appendix G for a complete description of the X.400 keys, fields and syntax.
- Attach all users in the file to the specified node:
- % uniuser -ex users 134
- Enter SysOp password:
- uniuser is working, please wait ...
- uniuser: [cn=Chris Robbins, ou=Research, o=Acme, c=US/G=Chris] add success.
- uniuser: [cn=Thomas Addison, ou=Administration, o=Acme, c=US/G=Thomas] add success.
- uniuser: [cn=Claire Roslyn, ou=Administration, o=Acme, c=US/G=Claire] add success.
- uniuser: [cn=Denis Tremblay, ou=Administration, o=Acme, c=US/G=Denis] add success.
Directory server users may be added to a local or remote CorporateTime node using the CorporateTime Server Administrator:
- Run CorporateTime Server Administrator.
- Sign in to the node you wish to populate.
- Select User | Add Users to open the Directory Search dialogue box.
- Set the number of directory server users returned from a search operation in the Limit box. (Note: The maximum value for the search is configurable -- see "Configuration of Search Parameters" for the ISOCOR Global Directory Server connector)
- By default, the directory server search will return any Directory entries, limited to the number defined in the step above, that are not already attached to a CorporateTime node (i.e. all directory server DNs without the attribute ctCalXItemId (objectclass=OrganizationalPerson [ISOCOR,GDS500]; objectclass=inetOrgPerson [Netscape DS]). If you wish to further restrict the parameters for the search, activate the Use Filter checkbox and consult the on-line LDAP Search Filters help topic (or the documentation supplied with your directory server) for more information concerning the syntax and use of LDAP filters.
- Click Search. The results of the search are displayed in the list box titled "Directory Users: <#> found".
- To select users to add to a node, click on an entry to select a single user, <Ctrl> click on each desired entry to create a subset of the displayed users, or click Select All to activate the complete list. Unselect All will reset the entire list to the default of no selections.
- Click Add when you have completed your selection of Directory users to be added to a CorporateTime node.
- Verify the addition of each CorporateTime user in the Status box. Directory users successfully added to a CorporateTime node will be removed from the Directory Users' list box.
- Click Close when you have completed the addition of users to the active CorporateTime node.
Adding CorporateTime users to a directory server
UNIX
Contact CS&T's support department at (514) 733-8500 for assistance and utilities to handle the migration of all CorporateTime users to the directory server.
Managing CorporateTime users
Cmd line
You may view and modify various CorporateTime user attributes using the uniuser utility. See Appendix G for full instructions on the capabilities and syntax of this utility.
Admin GUI
To edit user information on a local or remote node:
Note
- Run CorporateTime Server Administrator.
- Select Properties from the User menu to open the Search dialogue box.
- To locate the user profile that you wish to modify, click Search to view a complete listing of users for all nodes that you are connected to (ie. all nodes which are part of your node network), or type in any information that you have (a name or even the first letter of a name) to restrict the search. Although you may view the users for all nodes that you are connected to, you may edit the user profiles only for the node that you are signed into.
- If there is not an exact match for the information that you have entered, the system will retrieve any users for which the lead or leading characters in the search field match those entered to restrict the query. Thus, a search with an entry of "A" in the Last Name field will return all users whose last names begin with "A".
- Select the correct user from the list box below the Search button by clicking the user name. If the list extends beyond the limits of the box, use the scroll bar to view all retrieved users.
- Once you have made your selection, double click the chosen entry or click Properties to bring up the User Properties dialogue box. You may now select any field to edit the displayed value.
- Click OK when the modifications are complete.
Deleting CorporateTime users
Cmd line
Remove the user(s) from the CorporateTime node using the uniuser -del (single deletion) or the uniuser -ex (multiple deletions) command. See Appendix G for full instructions on the capabilities and syntax of this utility. Delete the same user(s) from the directory server or run unidsdiff to synchronize the information on the CorporateTime node with that kept in the directory server.
Admin GUI
To delete a user from a local or remote node:
Note
- Run CorporateTime Server Administrator.
- Select a user using the procedure outlined above.
- Select the desired user, or <Ctrl> click each name to build a list of users, and click Delete.
- Delete the same user(s) from the directory server or run unidsdiff to synchronize the information on the CorporateTime node with that kept in the directory server. See Appendix G for full instructions on the capabilities and syntax of this utility.
- When a user is deleted from a node, the user's records and directory entry are removed from the local node. This means that all data owned by the user, including any events or groups, will be deleted. Thus, the user will no longer appear in others' agendas, nor will any events owned by this user remain. Any remote directory listings and remote copies of events owned by the user also will be removed. To preserve the user's agenda in a file prior to deletion from the node, you may use the unicpoutu utility. The unicpinu utility could then be used to copy this information back into a CorporateTime Server node.
- If you do not want to run the risk of deleting valid events from the agendas of other users, it is a good practice to not delete, but to rename, the user until all of the events have passed. For example, if a manager who controlled group scheduling leaves your company, you might delete all personal information from his/her user profile and enter "manager" and "sales" for last and first name respectively. All events and groups owned by this user would therefore remain in the agendas of other users. Alternatively, the CorporateTime administrator may wish to change all of the personal information in the manager's user profile to that of a new employee who assumes the same function and therefore takes over the management of the created events and groups.
Moving CorporateTime users
A variety of circumstances -- organizational changes, employee relocation, or the need to redistribute node capacity -- may result in a situation where the CorporateTime administrator needs to move one or more users from one node to another. This operation is achieved through the use of the unimvuser utility. See Appendix G for full instructions on the use of this utility.
Managing user defaults
A CorporateTime administrator may wish to set certain client display preferences, administrative rights, viewing privileges or other parameters for a group of users by first defining a default user profile before adding these users to the node.
Defining a default user profile:
- All configuration parameters for the user profile are stored in the /users/unison/misc/user.ini file. Edit this file using a text editor supplied with your operating system.
- The default value can be changed according to the information and limits defined in the following section "Parameters for user profile".
- To make changes, delete the old value and insert a new value.
- The default value is assumed if the parameter is not included in the /users/unison/misc/user.ini file.
Parameters for user profile
The information that can be specified is:
- Display preferences
- Refresh frequency, notification and reminder preferences
- Viewing and scheduling rights to a personal agenda available to other users
- Administrative rights for groups, holidays and resources
- Default directory address fields
- Time zones different from that of the node
- List of administrative groups that new users will be added to
- List of persons who can work as designates for a user
Display Preferences
ShowSunday = TRUE/FALSE
This set of parameters determines whether or not these days will be part of the week view on the client. The default is TRUE for all seven days of the week.
TimeFormat = 1/2
This parameter determines whether or not time is displayed in standard (AM/PM) or military (24h) time. The default is "2" -- AM/PM.
StartDay = time_of_day
This parameter determines the time at which the user's agenda starts (day & week view only) for display purposes only. This does not affect the regular business hours of the user. The default is 08h00.
EndDay = time_of_day
This parameter is used to define the time of day the user's agenda ends (day & week view only) for display purposes, although it has little effect given that all hours of the day are displayed. For example, if this is set to 15h00, or 3 o'clock PM, the remainder of the afternoon will still be visible. Other settings, such as time slot increments and the spacing height, also affect how little or how much of the day is displayed. The default is 18h00.
TimeInc = time_in_minutes
This parameter defines the time increment for the day & week views. Adjusting the value of this parameter affects how much of your day is displayed on the screen. Only the following values can be specified: 5, 10, 15, 20, 30, 60 (minutes). The default is 15 minutes.
Refresh, Notification & Reminder Preferences
RefreshFrequency = time_in_minutes
This parameter sets the refresh frequency of the client in minutes. A value of 0 would effectively disable the refresh. The default is 15 minutes.
MailNotification = TRUE/FALSE
This parameter specifies whether or not the user can receive mail notification. Note, this setting has no effect on the users' ability to send mail notification. The default is FALSE.
DefaultReminder = 0/1
If set to 1, the Default Reminder for Agenda Entries and Day Events is set to Pop-up Reminder. For Tasks, only the Default Task Due Reminder is set to Pop-up Reminder, the Default Task Start Reminder is NOT set. Furthermore, The Daily Notes Default Reminder is also not set. The default is 0, or no reminders.
TimeBeforeReminder = time_in_minutes
This parameter is used to set the reminder time for the Default Reminder. In other words, a value of 24 would mean that the reminder would appear 24 hours before the start of the event. Only the following values can be specified: 0, 2, 5, 10, 60, 120, 240 (minutes); 12, 24, 48, 96 (hours); 7, 14, 31 (days).
Default Security to Other Users
ViewNormalEvent = YES/NO/TIMEViewPersonalEvent = YES/NO/TIME
ViewConfidentialEvent = YES/NO/TIME
The above parameters determine the default security given to other users when creating events or tasks of these designations. For example, if ViewNormalEvent was set to TIME, only the time slot of the event would be visible to other users. Conversely, if ViewNormalEvent was set to YES, all details of the event would be visible to other users. If ViewNormalEvent was set to NO, the event would not be visible at all to other users.
The default value for all of the above parameters is NO.
All details of a public event are visible to other users, there is no way to modify this behaviour via these parameters.
The ViewNormalEvent and ViewNormalTask settings map to the "Normal" Access Level on the client.
The ViewPersonalEvent and ViewPersonalTask settings map to the "Personal" Access Level on the client.
The ViewConfidentialEvent and ViewConfidentialTask settings map to the "Confidential" Access Level on the client.
CanBookMe = TRUE/FALSE
Setting this parameter to TRUE allows any undefined user to schedule with the user. Of course, this can be overridden by the user within the client. The default setting is FALSE.
Personal Group and Administrative Rights
CreatePublicGroups = FALSE
This parameter determines whether or not users have the ability to create Public groups (i.e. groups available to all users in the database). The default is FALSE.
ManageAdmGroups = FALSE
This parameter determines whether or not users have the ability to create Admin groups. Like Public groups, Admin groups are available to all users in the database, except that Admin groups are not owned by the user who created them, but rather by the SYSOP. Why would someone want to create a SYSOP-owned group? If you delete a user who has created a Public group, the Public group is deleted along with his/her data. Conversely, Admin groups created by that user will not be deleted. The default is FALSE.
ManageHolidays = FALSE
This parameter determines whether or not users have the ability to manage (i.e. create, modify or delete) holidays on the system.
X.400 Address Information
The following parameters, when defined, can be useful for populating the database with a large number of users who share X.400 address information.
OU1 = Org_unit_1
Miscellaneous
TimeZone = time zone
This parameter is used to define users in different time zones.
Admin Groups
This section allows you to define groups that users will be placed in as they are added to the system. Note that the groups must be created beforehand, and that there is a maximum of 10 groups per section.
Group0 = group_name
Designates
This section allows you to define designates for users as you are adding them to the system. Note that the designates must exist in the database beforehand, and that there is a maximum of 10 designates per section.
Designate0 = designate_name
Assigning administration rights
The CorporateTime Server administrator may grant or revoke the right to administer groups and holidays to individual users. A default administrative rights profile is assigned to each new user applying the parameters set in the /users/unison/misc/user.ini file. The CorporateTime Server administrator may wish to initially assign no rights to administer holidays and groups (the current default setting in the user.ini file), and then selectively grant these rights. Alternatively, the administrator may wish to define a default profile and then use it as a template to add all users requiring the same administrative privileges.
Cmd line
CorporateTime user administration rights can be set and modified from the command line using the uniadmrights utility. See Appendix G for full instructions on the use of this utility.
Admin GUI
To grant the right to administer holidays and public groups on a local or remote node:
- Run CorporateTime Server Administrator (CTimeAdmin.exe).
- Select Properties from the Node menu and click the Admin Rights tab. You can grant rights to any user in the list box.
- If the user you wish to grant rights to does not appear in the list box, click Add and follow the steps outlined above to search for and select a user to add to the list.
- To grant rights, select the name of a user from the list box.
- Define the user's administration rights by clicking the corresponding checkboxes.
- Click OK.
To revoke the right to administer holidays and public groups on a local or remote node:
- Run CorporateTime Server Administrator.
- Select Properties from the Node menu and click the Admin Rights tab.
- Select the name of a user from the list box.
- Click the box to the left of the granted right(s) to remove the checkmark from the checkbox and therefore revoke that right from the selected user.
- Click OK.
Managing groups
To allow CorporateTime users to efficiently schedule entries, tasks, events and notes with other users and resources, CorporateTime offers the facility to create four different types of groups:
Public groups
Private groups
- available only to the user who created the group
- created and modified by CorporateTime users in the Group Management dialogue box of a CorporateTime client
Administrative groups
- available only to those users who have been granted the right to create and administer this type of group (right granted by the CorporateTime administrator)
- created and modified by CorporateTime users in the Group Management dialogue box of a CorporateTime client
Members only groups
| Corporate Software & Technologies http://www.cst.ca Voice: (514) 733-8500 Fax: (514) 733-8878 info@cst.ca |
| |
|
|
|