Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP 9000 Networking: Supervising the Network > Chapter 2 Setting Up and Managing NetWare Directory Services Objects

Managing Groups of User Objects
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NetWare 4.1 allows you to manage User objects as a group, which is often more efficient than managing them individually. Six objects that can help you manage groups of User objects are described in Table 2-5.

Table 2-5 Objects that Help Manage Users

Object

Description

Organization

Allows you to assign trustee rights, login scripts, and user defaults to the User objects in the Organization.

Organizational Unit

Allows you to assign trustee rights, login scripts, and user defaults to the User objects in the Organizational Unit.

Group

Provides an efficient way to manage one object, the Group object, instead of many individual User objects.

Profile

Allows you to set up a specific work environment by using a common login script for groups of users who need similar work environments but who are not located in the same container object.

Organizational Role

Allows you to assign rights to a particular position and set of responsibilities rather than to a person. The person who occupies that position may change frequently, but the responsibilities of that position do not. The difference between a Group object and an Organizational Role object is that a Group object usually has many members, whereas an Organizational Role object usually has only one or two members.

USER_TEMPLATE

Allows you to apply default property values to any user that you create in a container object. You can choose to apply the information in the user template when you create new User objects. The template is actually a User object named USER_TEMPLATE.

 

Managing Group Objects

If you want a user to have access to an object, you must give the user a trustee assignment to that object. Rather than make trustee assignments to many users, you can create a Group object and make just one trustee assignment to grant access to all the users who belong to the Group.

Here are some guidelines to follow when setting up a Group object:

  • Only User objects can be listed in a Group, and you can add User objects from any part of the Directory tree to a Group.

A Group object is not a container. It does not "contain" User objects; users' names are merely assigned to a Group object.

  • To create a Group object, see "Creating Leaf Objects" in this chapter.

  • You must create User objects before you can add them to the membership list of a Group object. See "Creating Leaf Objects" in this chapter for instructions on creating User objects.

  • After you have created a Group object and added User object names to it, you manage the rights of the Group object rather than the rights of the individual users.

    For example, suppose you have a word-processor application on the network that many users need to access. You could create a Group object named WORD PROCESSOR USERS and add the User object names of the users who need access to the application.

    Then, rather than granting file trustee rights to each of the User objects, you would grant the file trustee rights to the Group object WORD PROCESSOR USERS for the application and the working directory.

  • When a user is added to the membership list of a Group object, the Group is listed in that user's Security Equal To property. The user is granted all rights that any object (User, Group, Printer, etc.) in that list is granted, both object and file rights.

After you have created a Group object, use the procedures that follow to:

  • Add members to a Group object.

  • Give a Group object rights to files and directories.

  • Delete members from a Group object.

You can use NetWare Administrator or NETADMIN to manage Group objects. Both procedures are described in this section.

Additional Information

For more information about

Refer to

Groups

"Group Objects" in Concepts

Object and property rights

"Rights Needed to Create and Manage Objects" in this chapter

Using NETADMIN

"NETADMIN" in Utilities Reference

Using NetWare Administrator

"NetWare Administrator" in Utilities Reference

Adding Members to a Group Using NetWare Administrator

Prerequisites

  • A 386 or later workstation and NetWare Administrator

  • The Write right to the Members property of the Group object

  • The Write right to the Security Equal To property of the User object

  • The Write right to the ACL (Access Control List) property of the Group object

  • The Group object must already exist, and the User objects you want to add as members of the Group must already exist

Procedure

  1. From the Windows Program Manager, click on the "NetWare Administrator" icon.

  2. Select the Group object you want to edit.

    For information on moving around in the browser and selecting objects, press <F1>.

  3. From the "Object" menu, choose "Details."

  4. Choose the "Members" button at the right side of the "Object" dialog box.

  5. Choose the "Add" button to browse the Directory tree for User objects.

  6. Browse the Directory tree until the User object you want appears in the "Objects" box.

  7. Choose "OK."

  8. Repeat Step 5 through Step 7 to add more User objects to the Group object.

  9. When you have finished adding User objects to the Group object, choose "OK" to save your changes and return to the browser.

Adding Members to a Group Object Using NETADMIN

Prerequisites

  • A workstation running DOS 3.30 and NETADMIN

  • The Supervisor right to the Group object, or the Write or Supervisor right to the Members property of the Group object

  • The Supervisor right to the Group object, or the Write or Supervisor right to the Security Equal To property of the User object

  • The Supervisor or Write right to the ACL property of the Group and User objects

  • The Group object must already exist, and the User objects you want to add as members of the Group must already exist

Procedure

  1. At the DOS prompt, type

    NETADMIN <Enter>

    For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

  2. From the "NetAdmin options" menu, choose "Manage objects."

  3. Browse the Directory until the Group object appears on the screen.

    Use the instructions at the bottom of the screen to browse the directory. Press <F1> for help.

  4. When the Group object appears in the "Object" list, select it and press <F10>.

    The "Actions" menu appears.

  5. Choose "View or Edit Properties of This Object."

  6. From the "View or Edit Group" menu, choose "Group Members."

  7. At the "Group Members" screen, press <Insert> and then press <Insert> again to browse for the User object you want to add to the Group object.

  8. When the User object you want to add appears in the Directory, select it and press <F10>.

  9. When the selected User object appears in the " Members" screen, press <Enter>.

    To select (mark) multiple User objects, press <F5>.

  10. Continue to press <Insert> and select User objects until you have added all the users you want as Group members.

  11. To save the list of Group members, press <F10>.

  12. To exit, press <Esc> until you return to the "NetAdmin Options" menu.

Giving Group Object Rights to Files and Directories Using NetWare Administrator

Prerequisites

  • A 386 or later workstation and NetWare Administrator

  • The Read object right to the Volume object

  • Rights to the file system

Procedure

  1. From the Windows Program Manager, click on the "NetWare Administrator" icon.

  2. Select the Group object you want to edit.

    For information on moving around in the browser and selecting objects, press <F1>.

  3. From the "Object" menu, choose "Details."

  4. Select the "Rights to File System" button on the right side of the "Object" dialog box.

  5. To choose a Volume, select "Include."

    A list of Volumes appears in the "Select Object" box. You can also browse the Directory for a Volume.

  6. From the "Volumes" list, select the volume that contains the directory or file.

  7. Choose "Add."

  8. Select the Volume that contains the directory or file you want to grant rights to.

  9. From the "Files and Directories" dialog box, select the directory or file that you want to grant rights to.

    The default rights that make up this object's trustee assignment to the file or directory appear in the "Rights" area.

  10. Select the check boxes next to the rights that you want to add.

    You must have the Access Control right to the file or directory to make trustee assignments to the file or directory.

  11. Choose "OK."

    The new trustee assignment is now effective for this object.

Giving a Group Object Rights to Files and Directories Using NETADMIN

Prerequisites

  • A workstation running DOS 3.30 and NETADMIN

  • The Read object right to the Volume object

  • Rights to the file system

Procedure

  1. At the DOS prompt, type

    NETADMIN <Enter>

    For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

  2. From the "NetAdmin Options" menu, choose "Manage Objects."

  3. Browse the Directory until the Group object appears on the screen.

    Use the instructions at the bottom of the screen to browse the directory. Press <F1> for help.

  4. When the Group object appears in the "Object" list, select it and press <F10>.

    The "Actions" menu appears.

  5. Choose "View or Edit Rights to Files and Directories."

  6. Select a Volume object where you want to make the Group object the trustee of a directory or file.

    Press <Insert> to type the Volume object name or press <Insert> twice to browse the Directory tree.

  7. Press <Insert> to type a beginning pathname to the directories in which you want to make trustee assignments, or press <Insert> again to browse for the path.

  8. Select "Directories/Files" and press <Enter>.

    Choose whether you want to view files, directories, or both when you are selecting one to give a trustee assignment to.

  9. Select "Trustee Search Depth" and press <Enter>.

    Choose whether you want to view only the files or directories in the current directory, or to search subdirectories.

  10. To list the trustee assignments, press <F10>.

    The "Trustee Directory Assignments" screen appears.

  11. To select a directory or file in which the Group object should be added as a trustee, press <Insert>.

  12. To accept the directory you specified earlier, press <Enter>; or, to browse for the file system directories, press <Insert>.

  13. To add or delete the rights, select "Trustee Directory, Rights" and press <Enter>.

    The "Trustee Rights Granted" menu appears.

  14. To view or add rights that are not yet granted, press <Insert>.

    Press <F1> if you need help.

  15. To save the trustee assignments, press <F10>.

  16. Continue selecting directories and files and granting rights until finished.

  17. To exit, press <Esc> until you return to the "NetAdmin Options" menu.

Deleting Members from a Group Object Using NetWare Administrator

Prerequisites

  • A 386 or later workstation and NetWare Administrator

  • The Supervisor right to the Group object, or the Write or Supervisor right to the Members property of the Group object

  • The Supervisor right to the Group object, or the Write or Supervisor right to the Security Equal To property of the User object

  • The Supervisor or Write right to the ACL property of the Group and User objects

Procedure

  1. From the Windows Program Manager, click on the "NetWare Administrator" icon.

  2. Select the Group object you want to edit.

    For information on moving around in the browser and selecting objects, press <F1>.

  3. From the "Object" menu, choose "Details."

  4. Select the "Members" button at the right side of the "Object" dialog box.

    The list of User objects for this group appears.

  5. From the "Members" dialog box, select the name you want to delete.

  6. Choose "Delete."

  7. If you want to delete other names, continue selecting names and choosing "Delete."

    You can delete several users at a time by holding down the button on the mouse, dragging the mouse arrow over the names, and choosing "Delete."

  8. When you have finished deleting members, choose "OK" to save your changes and return to the browser.

Deleting Members from a Group Object Using NETADMIN

Prerequisites

  • A workstation running DOS 3.30 and NETADMIN

  • The Supervisor right to the Group object, or the Write or Supervisor right to the Members property of the Group object

  • The Supervisor right to the Group object, or the Write or Supervisor right to the Security Equal To property of the User object

  • The Supervisor or Write right to the ACL property of the Group and User objects

Procedure

  1. At the DOS prompt, type

    NETADMIN <Enter>

    For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

  2. From the "NetAdmin Options" menu, choose "Manage Objects."

  3. Browse the Directory tree until the Group object appears on the screen.

    Use the instructions at the bottom of the screen to browse the directory. Press <F1> if you need help.

  4. When the Group object appears in the "Object" list, select it and press <F10>.

    The "Actions" menu appears.

  5. Choose "View or Edit Properties of This Object."

  6. From the "View or Edit Groups" menu, select Group members.

  7. Select the User object you want to delete from the Group object and press <Delete>.

    To select multiple User objects, press <F5>.

  8. To confirm the deletion, choose "Yes."

  9. To exit, press <Esc> until you return to the "NetAdmin Options" menu.

Managing Profile Objects

Profile objects contain login scripts that are used by groups of users who need similar work environments but who are usually not located in the same container object.

When a Profile object is named in a User object, the Profile login script executes when the user logs in after any login script in the Organization or Organizational Unit has executed.

Users can have only one Profile, so only one Profile script can execute for any user.

For information about creating a login script, see Chapter 5,"Customizing the User Environment."

For an example of a login script used in a Profile object, see "Profile Login Script" in Chapter 5.

You can use NetWare Administrator or NETADMIN to create a Profile object. Both procedures are described in this section.

Additional Information

For more information about

Refer to

Profile objects

"Profile object" in Concepts

Creating login scripts

Chapter 5, "Customizing the User Environment"

Using NETADMIN

"NETADMIN" in Utilities Reference

Using NetWare Administrator

"NetWare Administrator" in Utilities Reference

Creating Profile Objects Using NetWare Administrator

Prerequisites

  • A 386 or later workstation and NetWare Administrator

  • The Create object right to the object that will contain the new Profile object

Procedure

  1. From the Windows Program Manager, click on the "NetWare Administrator" icon.

  2. Select the object that will contain the new Profile object.

    For information on moving around in the browser and choosing objects, press <F1>.

    Only Organization and Organizational Unit objects can contain Profile objects.

  3. From the "Object" menu, choose "Create."

  4. Under "New Object," choose "Profile."

    The "Create Profile" dialog box appears.

    If "Profile" does not appear under "New Object," you cannot create Profile objects in this container; select or create another object to contain the Profile object.

  5. Choose "OK."

  6. Type the Profile object name in the box provided.

  7. (Optional) Select "Define additional properties."

    Select this option if you want to write a Profile login script or supply additional information about the new Profile object. Instructions for creating a Profile script are in Chapter 5 "Customizing the User Environment."

  8. Choose "Create."

    If you selected "Define Additional Properties," the "Identification" dialog box appears.

  9. (Optional) Enter information in the fields provided in the "Identification" page of the "Object" dialog box.

  10. (Optional) Choose the "See Also" button at the right side of the object dialog box.

    The "See Also" page allows you to add information about the Profile object you are creating. For example, you might list the User objects to whom you have assigned this script.

    Choose "Help" at any time for information on the current task.

  11. (Optional) Choose the "Login Script" page at the right side of the "Object" dialog box to add commands to the Profile login script.

    Use this page to specify commands that execute when a user logs in, such as a drive mapping command.

  12. To save the new Profile object and return to the browser, choose "OK."

Creating Profile Objects Using NETADMIN

Prerequisites

  • A workstation running DOS 3.30 or later and NETADMIN

  • The Create object right to the object that will contain the new Profile object

Procedure

  1. At the DOS prompt, type

    NETADMIN <Enter>

    For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

  2. From the "NetAdmin Options" menu, select "Manage Objects."

  3. Select the object that will contain the new Profile object.

    The objects in the selected container are listed. To see if you are in the right context, look at the title bar on the screen. Press <F1> for help.

  4. Press <Insert>.

  5. Select "Profile."

    If the Profile object class does not appear, you cannot create that object in the selected container. Press <Esc> to return to the browser, and then select a different container type.

  6. Type the new Profile object name and press <Enter>.

  7. If you want to create another Profile object, choose "Yes." If you do not, choose "No."

    If you choose"Yes," you are prompted to type the new Profile object name. Repeat Step 3 and Step 7, and then continue with Step 8.

    If you choose "No" then the Profile object is displayed in the Directory tree. Continue with Step 8.

  8. To edit this object, press <F10>.

    A menu appears from which you can choose to view or edit information about this object.

  9. Choose "View or Edit Properties of This Object."

  10. Choose "Login Script."

  11. To enter new commands for this Profile login script, choose "No"; or, to copy a login script from another object, choose "Yes."

    The commands you place in the Profile login script are executed when users who belong to this Profile object log in.

    Press <F1> for information on the commands or see "Login Script Commands and Variables" in Chapter 5.

  12. To save your changes, press <F10>.

  13. To exit, press <Esc> until you return to the "NetAdmin Options" menu.

Managing Organizational Role Objects

An Organizational Role object allows you to assign rights to a particular position rather than to the person who occupies that position. The people who occupy that position may change frequently, but the responsibilities of that position do not.

The user assigned to an Organizational Role is called the occupant and is granted all rights that are granted to the Organizational Role object.

For example, you decide that you need a print manager for SALES. You create an Organizational Role object called PRINT MANAGER. You grant the PRINT MANAGER object all object rights to all the Printer, Print Queue, and Print Server objects in that part of the Directory tree.

You may also grant the PRINT MANAGER object the property rights to the Print Job Configuration property of users.

You can assign anyone to the PRINT MANAGER object without having to re-create all the trustee assignments.

When a user is added to the occupant list of an Organizational Role object, the Organizational Role is listed in that user's "Security Equal To" property. The user is granted all rights that any object (User, Group, Printer, etc.) in that list is granted, both to objects and to files and directories.

You can use NetWare Administrator or NETADMIN to create an Organizational Role object. Both procedures are described in this section.

Additional Information

For more information about

Refer to

Organizational Role object

"Organizational Role object" in Concepts

Security equivalence

"Security Equal To" in Concepts

Using NETADMIN

"NETADMIN" in Utilities Reference

Using NetWare Administrator

"NetWare Administrator" in Utilities Reference

Creating Organizational Role Objects Using NetWare Administrator

Prerequisites

  • A 386 or later workstation and NetWare Administrator

  • The Create object right to the object that will contain the new Organizational Role object

Procedure

  1. From the Windows Program Manager, click on the "NetWare Administrator" icon.

  2. Select the object that will contain the new Organizational Role object.

    For information on moving around in the browser and selecting objects, press <F1>.

    Only Organization and Organizational Unit objects can contain Organizational Role objects.

  3. From the "Object" menu, choose "Create."

  4. From the "New Object" dialog box, choose "Organizational Role."

    If "Organizational Role" does not appear under "New Object," you cannot create Organizational Role objects in this container. Select or create another object to contain the Organizational Role object.

  5. Choose "OK."

    The "Create Organizational Role" dialog box appears.

  6. Type the Organizational Role object name in the box provided.

  7. (Optional) "Select Define Additional Properties."

  8. Select the "Create" button at the bottom of the window.

    The "Identification" page of the "Object" dialog box appears.

  9. Enter information in the fields provided in the "Identification" dialog box.

  10. Choose the button to the right of "Occupant."

  11. Choose "Add."

    The "Select Object" window appears.

  12. Select User objects from the "Directory Context" window until the objects you want are shown in the "Object" window.

  13. Select the User object in the left window to occupy the Organizational Role; then choose "OK."

    The object you selected appears in the "Occupant" window.

  14. Choose "OK" in the "Occupant" window.

  15. When you are finished adding User objects as Occupants, choose "OK" in the "Organizational Role" window.

  16. (Optional) Select the "See Also" button at the right side of the object dialog box.

    The "See Also" page allows you to add information about the Organizational Role object you are creating. For example, you might list the User objects that you have assigned as occupants.

  17. To save the new Organizational Role object and return to the browser, choose "OK."

Creating Organizational Role Objects Using NETADMIN

Prerequisites

  • A workstation running DOS 3.30 and NETADMIN

  • The Create object right to the object that will contain the new Organizational Role object

Procedure

  1. At the DOS prompt, type

    NETADMIN <Enter>

    For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

  2. From the "NetAdmin Options" menu, choose "Manage Objects."

  3. Select the object that will contain the new Organizational Role object.

    The objects in the selected container are listed.

    To see if you are in the right context, look at the title bar on the screen. Press <F1> for help.

  4. Press <Insert>.

  5. Select "Organizational Role."

    If the Organizational Role object class does not appear, you cannot create that object in the selected container. Press <Esc> to return to the browser, and then select a different container type.

  6. Type the new Organizational Role object name.

  7. Type the Mailbox Location and press <Enter>.

  8. If you want to create another Organizational Role object, choose "Yes." If you do not, choose "No."

    If you choose "Yes," you are prompted to type the new Organizational Role object name. Repeat Step 6 and then continue with Step 9.

    If you choose "No," then the Organizational Role object is displayed in the Directory tree. Continue with Step 9.

  9. To edit this object, press <F10>.

    A menu appears from which you can choose to view or edit information about this object.

  10. Choose "View or Edit Properties of This Object."

  11. From the "View or Edit Organizational Role" menu, choose "Identification."

  12. Specify a User object for the Organizational Role.

    1. Select the field next to "Occupant" and press <Enter>.

    2. Press <Insert>.

    3. Type the complete name of a User object in the space provided, or press <Insert> to browse the Directory tree and select a User object to be the occupant of the Organizational Role.

      The path from the object to the Root of the Directory tree forms the object's complete name.

  13. Select additional User objects as needed.

  14. To save the list of occupants, press <F10>.

  15. Enter information in other fields as needed.

  16. To save changes, press <F10>.

  17. To exit, press <Esc> until you return to the "NetAdmin Options" menu.

Managing User Templates

A user template contains default information that you can apply to User objects to give them default property values.

Use these guidelines as you create user templates:

  • You can create a user template in an Organization or Organizational Unit object, either when you create the container object or later on.

  • When you create a User object, you are prompted to use the defaults in the user template. If you do, the property values you entered in the user template, such as login time restrictions, password restrictions, etc., are copied into the User object's properties.

  • The user template is actually a User object named USER_TEMPLATE. You enter information in this User object just as you would for any other User object. However, not all properties of a User object can be copied from a user template.

  • You can copy information from the parent container's user template. For example, if you create a user template in SALES.O=ACME, you are prompted to copy the user template from ACME, if one exists; thus, you avoid having to re- enter similar information for lower-level containers.

  • User template information is taken from the nearest parent container. If the container object in which you create a User object does not have a user template, you can apply the parent container's user template to the User object.

When working with user templates, remember the following:

  • Changing values in a user template does not change values in existing User objects. The changes apply only to User objects created after changing the user template values.

  • To update information for existing users, you must enter the changes for each User object.

  • You cannot use a user template to grant NDS or file system rights.

You can use NetWare Administrator or NETADMIN to create a user template. Both procedures are described in this section.

Additional Information

For more information on

Refer to

User defaults

"User template" in Concepts

User objects

"User object" in Concepts

Using NETADMIN

"NETADMIN" in Utilities Reference

Using NetWare Administrator

"NetWare Administrator" in Utilities Reference

Creating and Editing User Templates with NetWare Administrator

Prerequisites

  • A 386 or later workstation and NetWare Administrator

  • The Create object right to the object that will contain the user template

Procedure

  1. From the Windows Program Manager, click on the "NetWare Administrator" icon.

  2. Select the object that will contain the new user template.

    For information on moving around in the browser and selecting objects, press <F1>.

    Only Organization and Organizational Unit objects can contain User objects.

  3. From the "Object" menu, select "User Defaults."

  4. If you want the new user template to inherit the properties from the parent container's user template, choose "Yes." If not, choose "No."

    If there is no parent container, this prompt does not appear. Continue with Step 5.

    If you choose "Yes," a USER_TEMPLATE User object is created and the first page of defaults, "Identification," appears with the same information that is in the parent container's user template.

    If you choose "No," a USER_TEMPLATE User object is created and the first page of defaults, "Identification," appears.

  5. (Optional) On the "Identification" page, enter or change the information that you want to apply to new User objects.

    For example, the location for all User objects to which you will apply the template might be New York. You would type "New York" in the "Location" field.

  6. Select other USER_TEMPLATE pages as needed and enter the template information.

  7. To save the user template and return to the browser, choose "OK."

Creating and Editing User Templates with NETADMIN

Prerequisites

  • A workstation running DOS 3.30 or later and NETADMIN

  • The Create object right to the object that will contain the user template

Procedure

  1. At the DOS prompt, type

    NETADMIN <Enter>

    For information on moving around in NETADMIN and selecting objects, press <F1> after starting the utility.

  2. From the "NetAdmin Options" menu, select "Manage Objects."

  3. Browse the Directory tree to find and select the container object in which you want to add a new container object.

    The objects in the selected container are listed.

    To see if you are in the right context, look at the title bar on the screen. Press <F1> for help.

  4. Press <Insert>.

  5. From the "Select an Object Class" screen, select the container type that you want to create.

    If the container object class you want to create does not appear, you cannot create that object in the selected container. Press <Esc> to return to the browser, and then select a different container type.

  6. Type the new container object name and press <Enter>.

  7. If you want to create a user template to be applied to new User objects created in this container, type "Y" and press <Enter>.

    You are not prompted to create a user template if you are creating a Country container object.

  8. Choose "View or Edit Properties of This Object."

  9. Choose "Edit Template User."

    The "View or Edit User" screen appears.

  10. Enter or change the values of the user template as needed.

    The help line at the bottom of the screen gives information on each option as you highlight it.

    For more information, press <F1>.

  11. To save the information, press <F10>.

  12. To exit, press <Esc> until you return to the "NetAdmin Options" menu.



Creating Leaf Objects
  		 


Searching for Objects  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1996 Hewlett-Packard Development Company, L.P.