Note: This information applies to the primary and Delegated Administration user and user group stores for Axeda Applications. For information about how the Axeda Applications support the Partner directory service, click this link.
The user and user group management tools of the Axeda® Administration application operate by accessing information from and saving information to the primary directory service and, if applicable, the Delegated Administration LDAP directory service. For the most part, these directory services are configured during installation. If necessary, Platform administrators can edit the necessary configuration files to configure a different directory service after installation. Refer to the Axeda® Platform Installation and Maintenance Guide for your platform for details.
The user and user group management tools of the Axeda Administration application consist of: creating or deleting users and user groups, and modifying user or user group properties (such as names, passwords, phone numbers, e-mail addresses, and so forth). By setting the configuration properties for the Axeda® Platform, Platform administrators can set up the Administration application to show or hide the links for those actions for users and user groups stored in the primary directory service.
Delegated Admin Units exist in the Delegated Administration directory service as user groups. However, they cannot be edited through the User Group pages of the Administration application. Instead, use the Delegated Administration pages (View and remove Delegated Admin Units, Create a Delegated Admin Unit, Overview for Delegated Admin Unit). Users and other user groups that a Delegated Administrator adds to the Unit are also stored in the Delegated Administration directory service. Although these users cannot be seen from any other Delegated Admin Unit, they can be seen by the Platform Administrator, configured in the primary LDAP directory service.
Important! The ability to make user and user group changes in the directory service from the Administration application is supported for the Sun ONE LDAP directory service only. For an Active Directory implementation, administrators must make changes directly through the Active Directory administration application.
When the links for creating, editing, and deleting users and user groups are enabled and your login user account has the appropriate privileges, you can perform user and user group management operations (including password changes). The user account requirements for directory service operations from the Administration application follow:
o Platform Administrators must be members of the directory service user groups, ServiceLinkAdmins and ServiceLinkUsers. (Administrators automatically have privileges to all operations in the Axeda Applications.)
o Non-administrative users who are Delegated Administrators must be members of the directory service user groups, ServiceLinkUsers, on the Delegated Administration directory service. Non-administrative users who require access for maintaining user accounts in the primary directory service must be in the ServiceLinkUsers group in the primary directory service. In addition, these users must have privileges to view the Administration application and to view, create, modify, and delete users and user groups.
If a directory service is configured such that passwords expire after a specified timeframe, the Platform administrator can configure the Axeda® Platform to provide a password expiration dialog box. This dialog box warns the user about the imminent password expiration and accepts new passwords before the expiration.