Users and Groups

---

This chapter describes the different tasks involved in managing users and groups within a calendar server node. Whether user and group information is stored internally or in an LDAP directory, the administrative procedures required are similar.

Administrators of installations using LDAP directories must be familiar with user creation and management on their directory server, or should refer to the appropriate on-line help. In an external directory context, users are generally added to calendar server nodes from the directory server, but it is also possible to migrate existing information from a calendar node to a directory server.

The following topics are dealt with in this chapter:

• Creating calendar users
  • Internal directory context
  • LDAP directory context
• Managing calendar users
• Deleting calendar users
• Managing user defaults
• Managing groups
• Assigning administration rights
• Setting up e-mail notification
• Other user configuration options

Creating calendar users

Each person who plans to use calendar services must have a profile on the server. Once a user's profile has been created and added to a node, that person can then use a calendar client (Windows, Macintosh, Motif, Outlook, Web or wireless) to connect to the server and manage his/her personal agenda.

Adding users to the internal calendar server directory

Web GUI

Use the Calendar Administrator to add users to a node. For full information on the Calendar Administrator, see Appendix G.

Cmd line

Use the the uniuser utility to add users to the calendar server's internal directory. For full information on use and syntax, see Reference Appendix C, "Utilities."

Example

uniuser -add "S=Addison/G=Thomas/I=W/O=acme" -n 786 -p <SYSOP password>

uniuser: added "Addison,Thomas,W"

Admin GUI

To add users to an internal directory using the CorporateTime Server Administrator:

1. Sign in to the node you wish to populate.
2. Select User | New User to open the New User dialogue box.
3. Type the new user's surname in the Last Name box. This is the only value required to create a new user.
4. Enter values in all other entry boxes as desired.
5. You may set a password for the user by entering matching values in the Password and Confirm Password boxes. If a password is not set by the administrator, the user will be permitted to sign in without a password.

Adding users from a pre-populated directory server

An administrator is presented with two possible scenarios when adding calendar services to an installation that already uses an LDAP directory service. In the most common situation, the database of users will already exist on the directory server. This data is then used to create the users on the newly created calendar server nodes.

Cmd line

Adding calendar users from an existing directory server is a two-step process. The first step is to identify all directory server users who are not calendar users. The unidssearch utility will search the directory server DNs and return all entries without the attribute ctCalXItemId (object class = OrganizationalPerson [ISOCOR GDS, Control Data GDS]; objectclass = inetOrgPerson [Netscape DS] ). These users can then be added to a calendar server node using the uniuser utility. For full information on use and syntax, see Reference Appendix C, "Utilities."

Determine which users on the directory server have not yet been added to a calendar server node:

Use unidssearch to search the directory server. For full information on use and syntax, see Reference Appendix C, "Utilities."

% unidssearch -c 10

A DID=cn=Lan Nguyen, ou=Research, o=Acme, c=US

A DID=cn=James Alexander, ou=Research, o=Acme, c=US

A DID=cn=Chris Robbins, ou=Research, o=Acme, c=US

A DID=cn=Thomas Addison, ou=Administration, o=Acme, c=US

A DID=cn=Claire Roslyn, ou=Administration, o=Acme, c=US

A DID=cn=Denis Tremblay, ou=Administration, o=Acme, c=US

A DID=cn=Maija Laine, ou=Finance, o=Acme, c=US

A DID=cn=Elizabeth McKinley, ou=Finance, o=Acme, c=US

A DID=cn=Walter Chen, ou=Finance, o=Acme, c=US

A DID=cn=Oliver Maxwell, ou=Finance, o=Acme, c=US

NOTE

If you are using a Netscape Directory Server, the attribute cn (common name) might be replaced by the attribute uid (user ID or login).

To add users one at a time:

Use uniuser -add. For full information on use and syntax, see Reference Appendix C, "Utilities."

% uniuser -add "DID=cn=James Alexander, ou=Research, o=Acme, c=US" -n 134

Enter SysOp password:

uniuser: added: "cn=James Alexander, ou=Research, o=Acme, c=US"

To add several users:

1. Create a file of all users in the directory server who are not calendar users. The number of non-calendar users returned by a search may be limited by maximum search result settings on the directory server. You can also limit the scope of the search, as in the following example where 5 users are selected from the directory server. The greater-than symbol redirects the output of unidssearch to a file named users.

   % unidssearch -c 5 > users

2. The file created may then be modified, filtered or added to as required and according to a set format and syntax. For example, if you are using Control Data's Global Directory Server, you would be advised to add an attribute and value for the user's given name, as this is used by the calendar server and is not included in the directory schema. Additions are made in X.400 format. For a complete description of the X.400 keys, fields and syntax, see the uniuser documentation in Reference Appendix C, "Utilities."

   A DID=cn=Chris Robbins, ou=Research, o=Acme, c=US/G=Chris

   A DID=cn=Thomas Addison, ou=Administration, o=Acme, c=US/G=Thomas

   A DID=cn=Claire Roslyn, ou=Administration, o=Acme, c=US/G=Claire

   A DID=cn=Denis Tremblay, ou=Administration, o=Acme, c=US/G=Denis

   A DID=cn=Maija Laine, ou=Finance, o=Acme, c=US/G=Maija

3. Attach all users in the "users" file to the specified node.

   % uniuser -ex users -n 134

   Enter SysOp password:

   uniuser: added "cn=Chris Robbins, ou=Research, o=Acme, c=US/G=Chris".

   uniuser: added "cn=Thomas Addison, ou=Administration, o=Acme, c=US/G=Thomas".

   uniuser: added "cn=Claire Roslyn, ou=Administration, o=Acme, c=US/G=Claire".

   uniuser: added "cn=Denis Tremblay, ou=Administration, o=Acme, c=US/G=Denis".

   uniuser: added "cn=Maija Laine, ou=Finance, o=Acme, c=US/G=Maija".

Admin GUI

Directory server users may be added to a local or remote CorporateTime node using the CorporateTime Server Administrator:

1. Sign in to the node you wish to populate.
2. Select User | New User to open the Directory Search dialogue box.
3. Set the maximum number of directory server users returned from a search operation in the Limit box. Note: The default maximum is configurable -- see "Configuration of Search Parameters" in Reference Appendix F, "Connecting to your Directory Server."
4. By default, the directory server search will return any entries, limited to the number defined in the step above, that are not already attached to a CorporateTime node (i.e. all directory server DNs without the attribute ctCalXItemId (objectclass=OrganizationalPerson [ISOCOR GDS, Control Data GDS]; objectclass=inetOrgPerson [Netscape DS]). If you wish to further restrict the parameters for the search, activate the Use Filter checkbox and consult the on-line LDAP Search Filters help topic (or the documentation supplied with your directory server) for more information concerning the use and syntax of LDAP filters.
5. Click Search. The results of the search are displayed in the list box titled "Directory Users: <#> found".
6. To select users to add to a node, click on an entry to select a single user, Control-click on each desired entry to create a subset of the displayed users, or click Select All to activate the complete list. Unselect All will reset the entire list to the default of no selections.
7. Click Add when you have completed your selection of directory users.
8. Verify the addition of each CorporateTime user in the Status box. Directory users successfully added to a CorporateTime node will be removed from the Directory Users' list box.
9. Click Close when you have completed the addition of users to the active CorporateTime node.

Adding calendar users to a directory server

Instead of adding users from the directory server to the calendar server, the administrator may wish to take one or more existing calendar databases and export the user and resource data in an LDIF format that is then used to populate the directory server.

Contact Oracle Support at support@oracle.com for assistance and utilities to handle the migration of all calendar users to the directory server.

Managing calendar users

Web GUI

Use the Calendar Administrator to view and modify user attributes easily. For full information on the Calendar Administrator, see Appendix G.

Cmd line

You may view and modify various user attributes using the uniuser utility. For full information on use and syntax, see Reference Appendix C, "Utilities."

Admin GUI

To edit user information on a local or remote node:

1. Select Properties from the User menu to open the Search dialogue box.
2. Click Search to view a complete listing of users for all nodes in your network, or type in any information that you have (a name or even the first letter of a name) to restrict the search. Although you may view user information for all nodes that you are connected to, you may only edit the user profiles on the node that you are signed into.

NOTE

If there is no exact match for the information that you have entered, the system will retrieve any users for which the lead or leading characters in the search field match those entered. Thus, a search with an entry of "A" in the Last Name field will return all users whose last names begin with "A".

3. Select the correct user from the list box below the Search button.
4. Double-click the chosen entry or click Properties to bring up the User Properties dialogue box. Edit the displayed values.

Deleting calendar users

Web GUI

Use the Calendar Administrator to delete users easily from the server. For full information on the Calendar Administrator, see Appendix G.

Cmd line

Remove the user(s) from the calendar server node using the uniuser -del (single deletion) or uniuser -ex (multiple deletions) commands. For full information on use and syntax, see Reference Appendix C, "Utilities."

For installations using an external directory, delete the same user(s) from the directory server or run unidsdiff to synchronize the information on the calendar server node with that kept in the directory server.

Admin GUI

To delete a user from a local or remote node:

1. Select a user using the procedure outlined under "Managing calendar users" above.
2. Select the desired user, or control-click each name to build a list of users, and click Delete.

   ---

   WARNING:

   When a user is deleted from a node, the user's records and directory entry are removed from the local node. This means that all data owned by the user, including any events or groups, will be deleted. The user will no longer appear in others' agendas, nor will any events owned by this user remain. Any remote directory listings and remote copies of events owned by the user will also be removed. To preserve the user's agenda in a file prior to deletion from the node, you may use the unicpoutu utility. Use the unicpinu utility to copy this information back into a calendar server node.

   ---

If you do not want to run the risk of deleting valid events from the agendas of other users, it is a good practice to not delete, but to rename, the user until all of the events have passed. For example, if a manager who controlled group scheduling leaves the company, you might delete all personal information from his/her user profile, change the password, and enter "manager" and "sales" for last and first name respectively. All events and groups owned by this user would therefore remain in the agendas of other users. Alternatively, you may wish to change all of the personal information in the manager's user profile to that of a new employee who assumes the same function and therefore takes over the management of the created events and groups.

Moving calendar users

Due to a variety of potential circumstances -- organizational changes, employee relocation, or the need to redistribute node capacity -- you may need to move one or more users from one node to another.

Cmd line

Use the unimvuser utility. For full information on use and syntax, including a variety of crucial warnings and considerations, see Reference Appendix C, "Utilities."

% unimvuser -u "ID=56" -host1 scribe -host2 hoth -n1 15 -n2 2005

Always use the most recent version of unimvuser in your node network. Please note that it is not recommended to use the CorporateTime Server Administrator to move users.

Managing user defaults

To set client display preferences, administrative rights, default viewing privileges or other parameters for a group of users, define a default user profile before adding users to the node. This default user profile may also be applied to existing users.

Defining a default user profile:

• All configuration parameters for the user profile are stored in the /users/unison/misc/user.ini file. Edit this file using a text editor supplied with your operating system.
• Values can be set and changed according to the information and limits defined in Reference Appendix A, "User and Resource Parameters."
• To make changes, delete the old value and insert a new value.
• The default value is assumed if the parameter is not included in the /users/unison/misc/user.ini file.

Applying a default user profile:

• The profile is applied during user creation (using the uniuser utility, the Admin GUI or the Web GUI).
• The default user profile is outlined under the section heading [GEN] in the /users/unison/misc/user.ini file. Multiple profiles can be created from this template and appended to the file under different section heading names. These profiles can then be specified during user creation or modification using the uniuser utility. For full information on use and syntax, see Reference Appendix C, "Utilities."

Managing groups

Four different types of groups allow users to schedule entries, tasks, events and notes efficiently with other users and resources:

Private groups

• available only to the users who created the groups
• created and modified by users in the Group Management dialogue box of a calendar client
• the right to create these groups is available to all calendar users

Members-only groups

• available only to members of the group
• can include members on remote nodes, but those members may not use the group
• created and modified by users in the Group Management dialogue box of a calendar client
• the right to create these groups is available to all users

Public groups

• available to all users
• the user will have the right to create, modify and delete his own public groups
• ownership of these groups is exclusive and cannot be transferred
• can be created and modified only by users who have been granted the rights to do so by the calendar server administrator

Administrative groups

• available to all users
• administrative groups are owned by the SYSOP, not the users who create them
• can be created and modified only by users who have been granted the rights to do so by the calendar server administrator

Assigning administration rights

You may grant to or revoke from individual users the right to administer groups and holidays. A default administrative rights profile is assigned to each new user according to the parameters set in the /users/unison/misc/user.ini file. You may wish to initially assign no rights to administer holidays and groups (the current default setting in the user.ini file), and then selectively grant these rights. Alternatively, you may wish to define a default profile and then use it as a template to add all users requiring the same administrative privileges.

Cmd line

Users' administrative rights can be set and modified from the command line using the uniadmrights utility. For full information on use and syntax, see Reference Appendix C, "Utilities."

Admin GUI

To grant the right to administer holidays, and groups (administrative and public) on a local or remote node:

1. Sign in to the relevant node.
2. Select Properties from the Node menu and click the Admin Rights tab. You can grant rights to any user in the list box.
3. If the user you wish to grant rights to does not appear in the list box, click Add and follow the steps outlined above under "Managing calendar users" to search for and select a user to add to the list.
4. Select the name of a user from the list box.
5. Define the user's administration rights by clicking the corresponding checkboxes.

To revoke the right to administer holidays and public groups on a local or remote node:

1. Select Properties from the Node menu and click the Admin Rights tab.
2. Select the name of a user from the list box.
3. Deselect the checkboxes to revoke access rights from the selected user.

Setting up e-mail notification

The calendar server stores users' e-mail addresses, allowing users to notify each other of created, modified or deleted entries.

To set up e-mail notification:

1. Choose an X.400 address field in which to store e-mail addresses. For example: "OU1", "O", "A", etc. Be aware, however, that these fields have varying limitations on the number of available characters.
2. Set the value of the [ENG] usermailmap paramter in unison.ini to the key of the X.400 field you chose. The default value is "O".

When you add users, you may now specify their e-mail addresses.

Cmd line

Use the EMAIL key/value pair.

When adding a user, the value you specify for the EMAIL key will be stored in the field specified by [ENG] usermailmap. For example:

% uniuser -add "S=Kafka/G=Franz/EMAIL=fkafka@mail.org" -n 23

Enter SysOp password:

uniuser: added "Kafka, Franz"

For full information on the use and syntax of uniuser, see Reference Appendix C, "Utilities." Please note that the field specified by [ENG] usermailmap is disabled, and can only be set through the EMAIL key. For example, if usermailmap were set to FAX:

% uniuser -add "S=Kafka/G=Franz/FAX=fkafka@mail.org" -n 23

uniuser: modification of "Fax phone number" has been disabled

uniuser: ignoring "FAX=fkafka@mail.org"

uniuser: added "Kafka, Franz"

The EMAIL key-value pair may be used wherever the <user> argument is specified, but no -format parameter exists for it.

Admin GUI

Follow the steps outlined under Adding users to the internal calendar server directory. Enter users' e-mail addresses in the "E-mail" field. Note that whatever X.400 field you set for the [ENG] usermailmap parameter will be disabled in the New User dialogue box.

Other user configuration options

Global and published calendars

Calendar sharing is determined through two user attributes: Global Read Access and Published Type.

Global Read Access only applies to users of Oracle's Web clients. Users with this attribute set to ON can share their agendas with any other Internet user by mailing them a URL defined by the Web client. For more information on this feature, see your Web client documentation and on-line help.

The Published Type attribute defines whether other calendar users can view this user's agenda directly using their calendar clients. PUBLISHED calendars can be viewed through any native and Web client; users with this attribute set to NOTPUBLISHED cannot be opened by any other user. In addition, this attribute allows the setting EVENTCALENDAR, which is equivalent to a published calendar, but in Web clients causes the current account to appear in the list of published event calendars rather than the list of published user calendars. The default setting for this attribute is NOTPUBLISHED for Lexacom Calendar, and PUBLISHED for CorporateTime for the Web and Lexacom Enterprise Calendar.

You can set the Published Type and Global Read Access attributes using the Calendar Administrator, CorporateTime Server Administrator, or the uniuser utility.

Copyright information