You can use LDAP QuickStart Manager to import information about people from a directory service or LDIF file into a StarTeam or Caliber Server as user properties. You can also manually add new groups and users to a server configuration. When users log onto the application, they can be validated by a password that has been entered in or imported to the application or obtained from Microsoft Active Directory Services (the LDAP server). This operation is possible only when the server is on a trusted domain in relation to the LDAP server.
New server configurations come with predefined default groups: All Users, Administrators, System Managers, and Security Administrators. These groups come with default privileges but you can assign privileges in accordance with your company policy.
The users in the Administrators group initially have all available privileges, giving them complete access to the system unless the system is set up to ignore privileges. The All Users, System Managers, and Security Administrators groups initially have no privileges.
All users are members of the All Users group because All Users is the root group in the User manager and because all members of a child group are members of its parent group. Therefore, all users inherit any rights and privileges assigned to this group.
This group initially contains the Server Administrator user. You may want to add others who have administrative privileges.
StarTeam Server comes with a user named “Administrator” who has the password “Administrator”. Because this is common knowledge, you will want to change that password.
The users in this initially-empty group receive email (at the address specified for them in the User Manager) whenever an error is added to the server log.
The users in this group can receive email about users who attempted to log on unsuccessfully. This group initially contains only the user who has been designated as the Server Administrator.
A user can be a member of more than one group. If users belong to multiple groups, they can perform operations at the highest level permitted by any of their group privileges. For example, suppose that User A belongs to both the All Users group and the Administrators group and that the Delete Item privilege is granted to the Administrators group but not to the All Users group. User A can then delete any item in the server configuration projects.
Membership can be explicit or implicit. Membership in a group is explicit if:
The group hierarchy determines implicit membership. If a user is a member of a child group, the user is also a member of the parent group, even if the name of the member does not appear in the user list when you select the parent group. For a selected group that has child groups, you must select the Show Users in All Descendant Groups check box to see the complete list of members.
A user who is a member of a parent group and also a member of a child group within that group will have both implicit and explicit membership in the parent group.
StarTeam allows password verification with Active Directory. It allows centralized, secure management of an entire network. To validate users against the directory server, the StarTeam Server must be on a trusted domain in relation to that server.
On the Directory Service tab of the Configure Server dialog box, you must also select the Enable directory service option and enter the location and port number of the directory server. For each individual who will be validated against the directory server, you must select the Validate with directory service option on the New User Properties or User Properties dialog boxes and enter a Distinguished name (used to uniquely identify a directory services user).
Even if the settings are correct, the user will not be able to log on if the directory server is unavailable. Although directory service support is off by default, it can be activated at any time. The server cannot be running at the time you enable or disable the support. When the user supplies a logon name and an Active Directory password, StarTeam Server recognizes that the user is set up for directory service password validation and uses the Distinguished name and password as it contacts Active Directory. If the password is verified, the user is allowed to access the server configuration.