| The Inspector tab in Workgroup Manager provides unlimited access to the directory database information. It gives you the ability to edit account information outside the confines of the standard user interface. Using the Inspector gives you the power to add, delete, or edit any attribute for any item in the directory database as well as add many new attributes. However, with great power comes great responsibility. Because you're allowed unfettered access to the directory database, you can very easily mess things up (you can lock yourself out of your own server!). Also keep in mind that any changes you make using the Inspector are made while the directory is live. In other words, you can change an attribute that is currently in use by a user or system process. Needless to say, proceed with caution! When viewing records in the Inspector, you'll commonly see duplicate entries for the same attribute. For example, when viewing a user record you will find both a RecordName and a uid entry with the user's shortname. You're not looking at two different pieces of data, but instead at two views of the same data (Figure 4.65). Figure 4.65. View the short name of a user in the Basic tab of Workgroup Manager. 
The uid entry is the raw LDAP information. If you were to look into the LDAP database, you'd find a uid entry for the user, and only a uid entry for the short name. The RecordName is an abstraction that Open Directory makes when reading in the LDAP information. Since OD can work with many different types of data stores that may have vastly different naming conventions, it maps the disparate directory data into a common namespace. The mappings, which can be modified by using the Directory Access utility, need not pay any attention to the original intended use of the data. For example, you could easily map the LDAP sn attribute for the user's surname to the OD attribute for first name, effectively flipping the name order for that user when Mac OS X's directory services traverse the LDAP database. To alter attribute names in the Inspector tab 1. | In Workgroup Manager, click the Accounts icon in the Toolbar, click the User tab in the account types tab, select a user account, click the Inspector tab, and click Options (Figure 4.66).
Figure 4.66. The Inspector tab shows the user attributes and their associated values. 
The Show attribute types box appears, showing both attribute and prefix types (Figure 4.67).
Figure 4.67. The attribute view options check boxes. 
| | | 2. | Deselect any prefixes and the show Native attributes, so only the show Standard attributes box is checked.
This only shows the Apple/Open Directory attributes, not the OpenLDAP attributes.
| 3. | Scroll through the attributes, noting the names of the attributes and their associated values (Figure 4.68).
Figure 4.68. View the Apple/Open Directory attribute and its associated address value. 
| 4. | Click Options again and this time swap the attribute view, showing only the Standard or OpenLDAP attribute names and values (Figure 4.69).
Figure 4.69. View the OpenLDAP attribute and its associated address value. 
|
Multiple Values Here's another fun fact about the wonderful world of directory services. When viewing all the user attributes, keep in mind that for each attribute type, there can be several values. For example, the Apple/OD AuthenticationAuthority attribute, which tells the account what types of authentication it has and where those authentication mechanisms exist, has two values: one for Password Server and one for Kerberos. There is also a small arrow to the left of the attribute's name; click it to reveal all the values for the attribute. You can create multiple separate values for any attribute by selecting the attribute from the Inspector window and clicking New Value. |
Changing the Home Directory Location in the Inspector Tab If you must change the user's home directory in the Inspector tab and not in the Home tab, please note you must make changes to the following attribute fieldseither Apple/OD or OpenLDAP names: Apple OD HomeDirectory NFSHomeDirectory
OpenLDAP apple-user-homeurl homeDirectory
|
To view or change attribute values in the Inspector tab 1. | Follow step 1 in the previous task.
| 2. | Find the value you wish to edit, and either edit the Standard/Apple OD (Figure 4.70) or Native/OpenLDAP categories (they both write to the same location, so editing either is acceptable) (Figure 4.71).
Figure 4.70. Double-click a value to make a change associated with the Apple/Open Directory attribute or ... 
Figure 4.71. ...double-click a value to make a change associated with the OpenLDAP attribute. 
If the attribute's value is long (typically any value that contains XML code), click Edit to make changes. The attribute editing dialog appears, in which you can make changes to more complicated values (Figure 4.72).
Figure 4.72. You can make changes to more complex values in the attribute editing dialog. 
| 3. | Click OK when you are finished.
| 4. | When you've finished making changes, click Save.
|
 Tip
When you make account modifications with the Inspector, always thoroughly test your changes before you implement them on a wider scale. In fact, it's a good idea to create test user accounts so you can experiment with changes made using the Inspector.
Adding user attributes Essentially, there is no limit to the number of attributes a user record can have in either the local or the LDAP directory database provided by Mac OS X Server. You can configure as many attributes as you see fit. Keep in mind that attributes are nothing more than known storage locations for specific user account information, such as additional address lines, middle name, departments, fax numbers, PGP public key, and so on. Apple has 144 preset additional attributes, although only a portion are potential user record attributes. Adding a custom user attribute to the directory is useful only if a specific system service or feature knows how to use that attribute. To add user attributes 1. | In Workgroup Manager, click the Accounts icon in the Toolbar, click the User tab in the account types tab, select a user account, and click the Inspector tab (Figure 4.73).
Figure 4.73. Select the user, and click the Inspector tab within Workgroup Manager to click the New Attribute button. 
| 2. | Click the New Attribute button.
An Attribute dialog appears (Figure 4.74).
Figure 4.74. Clicking New Attribute to add an attribute to the user account. 
| 3. | From the Attribute Name menu, select one of the preset attribute types (Figure 4.75).
Figure 4.75. Choose an attribute type from one of the many preset attributes. 
You can also enter a custom attribute type to the right of the menu.
| | | 4. | Enter the attribute's value in the Text field.
The system automatically populates the Hex field (Figure 4.76).
Figure 4.76. Entering the information in the text field also automatically populates the Hex field. 
| 5. | When you've finished making changes, click OK to close the Attribute dialog, and then click Save.
| 6. | Locate your new attributes (both Apple/OD and OpenLDAP) and associated value(s) in the Inspector frame, and view the information (Figure 4.77).
Figure 4.77. Locate the new attribute and its associated value by using the Search field. 
|
Tips The actual name of the OpenLDAP attribute will vary from the name you chose in the list and the name that appears when it's saved. Remember to always thoroughly test directory modifications before you implement them.
|
