Figure 14 illustrates the relationships between users, groups and permissions.
There is one predefined user, admin, that performs administrative tasks, such as creating other users.
You can create and remove users and change passwords by specifying the users in the users.conf configuration file, using the
tibemsadmin tool, or by using the administration APIs. For more information about specifying users in the configuration file, see
users.conf on page 271. For more information about specifying users using the
tibemsadmin tool, see
Chapter 6, Using the EMS Administration Tool. For more information on the administration APIs, see the online documentation.
You can create, remove, or add users to groups by specifying the groups in groups.conf, using the
tibemsadmin tool, or by using the administration APIs. For more information about specifying groups in the configuration file, see
groups.conf on page 257. For more information about specifying groups using the
tibemsadmin tool, see
Chapter 6, Using the EMS Administration Tool. For more information on the administration APIs, see the online documentation.
The parameter user_auth in
tibemsd.conf guides the EMS server when authenticating users. When a user attempts to authenticate to the EMS server, this parameter specifies the source of authentication information. This parameter can have one or more of the following values (separated by comma characters):
When you attempt to view users and groups using the show user/s or
show group/s commands, any users and groups that exist in external directories have an asterisk next to their names. Users and groups from external directories will only appear in the output of these commands in the following situations:
Therefore, not all users and groups defined in the external directory may appear when the show user/s or
show group/s commands are executed. Only the users and groups that meet the above criteria at the time the command is issued will appear.
You can also issue the delete user or
delete group command to delete users and groups from the local server’s configuration. The permissions assigned to the user or group are also deleted when the user or group is deleted. If you delete a user or group that is defined externally, this deletes the user or group from the server’s memory and deletes any permissions assigned in the access control list, but it has no effect on the external directory. The externally-defined user can once again log in, and the user is created in the server’s memory and any groups to which the user belongs are also created. However, any permissions for the user or group have been deleted and therefore must be re-granted.
The description for tibemsd.conf on page 189 provides the complete list of configuration parameters for configuring an external directory server.
Table 46 describes parameter settings for default configurations of popular LDAP servers.