Help
Map Users
Using the Map Users feature, administrators can do the following: Before creating user maps, ensure that you are connected to an AD server.

Connecting to an Active Directory Server
Whenever authentication is required, Connect to Active Directory pop-up window is displayed. For example: In MAP USERS page, click create icon and specify the following details, then click CONNECT to connect to the target AD server.
  • User Name: Specify the AD Administrator user name or the FQDN.
  • Password: Specify the AD Administrator password.
  • Domain Name: Specify the realm of the AD domain.
  • Port: Specify the port with which you would like to connect to the AD server. If you would like this connection to be secure, select Use SSL. Some of the standard LDAP ports for Active Directory are 389, 636, 3268, and 3269.
Creating a New User Map
  1. Click create, then specify the following details:
    • Match Type: Select an object mapping (user to user, group to group, or container to group).
    • Select LDAP Attributes: Select Common Name to Common Name (CN to CN), Common Name to SAM-Account-Name (CN to SAM), or Custom Attributes matching criteria. If you select the custom attributes, specify the eDirectory and Active Directory object attributes.
      Examples of eDirectory object attributes include Username (uid), Common Name (cn), Last Name (sn), First Name (givenName), Full Name (fullName), and Internet E-mail address (mail).
      Examples for Active Directory object attributes include Common Name (cn), Full Name (name), SamAccount Name (sAMAccountName), First Name (givenName), Last Name (sn), Display Name (displayName), Internet E-mail address (mail), and UserPrincipleName.
    • eDirectory Context: Specify or browse and select the eDirectory tree search base context. The Search Subtree option is enabled by default.
    • Active Directory Context: Specify or browse and select the AD server context. The Search Subtree option is enabled by default.
  2. Click SHOW to generate and view the user map. To propose a usermap of your choice, go to Step 3.
    OR
    Click SAVE to generate and store the user map on the server.

    Note: If you choose to store the user map on the server, you can validate and modify the user map only after it gets listed in the MAP USERS page.

  3. Validate the new user mapping. If you need to modify any user mapping:
    1. Click on selected Active Directory context and browse to the appropriate AD server context, then click SELECT.
    2. To replace or add an AD user in the proposed user map, select a row in the proposed user map, then click add.
    3. To remove a user from the proposed user map, click remove. To undo the deletion, click undo.
    4. Click SAVE MAP to save all the changes.

      Tip:
      • To modify an existing user mapping, click the user map name in the MAP USERS page, then follow the instructions in Step 3.
      • Sorting: Click sort icon next to Sort By to sort the user map based on the Name, Type, eDirectory Context, and Active Directory Context.
Importing a User Map
  1. Click import, then select the user map XML file using the Browse button.
  2. Specify an appropriate name for the user map, then click IMPORT.
Exporting a User Map
Select the user map of your choice, click export to download the user map file.

Refreshing a User Map
If you feel that the mapping have changed since the time you have created a user map, you could refresh them using the same conditions that were used while creating them. To refresh an old user map, select the desired user map and then click refresh. If there are any differences since the time they were created, those entries are highlighted with the (modified) icon. If you would like to revert changes, click REVERT. After verifying the changes, click SAVE MAP.

If the user map is not modified for a time interval specified in the Usermap Refresh Interval (days), a 'Refresh Required' tag is displayed on the user map. For more information, see Changing the NURM Settings.

If scheduled refresh on the user map is enabled, then the 'Last Updated: date and time' tag is displayed on the user map. For more information on user map scheduled refresh, see Usermap Settings.

To view the modified user maps based on the scheduled refresh time, click SHOW SCHEDULED REFRESH LOGS. You can hover the cursor over the user map name to view the users added or removed from that user map.

Deleting a User Map
Select the user maps that you want to delete, then click delete.

Changing the NURM Settings
Click settings icon at the top right to go to NURM settings page. It includes:
  • Language: Select the appropriate language to be displayed on the NURM page.
  • Log Level: Select the required log level. The supported log levels are Debug, Information, Warning, Error and Fatal. The logs are stored at /var/opt/novell/log/nurm/user-rights-map.log.
  • Contextless Login for eDirectory: Enables or disables the contextless login. By default, this option is enabled. If you would like to always use the FQDN while logging on to NURM, ensure to disable this option.
  • Usermap Refresh Interval (days): Specify the number of days after which the user maps are considered as old and requires a refresh. For example, when you set the value to 6 days: In Map Users page, a 'Refresh Required' tag is displayed only on those user maps that are not modified for 6 days.
  • Select the required mapping to use for VIEW RIGHTS: IDM or User Map. If you have selected User Map, select the appropriate user map name. You can select multiple user maps too.
After changing the NURM settings, click SAVE.

Usermap Settings
It provides information on the scheduled refresh, which can be used to refresh the user maps automatically if there are changes in the user maps. It displays:
  • Whether the scheduled refresh is enabled or disabled
  • If enabled, the time and frequency of the user map refresh
You can enable or disable the Scheduled Refresh option only by using the map-users command-line utility.

Note: Before enabling, ensure that the 'OESCommonProxy' user has 'Read' permission on the All Attributes Rights property in the same tree.