Quercus 8.0.2. Control Centre User’s Guide<>

User account management

Background

If your identity management application is Oracle Internet Directory or Novell eDirectory, you can can add and administer new users through the Control Centre.

Note: The option is not yet available in environments where the identity management application is Microsoft Active Directory. The rest of this chapter applies only if your identity management application is Oracle Internet Directory or Novell eDirectory.

Precondition — Quercus users must exist on the Quercus database

Before you can add a Quercus user, the user must have a person record on the Quercus database.

When you create a Quercus user the person’s details are extracted from the Quercus person record and offered as default values during the set up procedure.

You add a person record through Quercus Classic Interface.

To add a user through Quercus Classic Interface

1In the Quercus Classic Interface go to Records > Maintain Person > Add

2Enter the user’s details.

3Click the Save icon in the toolbar or press F10 to save the record.

Now you have added the record you can set up the person with a QuercusPlus menu login using the procedure described below under Adding a user.

Adding a user in Quercus

If your access permissions allow you to access the User Account Management option you can set up new Quercus user accounts. Users set up in this way can log into QuercusPlus Menu. As part of the set up process you assign the user to the appropriate LDAP groups.

The option does not need to be enabled: it is a standard Quercus function available if your identity management application is Oracle Internet Directory or Novell eDirectory.

To add a new user

Note: in order to assign roles to users you need to be a member of the OALP_USER_MANAGEMENT group.

Note: the user you are setting up must have an existing person record on the Quercus database. See Precondition — Quercus users must exist on the Quercus database.

1Go to Set-up > User Account Management.

2In the Smart Links menu click the Create New Account option.

3Type the user's name and (optionally) person type into the Name field to locate the user.

4Click the Select icon.

5Complete the login details.

Note: The USERNAME_PATTERN, PASSWORD_PATTERN and EMAIL_PATTERN Control Centre parameters allow you to validate the username, password and email address using regular expressions.

Note: if you change the first name or surname here they will be changed on the LDAP server and NOT in the original Quercus database records.

6Click Create Now. This creates the account.

7Allocate the user to the correct LDAP groups. (QP_USER is the minimum required to log in to Quercus).

» See LDAP groups and access to the Control Centre tabs and To associate a user with LDAP groups, below.

8Click the Reset Groups button.

If you go back to user account management and search for the user and you will see the user. The user information is derived from your identity management application, not from the Quercus database.

To associate a user with LDAP groups

Condition: this procedure assumes:

you are using Oracle Internet Directory or Novell eDirectory

you are using Quercus 8.0.2 Control Centre

you have access to User Account Management

Some configurations may use different means to allocate users to LDAP groups.

1Login to Quercus 8 with administrator permissions and select Control Centre.

2Click the Set-Up tab.

3Select User Account Management from the Basic option list.

4Select a user and open the user’s record for editing.

5In the Available LDAP groups list select the LDAP groups to which you want to add the user. To select multiple groups hold down Ctrl while you click.

Note: in order to assign roles to users you need to be a member of the OALP_USER_MANAGEMENT group. The list of roles you can then assign to other users is derived from the system account (OPENCAMPUS.LDAP_ADMIN_USER_NAME). Only roles which are assigned to this system account are shown in the list.

You must configure the system account using your Oracle or Novell LDAP admin tool. It cannot be configured through the Quercus interface.

6Add them to the user’s list of groups by using the add arrows located between the lists of groups.

7Click the Reset Groups button.

The user is now associated with the selected groups.

Changing the username, password and email validation patterns

You can add validation rules in the form of regular expressions to ensure that the user names and passwords entered during user set-up are sufficiently complex and that user email addresses correspond to a valid pattern (for example must contain an @ sign). If you make use of this option then, when any of these fields are updated, the value entered is checked against the appropriate validation pattern.

You set these validation rules using the USERNAME_PATTERN, PASSWORD_PATTERN and EMAIL_PATTERN Control Centre parameters.

To change a username, password or email validation pattern

1Login to Quercus 8.0.2 Control Centre with administrator permissions and select CONTROL CENTRE.

2Select the SET-UP tab.

3Select Parameters.

4Locate the parameter associated with the pattern you want to change and click the corresponding edit icon .

Note: the USERNAME_PATTERN, PASSWORD_PATTERN and EMAIL_PATTERN parameters are in the OpenCampus namespace

The Edit Parameter screen opens.

6Amend the regular expression as desired and click Save. Leave blank for no validation.

The regular expression entered should use the Oracle Database SQL Regular Expressions syntax.

» See http://download.oracle.com/docs/cd/B14117_01/appdev.101/b10795/adfns_re.htm#1007582

Allowing users to change their own password

You can specify whether users can change their own passwords by setting the USE_CHANGE_OWN_PASSWORD Control Centre parameter.

In the My Profile screen below, the CHANGE MY PASSWORD link in the right-hand TASKS list is displayed because USE_CHANGE_OWN_PASSWORD is set to TRUE.