| Workgroup Manager lets you reconfigure user attributes as many times as you want. Assuming you're a server administrator, you can configure any user account on any database hosted by that server. Otherwise, Workgroup Manager automatically prompts you for administrator authentication when attempting to make changes to a user directory you haven't already authenticated to. This chapter assumes you've already created additional user accounts on your server. If you haven't, refer to the instructions for creating a basic user account in Chapter 2, "Server Tools." User ID and More Each user created on Mac OS X and Mac OS X Server has a number associated with it. This number is known as the User ID number. It contains no text but only numerals, and starts with the number 501 on both Mac OS X and Mac OS X Server. Local NetInfo accounts proceed with 502, 503, and so on, while LDAP accounts start with 1025 and go up. There is an LDAP administrator account whose default user ID is 1000, but that can be changed when the account is set up. If two users have the same user ID, they have access to the same files and folders on the computer that maintains their account information. In Mac OS X Server 10.4, each user (and group) created also has a globally unique value. Since two Mac OS X Servers each have an account with the user ID of 501, there needed to be a way to distinguish between those two accounts. This basic premise can be extrapolated to groups as well, as groups can contain other groups. Enter the Generated UID, which consists of alphanumeric characters guaranteedand, with apologies to Dave Barry, I am NOT making this upto be unique over space and time. Basically, this value is created using the computers hardware (MAC) address and combining it with the 100-nanosecond interval the account was created from October 15, 1582, at 00:00:00. This information can be verified by typing man uuidgen in the Terminal. |
To configure basic user attributes 1. | Launch the Workgroup Manager tool located in /Applications/Server, and authenticate as the administrator if necessary (Figure 4.1).
Figure 4.1. Open the Workgroup Manager tool, and authenticate as an administrator. 
You will be using Workgroup Manager for the remainder of the tasks in this chapter. It is assumed you have already logged into your Workgroup Manager and authenticated as necessary.
| 2. | Click the Accounts icon in the Toolbar and then click the User tab in the account types tab (Figure 4.2).
Figure 4.2. Click the Accounts icon and the User tab in Workgroup Manager. 
If you've added users previous to this task, they appear in the Name list.
| 3. | Click the directory authentication icon and select the appropriate directory database from the pop-up menu (Figure 4.3):
- If you're working on the local directory, choose Local.
- If you're working on an Open Directory master, choose /LDAPv3/127.0.0.1.
- If you're connected to another database, choose Other, and select your database from there.
Figure 4.3. Select the appropriate directory database from the pop-up menu. 
| | | 4. | Select the user or users you wish to configure from the user list (Figure 4.4).
Figure 4.4. Choose a user or users from the selected database. 
or
You can also create a new user by clicking New User in the Toolbar.
| 5. | In the user settings frame, click the Basic tab.
| | | 6. | Change any of the following preexisting user account information (Figure 4.5):
- Name (long name)
- User ID
- Additional short names
- Password
- Administrator settings
Figure 4.5. Create a user, and configure the Basic user attributes. 
For more on the administrator settings, see the "To change administrative user options" section later in this chapter.
| 7. | When you've finished making changes, click Save.
| 8. | Verify your changes by reviewing the account summary or by testing authentication from a Mac OS X computer.
|
 Tip
Configuring Multiple Users Simultaneously There are two ways to select multiple accounts from the user list in Workgroup Manager: To choose a sequential list of accounts, select an account toward the top of the list and then, while holding down the Shift key, select an account further down the list. Workgroup Manager automatically selects all the accounts between your two selections. To select multiple accounts in a nonsequential order, hold down the Command key on your keyboard and select multiple accounts. Workgroup Manager adds accounts to your total selection as you click each account individually.
After you've selected all the accounts you wish to change, continue by configuring settings as if you had selected only an individual user account. Click Save to apply the configuration changes to all the user accounts you selected. The only settings you can't apply to multiple user accounts are Name, User ID, and Short Names. |
Adding short names The initial short name of a user in Mac OS X is used as the name of that user's home folder, should they have one. Although you can add more short names, Apple recognizes that changing the original isn't a good idea unless you have a specific reason to do so. That's why the only user attribute you can't change in the Basic tab of Workgroup Manager after you've created a user account is the user's short name. Mac OS X server lets you add several additional short names instead, and once they're configured, the user can use any short name they desire for authentication. To add short names 1. | In Workgroup Manager, click the Accounts icon in the Toolbar, click the User tab in the account types tab, and click the Basic tab (Figure 4.6).
Figure 4.6. Navigate to the user account's Basic tab in Workgroup Manager. 
| 2. | Double-click the area directly below the user's original short name.
| 3. | In the text entry field that appears, you can enter an additional short name (Figure 4.7).
Figure 4.7. Add an additional short name for a user. 
| 4. | Press Return to activate the Save button.
| 5. | When you've finished making changes, click Save.
|
Tips You can add more short names by double-clicking the empty space below the last short name in the list. All short names, including any short names that you add, must be unique within the entire system. If you really want to change the original short name, you can effectively do so by creating a new account and moving the user's configuration and files to it. See "Using Presets for New Accounts," later in this chapter.
|
