サポートと今すぐチャット
サポートとのチャット

Active Roles 8.1.4 - Web Interface Configuration Guide

Introduction to the Web Interface Deploying the Web Interface Getting started with the Web Interface Web Interface Basics Performing Management Tasks Using Approval Workflow Customizing the Web Interface
About Web Interface customization Web Interface customization terms Configuring Web Interface menus Configuring Web Interface forms Web Interface customization examples Web Interface global settings Customizing the Web Interface Navigation bar Customizing the Web Interface Home page Configuring Web Interface for enhanced security
Default Commands Glossary

Deleting entries from a Web Interface form

You can delete entries from a Web Interface form with the Form Editor of the Customization menu.

To delete entries from a Web Interface form

  1. Open the form in the Form Editor. To do so, navigate to the Web Interface page that you want to configure, then click Customize.

  2. Click the tab from which you want to delete entries.

  3. In the list of entries, select check boxes to mark the entries you want to delete.

  4. On the toolbar in the Form Editor, click Delete.

  5. Once the entries are deleted from the form, click Reload to publish your changes.

Viewing or modifying a Web Interface entry

You can view or modify Web Interface entries with the Form Editor of the Customization menu.

To view or modify entries in a Web Interface form

  1. Open the form in the Form Editor. To do so, navigate to the Web Interface page that you want to configure, then click Customize.

  2. Click the tab in which you want to manage entries.

  3. Click the Edit icon next to the name of the entry you want to manage.

  4. Modify the entry properties as you need. For more information on these entries, see Type of Web Interface entries and Entry for an attribute of DN syntax):

    • Entry name: Text that labels the entry on the Web Interface page. For a check box, the name of the entry appears next to the check box. For an edit box, the name is displayed above the edit box.

    • Entry description: Any text that helps identify the entry.

    • Entry ToolTip: The text that is displayed when the mouse pointer is positioned over the entry on the Web Interface page.

    • Entry type: The type of the entry. For details, see Type of Web Interface entries. This setting is defined when the entry is created, and cannot be changed.

    • Property: The list of attributes that are managed by this entry (managed attributes). Each attribute is identified by its LDAP display name. This setting is defined when the entry is created, and cannot be changed.

    • Treat as single-valued: This option applies to entries for multi-valued attributes. When selected, causes the entry to behave as if the managed attribute can store only one value.

    • Read only: When selected, prevents the user from changing the data displayed by the entry on the Web Interface page.

    • Syntax: Indicates the syntax of the attribute that is managed by this entry. The name of the syntax is retrieved from the directory schema and displayed for information purpose only.

    • Multivalued: Indicates whether the managed attribute is multi-valued. This information is retrieved from the directory schema and displayed for information purpose only.

    • Render as multiline: Applies to entries for managing string values. Specifies whether the entry can display multiple strings or only a single string.

    • Label next to entry: Specifies whether to display the entry name next to or above the entry on the form. When this check box selected, the name appears to the left of the entry. When this check box is cleared, the name appears above the entry.

    • Text to display: Applies to the text area entry type. Specifies the text to be displayed in the text area.

    NOTE: Any changes you make to an entry will be applied to every form containing the entry.

  5. To apply your changes, click Save, then Reload.

Type of Web Interface entries

The Web Interface provides for these types of entry:

  • Auto: Default entries. This type is assigned to the entries created using the Form Editor.

  • Custom: Predefined entries that come with the Web Interface and use custom processing logic, or entries added by implementing and deploying custom code.

  • Naming: Entries for managing so-called naming attributes, such as the name attribute. Setting a naming attribute requires some additional steps, as compared with other attributes. The entries of this type are normally predefined and installed with the Web Interface.

  • StaticText: Entries for adding static text, also referred to as text areas. You can use text areas to display descriptive text, such as titles, captions, or brief instructions.

For each entry, certain logic is implemented that governs how to process the values of the managed attribute. When retrieving an attribute from the directory, the entry uses that logic to represent the attribute value in the appropriate format. When applying changes to an attribute value, the entry relies on that logic to transform the changes, if necessary, to meet the requirements imposed by the directory.

When you create an entry using the Form Editor, default processing logic is applied based on the syntax of the managed attribute according to the directory schema. Such default entries are referred to as Auto entries in the Web Interface.

For each of the syntaxes that are defined in Active Directory, certain default logic is defined in the Web Interface and applied to every Auto entry for managing any attribute of the respective syntax. Thus, an auto entry for an attribute of Boolean syntax takes the form of a check box. An auto entry for an attribute of String (Unicode) syntax is merely an edit box.

Default processing logic may not be suitable for all attributes. A typical example is userAccountControl.

In Active Directory, the userAccountControl attribute values are stored as integers, so the Auto entry for that attribute takes the form of an edit box that displays the integer value retrieved from the directory. This representation of attribute values is not helpful because a value of the userAccountControl attribute is, in fact, a 4-byte (32-bit) data structure that contains flags for configuring some user account settings, such as the flag that controls whether a user account is enabled or disabled.

A value of userAccountControl is a type of integer wherein each bit in the numeric value represents a unique setting. This type of integer is called a bit field. Because each bit in a bit field represents a different setting, simply examining the integer value as a whole number is of little use. You must examine the individual bit that corresponds to the setting you are interested in viewing or changing.

To help identify which bit to check in the userAccountControl value, the Web Interface provides a predefined entry that uses custom logic to represent each bit as a separate check box. The entries like this one, which use processing logic differing from default processing logic, are called Custom entries in the Web Interface (as opposed to the Auto entries that rely on default processing logic).

In the Web Interface, a lot of predefined custom entries are available out of the box. Each of the predefined custom entries, like the custom entry for the userAccountControl attribute, is designed to manage a single attribute or a group of related attributes in accord with the intended meaning of the attribute or attributes rather than only based on the syntax of attribute values. If necessary, new custom entries can be added that use any suitable processing logic. For more information and instructions, see the Active Roles SDK.

Entry for an attribute of DN syntax

The auto entries for attributes of Object (DS-DN) syntax have certain features that are specific to only this category of entries. In this topic, for the sake of brevity, such entries are referred to as DN entries.

Values of an attribute of Object (DS-DN) syntax are strings, each specifying the distinguished name (DN) of a certain directory object. For attributes with this syntax, Active Directory handles attribute values as references to the object identified by the DN and automatically updates the value if the object is moved or renamed. Examples of such attributes are “member”, “managedBy” and “manager”.

A DN entry retrieves DN values from the attribute, looks up for the objects that are identified by the DN values, and displays a list of those objects. By default, the list contains the following information about each object:

  • Name: The value of the name attribute.

  • Description: The value of the description attribute.

  • Object type: The value of the objectClass attribute.

You can configure the list to display values of other attributes: open the Properties page for the entry (see Viewing or modifying a Web Interface entry), and click the Advanced tab. Then, modify the list of names in the Columns box as required. You can type LDAP display names of attributes in the Columns box, separating them by commas, or you can click the button next to the Columns box and select attributes. The list provided by the entry will include one column per each attribute you specify, with each column showing the values of the respective attribute.

A DN entry provides the ability to make changes to the managed attribute, that is, to add or remove DN values from the attribute. For this purpose, a DN entry supplements the list of objects with the Add and Remove controls. The Remove control deletes list entries, consequently removing the respective DN values from the managed attribute. The Add control uses the Select Object dialog box for selecting objects. The entries representing the selected objects are then added to the list, with the DN of each object being eventually appended to the values in the managed attribute.

It is possible to customize the Select Object dialog box that is used by the Add control in a DN entry. For this purpose, a DN entry provides a number of options. These options can be found on the Advanced tab of the Properties page for a DN entry (for instructions on how to access the Properties page, see Viewing or modifying a Web Interface entry):

  • Populate list view when the dialog box opens: When turned off, this option prevents a delay in opening the Select Object dialog box. Since populating the list view in the dialog box implies running a query against the directory service (which may be a lengthy operation), the ability to open the dialog box without initially populating the list view increases responsiveness of the user interface. The user can type and check object names in the dialog box instead of selecting objects from the list. Alternatively, the user can manually start populating the list view by clicking a link in the Select Object dialog box.

  • Display the “Find in” field: When turned on, this option enables the users to view the Find in setting. With this option turned off, the Find in setting is not displayed in the Select Object dialog box.

  • Allow user to change the “Find in” setting: This option prevents the default Find in setting from being modified by the user. With this option turned off, the Find in setting cannot be changed in the Select Object dialog box.

  • Display the “Object name” field: When turned on, this option enables the user to type the names of objects to select instead of clicking objects in the list view in the Select Object dialog box. With this option turned off, the user is forced to make a selection from the list.

  • “Find in” default setting: You can specify a certain container as the default location of the objects for selecting. Click the button next to this option in order to select a container, or type in the distinguished name of a container. The Select Object dialog box will open with that container substituted in the Find in field.

  • LDAP search filter: When populating the list view, the Select Object dialog box applies this setting to the Find in container in order to retrieve the objects that match the filter specified. The list view then displays the objects returned by the query based on this search filter. You should set up a filter string in accordance with LDAP syntax rules.

  • Scope of query: When populating the list view, the Select Object dialog box uses this setting to qualify the query. Select one of the following:

    • Base search: The search filter is applied to the Find in object only. When attribute scope query (ASQ) is used, the search filter is applied to the objects listed in a certain attribute of the Find in object.

    • One-level search: The search filter is applied to the immediate children of the Find in object. The list view is populated with the immediate child objects that match the search filter.

    • Subtree search: The search filter is applied to the Find in object as well as to all objects that exist below it in the directory tree. The list view is populated with all the objects that match the search filter.

  • Use attribute scope query (ASQ): When turned on, this option causes the Select Object dialog box to populate the list view with objects that are listed in a certain attribute of the Find in object (target attribute). The LDAP display name of the target attribute must be supplied in the Attribute to search by using ASQ field.

    The target attribute must be an attribute that stores distinguished names, such as “member” or “managedBy”. The search is performed against the objects that are identified by the distinguished names found in the target attribute. For example, if the Find in object is a group and “member” is specified as the target attribute, then the search will be performed against all objects that are members of the group and the list view will be populated with the members of the group that match the search filter.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択