en-US
search-icon

Enforced Client Policy and Reporting Server 2.3 Admin Guide

User Groups

The User Groups function allows you to utilize user groups that have already been established in LDAP and Google Directory. You can then apply the same policies to everyone in a group. All the groups can be viewed and managed on the Policies tab at Directory Services > User Groups.

If you have an environment with more than one firewall in it, you can also manage User Groups at two levels: globally and on the firewall. By selecting the global node, you can configure and make changes across all the firewalls in your environment. By selecting an individual firewall you can configure and make changes that apply only to that particular unit.

Topics:

About the User Groups List

The User Groups list has several tools that are useful for finding and managing user group information. At the top of the list is a search function. Refer to Searching for a User Group for information on using the search.

The names in the body of the table represent what has been mirrored from either LDAP or Google Directory. The source of the information is listed in the column called Mirrored From. The Type column indicates what kind of group this is. Options include User Group or Organizational Unit. Members tells how many users are in the group. The Directory column indicates the source for the Users information. The options are LDAP or Google (for Google Directory).

In the Configuration column, several icon allow operations on the User Group listed on that line. the edit and delete icons allow you to mange the user data.

The view/edit icon allows you to view the settings for the group (Settings tab) and you can edit the group members on the Members tab.

The group icon allows you to set this group as the Primary Group to the users (or some of the user) in the group. Refer to Assigning Primary Groups, for more information.
The delete icon allows you to delete the group on this line. You are asked to confirm the deletion before continuing.

At the bottom of the list, a note states how many user groups were found and how many of them have no members.

Searching for a User Group

The User Groups Search function is useful if you have a large number of user groups and need find a specific one. The function can search for text in the Name, Mirrored From, Type or Directory fields. To search for a specific user group, choose the node that you want to search. On the Policies tab, select Directory Services > User Groups.

To search for a user group:
1
Select the user group field to be searched. You can select either the Name, Mirrored From, Type, or Directory fields.
2
To specify the type of match, choose from the following:
Equals—The entire field must match the text you provide.
Starts with—The field must start with the text you provide.
Ends with—The field must end with the text you provide.
Contains—The field must contain the text you provide.
3
In the blank field, type in the text that you want to search for.
4
Click Search.
5
Click Clear to return the search fields to their default values and clear the text field.

Synchronizing LDAP

The User Groups page allows you to synchronize your LDAP and Google Directory to easily authenticate users. Click the Synchronize link at the bottom of the page to efficiently synchronize the list of User Groups.

Synchronizing user groups:

Replicates any membership changes for user groups listed in the User Groups Mirrored from LDAP and Google Directory.
Removes any deleted user groups from the list of User Groups Mirrored from LDAP/Google Directory.
Removes client groups for the deleted user groups.

You will be asked to confirm your action because of the changes that could be made to your groups.

Deleting User Groups

To delete user groups:
1
On the Policies tab, navigate to Directory Services > User Groups.
2
Check the box corresponding to the User Group you want to delete. Then, click the Delete User Group(s) link at the bottom of the page or click the Delete icon in the Configure column for that group.
 
* 
NOTE: You can delete multiple groups at a time. Check the boxes by the group names you want to delete and click the Delete User Group(s) link at the bottom of the page.
3
Click on OK after being asked to confirm that you want to delete the group.
 
* 
NOTE: If you delete a group that has clients that uses a policy defined for that group, you get warning message showing the relationship between the user group to the client. Then you can take corrective action based on the comments provided.

Importing User Groups

User groups can be imported from either your LDAP server or the Google Directory or both.

To import User Groups:
1
On the Policies tab, navigate to Directory Services > User Groups.
2
Click the Import User Groups link at the bottom of the User Groups page. A list of available user groups displays. The following figure shows the view for LDAP.

3
Check the Directory Type and change it to the type you want by selecting from the drop down menu. The following figure shows the view for Google Directory.

4
You can then select the groups to import by checking the box and click the Save Selected button to add those user groups to EPRS.
 
* 
NOTE: If you have a long list of User Group/OU Names, you can use the Search function at the top of the page to filter the list. Select the field to search on (name, type, location); choose the type of search (equals, starts with, ends with, contains); input the search string and select Search.

You can also perform other functions from the Import page:

To remove user groups from EPRS, select one or more groups by checking the box, then click the Remove from List button.
Click on Undo to undo any action.

Importing User Groups from LDIF

Content Filtering Client also supports importing from Lightweight Directory Interchange Format (LDIF) files. LDIF is a standard plain text data interchange format for representing LDAP directory content. While LDAP is the recommended format to use, LDIF is a more secure method for administrators because they do not have to connect to a server to retrieve information, unlike LDAP.

LDIF files must contain schema attributes that are the same as the current LDAP schema settings. The following schema is configured for User Groups:

LDAP Schema - Microsoft Active Directory
Group Object class - group
Member attribute - member
 
* 
NOTE: Inclusion of other LDAP attributes in the file may result in large file volume. The server may take a considerable amount of time to process the large files
 
* 
NOTE: If you need to edit the User Groups, you will need to upload a new LDIF file with the changes.
To import an LDIF file:
1
On the Policies tab, navigate to Directory Services > User Groups.
2
Click the Import User Groups from LDIF link at the bottom of the User Groups page.

3
Click the Browse button to select the LDIF file.
4
Select Import.

Assigning Primary Groups

The User Groups page allows you to assign users to primary groups. Primary Groups are essential in organizing users and ensuring the proper policies are assigned to each user. An individual user may belong to multiple groups, each of which has a variety of policies to enforce. To ensure the correct policies are applied to this user, the administrator should assign the primary group to which the user should belong.

 
* 
NOTE: If a user is not assigned to a Primary Group, EPRS assigns the user to the first Primary Group the user is a part of.
To assign primary groups to users:
1
Click the Assign Primary Group icon.

A dialog window displays the list of groups and users.

* 
NOTE: For large groups, this may take several minutes to populate.
2
Select a username from the list, then click the > button to add this user to the Users Having Selected Group as Primary. This user will have the selected Primary Group as his/her primary group.

Select a username from the list, then click the < button to add this user to the Users Not Having Selected Group as Primary. This user will not have the selected Primary Group as his/her primary group.

3
Click the OK button to finish and save changes.
 
* 
NOTE: When assigning a user to a user group, you can approach from one of two perspectives. When making the assignment from the User Group page, you can look at all the individuals that make up the user group. You can then easily validate that all the users needed for that group are included and remove any that should not be in there. When making the assignment from the Users page, you only see the group that individual belongs to, and you can choose a different group, if appropriate.