Manage eDirectory Task Collections


(2.2) eControl 3 Administration Guide > Configure the "Manage" Module > Manage eDirectory Task Collections

eControl is flexible enough to permit container level user account and group management. In our ACME company example, users and groups are created in location based containers. The network management plan calls for the following eControl roles and tasks for each eDirectory location container:

All Tasks Role - permits designated location administrators full tasks for their respective location container.
HelpDesk Role - permits help desk operators tasks full administrator tasks but are restricted to not having access to the eControl child container (holds the eControl accounts and groups for the location parent container).
Email Admins Role - permits assigned staff ability to reset passwords, manage email list memberships, and adjust email options/internet options.
Reset User Role - permits assigned office staff to disable/enable accounts, unlock intruder lockout, and change passwords.
Office Manager Role - permits assigned office manager staff to modify personal identification information.

Enable Container Level eControl Management
- Create the Groups in the Location Container
- Create and Assign the Role and Task Collections

Enable Container Level eControl Management

For each container-based eControl role and tasks, the steps to implement it in eControl are:

Create the group structure in the location container
Create the role and task collection
Assign the role and task collection and define the search context

Create the Groups in the Location Container

Using ConsoleOne or iManager:

Create an "eControl" container in the location container, e.g. ou=eControl.ou=Edmonton.o=ACME
Create groups for each eControl role and task collection to be created, e.g. cn=Edmonton-eDir-All-Tasks.ou=eControl.ou=Edmonton.o=ACME
Create test user accounts e.g. cn=edmonton5.ou=eControl.ou=Edmonton.o=ACME and assign a different user to each group created in the previous step. In our example the following group membership assignments were made:
- edmonton6 assigned to Edmonton-eDir-AllTasks
- edmonton5 assigned to Edmonton-eDir-HelpDesk
- edmonton4 assigned to Edmonton-eDir-EmailAdmins
- edmonton3 assigned to Edmonton-eDir-ResetUser
- edmonton2 assigned to Edmonton-OfficeManager

Create and Assign the Role and Task Collections

The next step is to create generic roles and task collections to support the network management plan. Since roles and tasks can be assigned to groups/search contexts, there is no need to create location specific roles and task collections. As long as the tasks are the same for all geographic locations, generic roles and task collections can be used.

Assign the Container All Tasks Role

The eDir - All Tasks role and task collection created when the eDirectory Super Administrator was enable can be used for the container All Tasks assingment.

Click the Add button in the "Groups" pane in the "Manage" page under the "Administration" panel.
In the "Add Group" window:
- Select the eDirectory tree for the "System Name".
- Click the "Group Context" browse button, navigate the eDirectory tree and select the container "eDir-AllTasks" group and click the OK button.
- Select the eDir - All Tasks task collection.
- Click the Add button.
In the "Groups" section double-click the location eDir-AllTasks group assignment that was just created.
In the "Group Information" window click the Add button in the "Search Contexts" section.
In the "Add Search Context" window:
- Select the eDirectory tree for the System Name.
- Click the "Path" browse button and select the location container being managed, e.g. ou=Edmonton.o=ACME.
- Ensure the Scope is set to Sub Tree
- Click the Add button.
In the "Group Information" window click the Save button.

Create the Specific Container Roles and Tasks

Additional generic eDirectory container level Roles and Task Collections need to be created.

Click the Manage Task Collections button in the "Manage" page of the "Administration" panel.
In the "Manage Task Collections" window click the Add button.
In the "Add Role" window specify the name for a new Role and click the Add button, e.g. eDir - HelpDesk
Repeat steps 2 and 3 for each additional container Role that needs to be created.
Click on a Role and click on the eDirectory container for that Role.
Enable the specific tasks and rights for that Role.
Repeat steps 5 and 6 for each Role.
When all tasks and rights have been set for each container Role, click the Save button.

Assign the Specific Container Roles and Tasks

The next step is to assign the generic container Roles and Task Collections to corresponding groups and define the search contexts:

Under the "Groups" pane in the "Manage" page, click the Add button.
In the "Add Group" window:
- Select the eDirectory tree as the "System name".
- Click the "Group Context" browse button and select the eDirectory group that will be assigned the corresponding role, e.g. cn=Edmonton-eDir-HelpDesk.ou=eControl.ou=Edmonton.o=ACME.
- Select the corresponding "Task Collection" for this assignment, e.g. eDir - HelpDesk.
- Click the Add button.
Repeat step 2 above for each container Role and Task Collection assignment.
In the "Groups" section of the "Manage" page, double-click a group.
In the "Group Information" page click the Add button in the "Search Contexts" section.
In the "Add Search Context" window:
- Select the eDirectory tree as the "System name".
- Click the "Path" browse button and select the eDirectory container that will be the start point for the search context, e.g. ou=eControl.ou=Edmonton.o=ACME.
- For "Scope" change it to One level. This setting will exclude the "eControl" container from the search context of the group assigned to this Role and Task Collection.
- Click the Add button.
Repeat steps 4, 5 and 6 to configure the group assignment and search context for the other container specific Roles and Task Collections created earlier.
Click the Apply New Setting button to save the group assignments and search contexts configured above.