Scenario details: Create the directory database

Before you can begin to enter data, you must create a place for the data to be stored.

Step 1: Create a base DN object

  1. In the Web administration tool, click Directory management —> Manage entries. You see a listing of the objects in the base level of the directory. Since the server is new, you see only the structural objects which contain the configuration information.
  2. You want to add a new object to contain the MyCo, Inc. data. First click Add... on the right side of the window. In the next window, scroll within the Object class list to select domain and click Next.
  3. You do not want to add any auxiliary object classes, so click Next again.
  4. In the Enter the attributes window, enter the data that corresponds with the suffix that you created earlier in the wizard. Leave the Object class drop down list on domain. Type dc=my_co in the Relative DN field. Type dc=com in the Parent DN field. Type my_co in the dc field.
  5. Click Finish at the bottom of the window. Back in the base level you should see the new base DN.

Step:2 Create a user template

You will create a user template as an aid to adding the MyCo, Inc. employee data.

  1. In the Web administration tool, click Realms and templates —> Add user template.
  2. In the User template name field, type Employee.
  3. Click the Browse... button next to the Parent DN field. Click the base DN you created in the previous section, dc=my_co,dc=com, and click Select, on the right of the window.
  4. Click Next.
  5. In the Structural object class drop-down
  6. list, choose inetOrgPerson and click Next.
  7. In the Naming attribute drop-down list, select cn.
  8. In the Tabs list, select Required and click Edit.
  9. The Edit tab window is where you choose which fields to include in the user template. sn and cn are required.
  10. In the Attributes list, select departmentNumber and click Add >>>.
  11. Select telephoneNumber and click Add >>>.
  12. Select mail and click Add >>>.
  13. Select userPassword and click Add >>>.
  14. Click OK and then Finish to create the user template.

Step:3 Create a realm

  1. In the Web Administration tool, click Realms and templates —> Add realm.
  2. In the Realm name field, type employees.
  3. Click Browse... to the right of the Parent DN field.
  4. Select the parent DN you created, dc=my_co,dc=com, and click Select on the right side of the window.
  5. Click Next.
  6. In the next window you only need to change the User template drop-down list. Select the user template you created, cn=employees,dc=my_co,dc=com.
  7. Click Finish.

Step:4 Create a manager group

  1. Create the manager group.
    1. In the Web administration tool, click Users and groups —> Add group.
    2. In the Group name field, type managers.
    3. Ensure that employees is selected in the Realm pull down list.
    4. Click Finish.
  2. Configure the manager group administrator for the employees realm.
    1. Click Realms and templates —> Manage realms.
    2. Select the realm that you created, cn=employees,dc=my_co,dc=com, and click Edit.
    3. To the right of the Administrator group field, click Browse....
    4. Select dc=my_co,dc=com and click Expand.
    5. Select cn=employees and click Expand.
    6. Select cn=managers and click Select.
    7. In the Edit realm window, click OK.
  3. Give the manager group authority over the dc=my_co,dc=com suffix.
    1. Click Directory management —> Manage entries.
    2. Select dc=my_co,dc=com and click Edit ACL....
    3. In the Edit ACL window, click the Owners tab.
    4. Select the Propagate owner check box. Everyone who is a member of the managers group will be made an owner of the dc=my_co,dc=com data tree.
    5. In the Type pull down list, select Group.
    6. In the DN (Distinguished name) field, type cn=managers,cn=employees,dc=my_co,dc=com.
    7. Click Add.
    8. Click Ok.

Step:5 Add a user as a manager

  1. In the Web Administration tool, click Users and groups —> Add user.
  2. Select the realm you created, employees, in the Realm drop-down menu, and click Next.
  3. In the cn field, type Jose Alvirez.
  4. In the *sn (surname) field type Alvirez.
  5. In the *cn (complete name) field, type Jose Alvirez. cn is used to create the entry's DN. *cn is an attribute of the object.
  6. In the telephoneNumber field type 999 555 1234.
  7. In the departmentNumber field type DEPTA.
  8. In the mail field type jalvirez@my_co.com.
  9. In the userPassword field type secret.
  10. Click the User groups tab.
  11. In the Available groups list, select managers and click Add —>.
  12. At the bottom of the window, click Finish.
  13. Log out of the Web administration tool by clicking Log out in the left hand navigation.