5.6. Users module

Nubus offers the Users management module to manage users. You find the Users management module in the Users category in the Management UI.

To quickly create a user, use the User creation wizard.

This section provides a reference for the fields used in the Users management module. Likewise, you reach those tabs through the Advanced button in the user creation wizard. It covers the following aspects:

• General tab

• Groups tab

• Account tab

• Contact tab

• Password recovery tab

• Advanced settings tab

To see all user account attributes as shown in Fig. 5.11, click Advanced in the user creation wizard.

Fig. 5.11 Advanced user settings

See also

User creation wizard

for information about the wizard to create user accounts.

5.6.1. General tab - User management

Title

The personal title of the user.

First name

The first name of the user.

Last name

The last name of the user.

Username

The name, by which the user signs in to the system. For recommended characters for the user, see Recommendation for username definition.

Nubus prevents to create user accounts with usernames that only distinguished themselves by upper and lower case to ensure compatibility to non-UCS systems. Therefore, if the username smith already exists, you can’t create a user account with the username Smith.

By default, Nubus prevents user accounts with the same name as an existing group.

UCS appliance

To deactivate this plausibility check, set the UCR variable directory/manager/user_group/uniqueness to the value false.

Nubus for Kubernetes

Nubus for Kubernetes doesn’t support to deactivate the plausibility check to prevent creating user accounts with the same name as an existing group.

Description

Arbitrary descriptions for the user.

Password

The user’s password.

Password (retype)

To avoid spelling errors, type in the user’s password for a second time.

Override password history

Activating this option overrides the password history of the user account and for this password change. Therefore, with this change you can assign a password that the user has already used.

For more information about password history length, see History length.

Override password check

Activating this option overrides the password length and password quality requirements for this user account and password change. Therefore, you can assign a password that’s shorter than the minimum length defined.

For more information about user password policy settings, see Password policy settings.

Primary email address (mailbox)

The email address of the user. See Assignment of email addresses to users.

Display name

Nubus automatically generates the display name from the first name and the last name. Usually, you don’t need to change it. Among other things, the synchronization with Microsoft Active Directory and Samba use the display name.

Birthday

The user’s birthday.

Organization

The user’s organization.

Employee number

The user’s employee number.

Employee type

The category of the staff member.

Superior

Select a user account as the user’s superior.

Upload profile image

A picture of the user in JPEG format. By default, Nubus limits the file size to 512 kb.

You find the Upload profile image on the left side after the tab listing on the General tab.

5.6.2. Groups tab - Users management

Primary group

Defines the user account’s primary user group. All the groups registered in the domain are available for selection. By default, Domain Users is the user’s Primary group.

Groups

Define group memberships for the user account in addition to the primary user group.

5.6.3. Account tab - Users management

Account is deactivated

Enable this setting to deactivate the user account. If enabled, Nubus doesn’t allow the user to sign in to the system. The setting affects all authentication methods. The typical use case is for employees that leave the organization. In a heterogeneous environment, external tools may cause the account deactivation.

Account expiry date

Defines a date to automatically deactivate the user account. Use this setting for user accounts that are active for a defined time period, for example interns.

If you delete the date or update it to a future date, the user account remains available for sign-in.

User has to change password on next login

If activated, the user must change their password at their next sign-in.

Password expiry date

If the password is subject to an expiry date, Nubus shows this date in the Password expiry date field. Nubus doesn’t allow editing this field directly. For more information, see Password expiry interval.

If the user account has a password expiry interval defined, Nubus automatically adjusts the password expiry date if the user changes their password.

If the user account has no password expiry interval defined, Nubus doesn’t set another password expiry date after a password change.

Unlock lockout

If a user account has been temporarily locked for security reasons—usually because the user has entered the password incorrectly too many times—you can use this checkbox to unlock the user account manually before Nubus automatically unlocks the lockout when the lockout period ends.

The temporary user account lockout can happen if an administrator has defined a corresponding policy. The following mechanisms can trigger a lockout, if configured properly:

• Failed PAM authentication attempts to an UCS appliance system. For more information, see Automatic lockout of users after failed login attempts.

• Failed LDAP authentication attempts, if an administrator has activated and configured the ppolicy overlay.

• Failed Samba/AD authentication attempts in a UCS appliance environment if an administrator has configured the Samba domain passwordsettings.

Lockout till

If Nubus temporarily locked the user account for security reasons—usually because the user has entered the password incorrectly too many times— this field shows the time when Nubus automatically unlocks the user account.

Activation date

Defines a future date, when Nubus activates the user account. A cron job periodically checks every 15 minutes, if Nubus needs to activate user accounts. If you defined an Activation date, Nubus automatically deactivates the account in the case you defined a future date.

Windows home drive

Defines a home drive letter for the Microsoft Windows home directory, for example M:, that’s different from the default Samba configuration.

Windows home path

Defines the path of the directory for the user’s Windows home directory, for example \ucs-file-serversmith.

Windows logon script

Defines the user-specific logon script relative to the NETLOGON share, for example user.bat.

Windows profile directory

Defines the profile directory for the user, for example \ucs-file-serveruserprofile.

Relative ID

The relative ID (RID) is the local part of the SID. If you want a user account with a certain RID, you can assign the RID in the Relative ID field. Nubus permits integer numbers from 1000 and upwards. Nubus reserves RIDs below 1000 for standard groups and other special objects.

Important

If you don’t assign a RID, Nubus automatically assigns the next available RID. You can’t change the RID subsequently.

Samba privilege

Use this selection to assign Microsoft Windows system rights to a user, for example the permission to join a system to the domain.

Permitted times for Windows logins

Defines time spans for a user account that control when a user can sign in to Microsoft Windows computers.

No entry means that the user can sign in at any time of the day.

Allow the authentication only on these Microsoft Windows host

Limit the user account to sign in only on the specified Microsoft Windows systems.

No entry means that the user can sign in on any Microsoft Windows system in the domain.

Unix home directory

The path of the user’s home directory.

Login shell

The user’s login shell. The UCS appliances starts the Login shell at text-based sign-in. The default setting is /bin/bash.

User ID

If you want a user account with a certain user ID, you can assign it in this field.

If you don’t define a value, Nubus automatically assigns an available user ID.

Important

You can only assign the user ID manually when you add the user account. You can’t change the user ID subsequently.

Group ID of the primary group

The group ID of the user’s primary group. You can change the user’s primary group on the Groups tab in the Primary group setting.

Home share

If you define a home directory, Nubus stores the home directory on the specified UCS appliance node.

If you don’t specify a system, Nubus stores the user data on the respective login system.

Home share path

The path of the home directory relative to the Home share. Nubus already presets the username as a default value when creating a user account.

5.6.4. Contact tab - Users management

Email address

Additional contact email addresses. The mail server doesn’t evaluate these email addresses.

Nubus stores the values of this attribute in the LDAP attribute mail. Most address book applications that use an LDAP search function, lookup email addresses in this attribute.

Telephone number

The business phone number of the user.

Room number

The room number of the user.

Department number

The department number of the user.

Street

The street and house number of the user’s business address.

Postal code

The postal code of the user’s business address.

City

The city of the user’s business address.

Private telephone number

The private fixed network phone number.

Mobile telephone number

The user’s mobile number.

Pager telephone number

The user’s pager number.

Private postal address

One or more of the user’s private postal addresses field.

5.6.5. Password recovery tab - Users management

This tab requires the End User Self Service, an additional component for Nubus.

UCS appliance

To have the tab Password recovery in a UCS domain, you need to install the Self Service Backend app.

Nubus for Kubernetes

By default, Nubus for Kubernetes has the Self Service installed.

See also

End User Self Service

for more information about the End User Self Service.

5.6.6. Options tab - Users management

Public key infrastructure account

Activate to assign the object class pkiUser to the user object.

The pkiUser object class is part of building an address book for public certificates, for example for S/MIME email encryption.

5.6.7. Advanced settings tab - Users management

The Advanced settings tab contains various sections and this page lists just a few. For the description of the fields in the Mail section, see the following references:

Email alias address

see Alternative email addresses.

Mail home server

see Mail home server.

Forward email address

see Forward email addresses.