Adding a user in the Sentinel system creates an application user who can then log in to Sentinel. You also assign roles when you create the user.
From Sentinel Main, click Users.
Click Create in the Users section.
Specify the name and email address of the user.
The fields with an asterisk (*) are mandatory, and the user name must be unique.
A user name cannot exceed 30 characters, and you can use extended characters when you create it.
Select a role for the user.
Select the authentication type:
Local: Select this option for the server to authenticate the user login against the internal database. By default, the Local option is selected.
Directory: The Directory option is enabled only if you have configured the Sentinel server for LDAP authentication. Select this option for the server to authenticate the user login against an LDAP directory.
(Conditional) If you specified Local for the authentication type in Step 5, specify any user name in the Username field and continue with Step 8.
(Conditional) If you specified Directory for the authentication type in Step 5, specify the user name according to the settings you used when you configured LDAP, then continue with Step 10.
If you selected Yes for Anonymous Search: The user name must be the same as the LDAP directory user name.
If you selected No for Anonymous Search and did not specify the domain name: The user name does not need to be the same as the LDAP directory user name.
You must also specify the LDAP User DN. If Base DN was set, the Base DN is appended to the relative user DN to construct the absolute user DN.
For example, if the Base DN was set to o=netiq and the absolute user DN is cn=sentinel_ldap_user,o=netiq only the relative user DN for example, cn=sentinel_ldap_user can be specified.
When some reserved special characters are used as literals in an LDAP User DN, they must be escaped with a backslash (\). The following characters must be escaped:
A space or '#' character occurring at the beginning of the string
A space character occurring at the end of the string
Any one of the characters, +, “, \, <, > or ;
For more information, see LDAPv3 Distinguished Names.
For example, if the LDAP User DN contains a ',' (comma) as a literal, specify the LDAP User DN as follows:
CN=Test\,User,CN=Users,DC=netiq,DC=com
eDirectory or Active Directory might require additional characters to be escaped. Refer the eDirectory or Active Directory documentation for any additional characters to be escaped.
If you selected No for Anonymous Search and specified the domain name: The user name must be the same as the LDAP directory user name.
Specify a password in the Password field.
NOTE:For local user password, ensure that the password adheres to the password complexity validation rules. For more information, see Configuring Password Complexity.
Re-enter the password in the Verify field.
The Title, Office #, Ext, Mobile #, and Fax. fields are optional. The phone number fields allow any format. Make sure you enter a valid phone number so that the user can be contacted directly.
Click Save.