Novell Doc: OES 2 SP3: Getting Started with OES 2 and Virtualized NetWare

4.2 Creating Group Objects

To simplify user management, you should create one or more groups and associate users with those groups. Groups let you manage multiple users at the same time.

Some actions can only be performed at the group level. For example, enabling users for LUM requires making them members of a group that is enabled for LUM.

For the exercises in this guide, you will create two groups:

LUMUsers: This group is used to LUM-enable some of the users you have created. Having the group lets us explore how LUM works and directly experience the SSH security precautions that are built into OES 2.
AllUsers: This group is for all of the eDirectory user objects, including those that are LUM-enabled and those that have only traditional Novell services access.

IMPORTANT:Creating a group named users seems logical to many eDirectory administrators.

Unfortunately, all SLES 10 servers already have a system-created local group named users, and creating a duplicate group in eDirectory causes problems.

For more information, see Avoiding POSIX and eDirectory Duplications in the OES 2 SP3: Planning and Implementation Guide.

To create the required group objects:

In iManager > Roles and Tasks, click Groups > Create Group.
In the Group Name field, type LUMUsers.

The name contains uppercase and lowercase letters simply to illustrate that case is preserved in object names. Some administrators use mixed case to improve readability.
Click the Browse icon next to the Context field.
Browse to the USERS container object.
Click OK > Modify.
Click the Members tab.
Click the Browse icon next to the Member field.
Browse to the USERS container and click the down-arrow next to it
Select the following User objects:
- linux1_lum-edir
- linux2_lum-edir
- ncp_lum-edir
- nss_lum-edir
Click OK > Apply > OK.
Click Create Group.
In the Group Name field, type AllUsers.
Click the Object History icon and select the USERS object’s fully distinguished name (FDN).
Click OK > Modify.
Click the Members tab.
Click the Browse icon next to the Members field.
Shift-click linux1_lum-edir, drag the mouse down to select all the users, then click nw_edir.

All of the users are added to the list.
Click OK > Apply > OK.
Do not close iManager. Continue with the next section, Enabling the LUMUsers Group for Linux User Management (LUM).