サポートと今すぐチャット
サポートとのチャット

Active Roles 8.1.1 - Web Interface Administration Guide

Introduction Deploying the Web Interface Getting Started Web Interface Basics Performing Management Tasks Using Approval Workflow Customizing the Web Interface Default Commands

Managing properties of an entry

To view or modify properties of an entry

Display the form in the Form Editor and click the tab that includes the entry to manage.

Click the Edit icon next to the name of the entry you want to manage.

If needed, modify properties of the entry, click Save, and then click Reload.

NOTE: The changes made to an entry are applied to the entry on every form containing the entry.

The properties of an entry that you can view or modify include the following (for more information, see Type of entry and Entry for an attribute of DN syntax later in this document):

  • Entry name  Text that labels the entry on the Web Interface page. For a check box, the name of the entry appears next to the check box. For an edit box, the name is displayed above the edit box.
  • Entry description  Any text that helps identify the entry.
  • Entry ToolTip  The text that is displayed when the mouse pointer is positioned over the entry on the Web Interface page.
  • Entry type  The type of the entry. For details, see Type of entry later in this document. This setting is defined when the entry is created, and cannot be changed.
  • Property  The list of attributes that are managed by this entry (managed attributes). Each attribute is identified by its LDAP display name. This setting is defined when the entry is created, and cannot be changed.
  • Treat as single-valued  This option applies to entries for multi-valued attributes. When selected, causes the entry to behave as if the managed attribute can store only one value.
  • Read only  When selected, prevents the user from changing the data displayed by the entry on the Web Interface page.
  • Syntax  Indicates the syntax of the attribute that is managed by this entry. The name of the syntax is retrieved from the directory schema and displayed for information purpose only.
  • Multivalued  Indicates whether the managed attribute is multi-valued. This information is retrieved from the directory schema and displayed for information purpose only.
  • Render as multiline  Applies to entries for managing string values. Specifies whether the entry can display multiple strings or only a single string.
  • Label next to entry  Specifies whether to display the entry name next to or above the entry on the form. When this check box selected, the name appears to the left of the entry. When this check box is cleared, the name appears above the entry.
  • Text to display  Applies to the text area entry type. Specifies the text to be displayed in the text area.

Type of entry

The Web Interface provides for these types of entry:

  • Auto  Default entries. This type is assigned to the entries created using the Form Editor.
  • Custom  Predefined entries that come with the Web Interface and use custom processing logic, or entries added by implementing and deploying custom code.
  • Naming  Entries for managing so-called naming attributes, such as the name attribute. Setting a naming attribute requires some additional steps, as compared with other attributes. The entries of this type are normally predefined and installed with the Web Interface.
  • StaticText  Entries for adding static text, also referred to as text areas. You can use text areas to display descriptive text, such as titles, captions, or brief instructions.

For each entry, certain logic is implemented that governs how to process the values of the managed attribute. When retrieving an attribute from the directory, the entry uses that logic to represent the attribute value in the appropriate format. When applying changes to an attribute value, the entry relies on that logic to transform the changes, if necessary, to meet the requirements imposed by the directory.

When you create an entry using the Form Editor, default processing logic is applied based on the syntax of the managed attribute according to the directory schema. Such default entries are referred to as Auto entries in the Web Interface.

For each of the syntaxes that are defined in Active Directory, certain default logic is defined in the Web Interface and applied to every Auto entry for managing any attribute of the respective syntax. Thus, an auto entry for an attribute of Boolean syntax takes the form of a check box. An auto entry for an attribute of String (Unicode) syntax is merely an edit box.

Default processing logic may not be suitable for all attributes. A typical example is userAccountControl.

In Active Directory, the userAccountControl attribute values are stored as integers, so the Auto entry for that attribute takes the form of an edit box that displays the integer value retrieved from the directory. This representation of attribute values is not helpful because a value of the userAccountControl attribute is, in fact, a 4-byte (32-bit) data structure that contains flags for configuring some user account settings, such as the flag that controls whether a user account is enabled or disabled.

A value of userAccountControl is a type of integer wherein each bit in the numeric value represents a unique setting. This type of integer is called a bit field. Because each bit in a bit field represents a different setting, simply examining the integer value as a whole number is of little use. You must examine the individual bit that corresponds to the setting you are interested in viewing or changing.

To help identify which bit to check in the userAccountControl value, the Web Interface provides a predefined entry that uses custom logic to represent each bit as a separate check box. The entries like this one, which use processing logic differing from default processing logic, are called Custom entries in the Web Interface (as opposed to the Auto entries that rely on default processing logic).

In the Web Interface, a lot of predefined custom entries are available out of the box. Each of the predefined custom entries, like the custom entry for the userAccountControl attribute, is designed to manage a single attribute or a group of related attributes in accord with the intended meaning of the attribute or attributes rather than only based on the syntax of attribute values. If necessary, new custom entries can be added that use any suitable processing logic. For more information and instructions, see the Active Roles SDK.

Entry for an attribute of DN syntax

The auto entries for attributes of Object (DS-DN) syntax have certain features that are specific to only this category of entries. In this topic, for the sake of brevity, such entries are referred to as DN entries.

Values of an attribute of Object (DS-DN) syntax are strings, each specifying the distinguished name (DN) of a certain directory object. For attributes with this syntax, Active Directory handles attribute values as references to the object identified by the DN and automatically updates the value if the object is moved or renamed. Examples of such attributes are “member”, “managedBy” and “manager”.

A DN entry retrieves DN values from the attribute, looks up for the objects that are identified by the DN values, and displays a list of those objects. By default, the list contains the following information about each object:

  • Name  The value of the “name” attribute.
  • Description  The value of the “description” attribute.
  • Object type  The value of the “objectClass” attribute.

You can configure the list to display values of other attributes: open the Properties page for the entry (see Managing properties of an entry earlier in this document), and click the Advanced tab. Then, modify the list of names in the Columns box as required. You can type LDAP display names of attributes in the Columns box, separating them by commas, or you can click the button next to the Columns box and select attributes. The list provided by the entry will include one column per each attribute you specify, with each column showing the values of the respective attribute.

A DN entry provides the ability to make changes to the managed attribute, that is, to add or remove DN values from the attribute. For this purpose, a DN entry supplements the list of objects with the Add and Remove controls. The Remove control deletes list entries, consequently removing the respective DN values from the managed attribute. The Add control uses the Select Object dialog box for selecting objects. The entries representing the selected objects are then added to the list, with the DN of each object being eventually appended to the values in the managed attribute.

It is possible to customize the Select Object dialog box that is used by the Add control in a DN entry. For this purpose, a DN entry provides a number of options. These options can be found on the Advanced tab of the Properties page for a DN entry (for instructions on how to access the Properties page, see Managing properties of an entry earlier in this document):

  • Populate list view when the dialog box opens  When turned off, this option prevents a delay in opening the Select Object dialog box. Since populating the list view in the dialog box implies running a query against the directory service (which may be a lengthy operation), the ability to open the dialog box without initially populating the list view increases responsiveness of the user interface. The user can type and check object names in the dialog box instead of selecting objects from the list. Alternatively, the user can manually start populating the list view by clicking a link in the Select Object dialog box.
  • Display the “Find in” field  When turned on, this option enables the users to view the Find in setting. With this option turned off, the Find in setting is not displayed in the Select Object dialog box.
  • Allow user to change the “Find in” setting  This option prevents the default Find in setting from being modified by the user. With this option turned off, the Find in setting cannot be changed in the Select Object dialog box.
  • Display the “Object name” field  When turned on, this option enables the user to type the names of objects to select instead of clicking objects in the list view in the Select Object dialog box. With this option turned off, the user is forced to make a selection from the list.
  • “Find in” default setting  You can specify a certain container as the default location of the objects for selecting. Click the button next to this option in order to select a container, or type in the distinguished name of a container. The Select Object dialog box will open with that container substituted in the Find in field.
  • LDAP search filter  When populating the list view, the Select Object dialog box applies this setting to the Find in container in order to retrieve the objects that match the filter specified. The list view then displays the objects returned by the query based on this search filter. You should set up a filter string in accordance with LDAP syntax rules.
  • Scope of query  When populating the list view, the Select Object dialog box uses this setting to qualify the query. Select one of the following:
    • Base search  The search filter is applied to the Find in object only. When attribute scope query (ASQ) is used, the search filter is applied to the objects listed in a certain attribute of the Find in object.
    • One-level search  The search filter is applied to the immediate children of the Find in object. The list view is populated with the immediate child objects that match the search filter.
    • Subtree search  The search filter is applied to the Find in object as well as to all objects that exist below it in the directory tree. The list view is populated with all the objects that match the search filter.
  • Use attribute scope query (ASQ)  When turned on, this option causes the Select Object dialog box to populate the list view with objects that are listed in a certain attribute of the Find in object (target attribute). The LDAP display name of the target attribute must be supplied in the Attribute to search by using ASQ field.

    The target attribute must be an attribute that stores distinguished names, such as “member” or “managedBy”. The search is performed against the objects that are identified by the distinguished names found in the target attribute. For example, if the Find in object is a group and “member” is specified as the target attribute, then the search will be performed against all objects that are members of the group and the list view will be populated with the members of the group that match the search filter.

Examples

This section discusses the following customization scenarios:

  • Deleting the New Shared Folder command from the Container menu
  • Adding the Telephone number entry to the form for creating user accounts
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択