Table of contents

Brushtail Administrator's Guide

User accounts

Introduction



Only the administrator user can make create/edit user accounts.

Click on the link "Intranet Administration".




 

Click on "User accounts".



The User accounts page has an Add user form at the top of the page, below this is a list of user accounts that can be edited.


Adding a user authenticated by MySQL



Click on the "Add user" icon to create an account.

Click on the "CSV import" icon to import users by CSV file.

Username

This is the user login name. This must be a unique value, cannot be left blank.


First Name

Optional field


Last name

Optional field


Email address

Optional field



Authentication method

The default authentication method is MySQL.

User account
If using ldap, Active direvtory or imap authentication then an appropraite user account needs to be specified. This can be left empty if using MySQL authentication.

Change password at next logon
This can be used to force a user to change pasword.

Password never expires
If this is set to "no" then the maxmimum password age defined in the intranet preferences will be enforced. Once a password has expired a user will be forced to change password at next logon.







Import users by CSV file.

Users may be imported by CSV file. The default column order is username,first name, last name, email address, password (mysql login), ldap (ldap login). The ordering of these columns can be adjusted by the upload form. The only mandatory column is username, the others may be absent. The columns that do exist in the csv file must match columns in the upload form.


Email authentication

Intranet users may be authenticted via a pop or imap email account. The login name of the email acount needs to be entered into the User account field.


Email authentication requires IMAP to be compiled/enabled in PHP. The hostname and port number of the mailserver used for authentication needs to be entered in the confg.php file. For fuller documentation on the possible configurations, have a look at the PHP web site.

Examples:
$MAILSERVER = "{hostname:143/imap}";
$MAILSERVER = "{hostname:110/pop3}";

Adding a user authenticated by LDAP/Active Directory

LDAP authentication requires LDAP to be compiled/enabled in PHP.

Click on the "Add user" link to create an account.

LDAP can be used in a "read only" capacity for authenticating passwords. If you want to be able to force users to update Active Directory passwords you will also need to the read the "LDAP" page of this manual.



Authentication method

Select the authentication method LDAP/Active Directroy.

User account
This is the LDAP distinguashed name (DN) of the user. Examples:


fred.frog@foo.org
CN=fred frog,CN=Users,DC=foo,DC=org

(this last format must be used if you want users to be able to update their windows password)

Change password at next logon
This parameter is not relevant if LDAP is used in a read only capacity.
This can be used to force a user to change pasword. This parameter can be used to update Active Directory passwords. If the Windows password has been changed by the administrator on the windows server, then �User change password at next login� must be set on the Intranet not active directory.

Password never expires
This parameter is not relevant if LDAP is used in a read only capacity.
If this is set to "no" then the maxmimum password age defined in the intranet preferences will be enforced. Once a password has expired a user will be forced to change password at next logon. This parameter can be used to update Active Directory passwords.

Account disabled
This can be used to disable an account temporarily.





Active Directory passwords

If you want to enforce password expiry, or to force a user to change a user at next logon, this can be implemented via the intranet or via Active Directory. If The password has expired in Active Directory then the intranet can force the user to change password. Disabling an account in the intranet will not disable an account in Active Directory. Disabling the account in Active Directory will cause LDAP authentication to fail.





Table of contents