This section explains how to register an infrastructure administrator or dual-role administrator as an application process assessor.
Add all infrastructure administrators and dual-role administrators to the directory service IflowUsers group in order to use application processes. Use the LDIF file to register an application process assessor at the directory server. Follow the procedure below to register as application process assessor.
Create an infrastructure administrator or dual-role administrator.
Add the infrastructure administrator or dual-role administrator as a member of the IflowUsers group.
Note
Infrastructure administrators and dual-role administrators who have not been registered in the "IflowUsers" group cannot conduct assessment in application processes. Also, if infrastructure administrators and dual-role administrators not registered in the "IflowUsers" group select the Request tab in the ROR Console, the following error message appears:
Error message : Failed to authenticate the user.
Administrators (dual-role administrators) created during installation are not registered in the "IflowUsers" group. Add them to the "IflowUsers" group.
If an email address is not set, assessment request emails are not sent, and reservation notification emails are not sent when an error occurs.
If no infrastructure administrators or dual-role administrators are registered in the IflowUsers group, the following message is displayed after the application is forwarded from the Forward screen window when the user subscribes to the service:
PCS1002 An error occurred while processing application. Please contact the infrastructure administrator.
Use the following procedure to register infrastructure administrators and dual-role administrators.
Check if user information is registered in the directory service. If no user information is registered, register it.
This operation is not necessary when using internal authentication in Basic mode.
In the ROR console, select [Settings]-[User Accounts].
The [User Accounts] dialog is displayed.
Click <Add>.
The [Add User Account] dialog is displayed.
Set the following:
Specify a user ID registered in the directory service.
Specify the email address of the user.
Specify a string using up to 64 alphanumeric characters or symbols.
Select the user group to configure for the user account from the already created user group.
Select the "supervisor" user group to register as an application process assessor.
Select the scope of access to set for the user account.
Select the role to set for the user account.
Enter a label for the user account.
Enter a maximum of 32 characters.
Enter any comments for the user group.
Enter a maximum of 256 characters.
Click <OK>.
The user account is created.
When using user operations to register users also in the directory service in Resource Orchestrator, use the rcxadm user create command after checking the settings of the definition file for directory service operations (ldap_attr.rcxprop). For details on the definition file for directory service operations, refer to "8.6.1 Settings for Tenant Management and Account Management" in the "Operation Guide CE". For details on the rcxadm user create command, refer to "7.1 rcxadm user" in the "Reference Guide (Command/XML) CE".
Follow the procedure below to add an infrastructure administrator or dual-role administrator as a member of the IflowUsers group.
For OpenDS
Create an LDIF file.
Edit a sample LDIF file to create the file. An example of an LDIF file is shown below.
# Add manager to IflowUsers dn: cn=IflowUsers,ou=group,dc=fujitsu,dc=com changetype: modify add: member member: cn=manager,ou=users,dc=fujitsu,dc=com
Execute the ldapmodify command.
Before executing the ldapmodify command of OpenDS, set JAVA_HOME as the path of Java SE 6.
[Windows Manager]
Specify the created LDIF file, and then execute the ldapmodify command.
<OpenDS installation directory>\bat\ldapmodify.bat" -p <port number> -f <ldif file> -D < administrator user DN> -w <password>
An execution example is shown below.
c:\> c:\Program Files (x86)\Fujitsu\ServerView Suite\opends\bat\ldapmodify -p 1473 -f c:\ldif\adduser2group.ldif -D "cn=Directory Manager" -w admin Processing MODIFY request for cn=IflowUsers,ou=group,dc=fujitsu,dc=com MODIFY operation successful for DN cn=IflowUsers,ou=group,dc=fujitsu,dc=com
[Linux Manager]
Specify the created LDIF file, and then execute the ldapmodify command.
# <OpenDS installation directory>/bin/ldapmodify" -p <port number> -f <ldif file> -D <administrator user DN> -w <password>
An execution example is shown below.
# /opt/fujitsu/ServerViewSuite/opends/bin/ldapmodify -p 1473 -D "cn=Directory Manager" -f /tmp/ldif/adduser2group.ldif -w admin Processing MODIFY request for cn=IflowUsers,ou=group,dc=fujitsu,dc=com MODIFY operation successful for DN cn=IflowUsers,ou=group,dc=fujitsu,dc=com
Note
In the command input line, enter the command as one line without entering any line feeds.
For the directory service port number, administrator DN, and administrator DN password, enter the values that were set during installation.
For Active Directory
From the Start menu, open [Control Panel]-[Administrative Tools]-[Active Directory Users and Computers].
Select the name of a domain that is managed by Active Directory.
Right-click "IflowUsers" of the organizational unit "Group", and select [Property].
Select the [Members] tab, and click the [Add] button.
The [Select Users, Contacts, Computers, Or Groups] window will be displayed. Input the member list of the above table in the [Enter the object names to select] field, and click the [OK] button. If there is more than one member, separate them with semicolons.
After returning to the property window of the group, confirm that the members have been added correctly, and click the [OK] button.
