NDS leaf objects

User-related leaf objects

This topic lists the available leaf objects that are related to network users and groups, explains what each is used for, and indicates when to use each:

Leaf object Function Usage situation
Group Assigns a name to a list of User objects that can be located anywhere in the Directory tree. Many User objects need the same trustee assignments. Rather than making many trustee assignments, make just one trustee assignment to all users who belong to the group by making the trustee assignment to the Group object itself.
Organizational Role Defines a position or role within an organization. You want to assign rights to a particular position rather than to the person who occupies that position. The occupant might change frequently, but the responsibilities of the position do not.
You can assign any user to be an occupant of an Organizational Role object because every occupant receives the same rights granted to the Organizational Role object.
Profile Contains a profile login script. When the Profile object is listed as a User object's property, the Profile object's login script is executed when that User object logs in.
The profile login script executes after the system login script and before the user login script. 		A set of users need to share common login script commands but are not located in the same Directory tree container or are a subset of users in the same container.
User Represents a person who uses the network.
In the User object properties, login restrictions, intruder detection limits, password and password restrictions, security equivalences, and so on, can be set. 		Required for every user who needs to log in to the network.
When you create a User object, you can create a home directory for that user who then has default rights to that home directory.
When you create User objects, you can also choose to apply a user template to the users that provides default property values.
For users who have NetWare 4 workstations, you can create the User objects anywhere in the Directory tree, but the users must know their context in order to log in. Create User objects in the container where the users typically log in.
For users who have other workstations, create the User objects in the container where the bindery services context is set for the server that they need to log in to.
Bindery-based users do not need to know their context because they log in to the server rather than to the Directory tree. 

 -------------------------------------------------------------------------------
| Leaf object        |  Function                  |  Usage situation           |
|--------------------|----------------------------|----------------------------|
| Group              |  Assigns a name to a list  |  Many User objects need the|
|                    |  of User objects that can  |  same trustee assignments. |
|                    |  be located anywhere in the|  Rather than making many   |
|                    |  Directory tree.           |  trustee assignments, make |
|                    |                            |  just one trustee          |
|                    |                            |  assignment to all users   |
|                    |                            |  who belong to the group by|
|                    |                            |  making the trustee        |
|                    |                            |  assignment to the Group   |
|                    |                            |  object itself.            |
|--------------------|----------------------------|----------------------------|
| Organizational Role|  Defines a position or role|  You want to assign rights |
|                    |  within an organization.   |  to a particular position  |
|                    |                            |  rather than to the person |
|                    |                            |  who occupies that         |
|                    |                            |  position. The occupant    |
|                    |                            |  might change frequently,  |
|                    |                            |  but the responsibilities  |
|                    |                            |  of the position do not.   |
|                    |                            |  You can assign any user to|
|                    |                            |  be an occupant of an      |
|                    |                            |  Organizational Role object|
|                    |                            |  because every occupant    |
|                    |                            |  receives the same rights  |
|                    |                            |  granted to the            |
|                    |                            |  Organizational Role       |
|                    |                            |  object.                   |
|--------------------|----------------------------|----------------------------|
| Profile            |  Contains a profile login  |  A set of users need to    |
|                    |  script. When the Profile  |  share common login script |
|                    |  object is listed as a User|  commands but are not      |
|                    |  object's property, the    |  located in the same       |
|                    |  Profile object's login    |  Directory tree container  |
|                    |  script is executed when   |  or are a subset of users  |
|                    |  that User object logs in. |  in the same container.    |
|                    |  The profile login script  |                            |
|                    |  executes after the system |                            |
|                    |  login script and before   |                            |
|                    |  the user login script.    |                            |
|--------------------|----------------------------|----------------------------|
| User               |  Represents a person who   |  Required for every user   |
|                    |  uses the network.         |  who needs to log in to the|
|                    |  In the User object        |  network.                  |
|                    |  properties, login         |  When you create a User    |
|                    |  restrictions, intruder    |  object, you can create a  |
|                    |  detection limits, password|  home directory for that   |
|                    |  and password restrictions,|  user who then has default |
|                    |  security equivalences, and|  rights to that home       |
|                    |  so on, can be set.        |  directory.                |
|                    |                            |  When you create User      |
|                    |                            |  objects, you can also     |
|                    |                            |  choose to apply a user    |
|                    |                            |  template to the users that|
|                    |                            |  provides default property |
|                    |                            |  values.                   |
|                    |                            |  For users who have NetWare|
|                    |                            |  4 workstations, you can   |
|                    |                            |  create the User objects   |
|                    |                            |  anywhere in the Directory |
|                    |                            |  tree, but the users must  |
|                    |                            |  know their context in     |
|                    |                            |  order to log in. Create   |
|                    |                            |  User objects in the       |
|                    |                            |  container where the users |
|                    |                            |  typically log in.         |
|                    |                            |  For users who have other  |
|                    |                            |  workstations, create the  |
|                    |                            |  User objects in the       |
|                    |                            |  container where the       |
|                    |                            |  bindery services context  |
|                    |                            |  is set for the server that|
|                    |                            |  they need to log in to.   |
|                    |                            |  Bindery-based users do not|
|                    |                            |  need to know their context|
|                    |                            |  because they log in to the|
|                    |                            |  server rather than to the |
|                    |                            |  Directory tree.           |
|--------------------|----------------------------|----------------------------|
© 1999 The Santa Cruz Operation, Inc. All rights reserved.
UnixWare 7 Release 7.1.1 - 5 November 1999