2.3 Creating Users

Adding a user in the Sentinel system creates an application user who can then log in to Sentinel. You also assign roles when you create the user.

  1. Log in to the Sentinel Web interface as a user in the administrator role.

  2. In the toolbar, click Users.

  3. Click Create in the Users section.

    The new user creation form is displayed.

  4. Specify the name and e-mail address of the user. The e-mail address format is validated.

    The fields with an asterisk (*) are mandatory, and the username must be unique. If user already exists with the specified name, a Username taken message is displayed.

    A user name cannot exceed 30 characters, and you can use extended characters when you create it.

  5. Select a role for the user.

  6. Select the authentication type:

    Local: Select this option for the server to authenticate the user login against the internal database. By default, the Local option is selected.

    Directory: The Directory option is enabled only if you have configured the Sentinel server for LDAP authentication. Select this option for the server to authenticate the user login against an LDAP directory.

  7. (Conditional) If you specified Local for the authentication type in Step 6, specify any user name in the Username field and continue with Step 9.

  8. (Conditional) If you specified Directory for the authentication type in Step 6, specify the username according to the settings you used when you configured LDAP, then continue with Step 11.

    • If you selected Yes for Anonymous Search: The username must be the same as the LDAP directory username.

    • If you selected No for Anonymous Search and did not specify the domain name: The username does not need to be the same as the LDAP directory username.

      You must also specify the LDAP User DN. If Base DN was set, the Base DN is appended to the relative user DN to construct the absolute user DN.

      For example, if the Base DN was set to o=netiq and the absolute user DN is cn=sentinel_ldap_user,o=netiq only the relative user DN for example, cn=sentinel_ldap_user can be specified.

      When some reserved special characters are used as literals in an LDAP User DN, they must be escaped with a backslash (\). The following characters must be escaped:

      • A space or '#' character occurring at the beginning of the string

      • A space character occurring at the end of the string

      • Any one of the characters, +, “, \, <, > or ;

      For more information, see LADPv3 Distinguished Names.

      For example, if the LDAP User DN contains a ',' (comma) as a literal, specify the LDAP User DN as follows:

      CN=Test\,User,CN=Users,DC=netiq,DC=com
      

      eDirectory or Active Directory might require additional characters to be escaped. Refer the eDirectory or Active Directory documentation for any additional characters to be escaped.

    • If you selected No for Anonymous Search and specified the domain name: The username must be the same as the LDAP directory username.

  9. Specify a password in the Password field.

  10. Re-enter the password in the Verify field.

  11. The Title, Office #, Ext, Mobile #, and Fax. fields are optional. The phone number fields allow any format. Make sure you enter a valid phone number so that the user can be contacted directly.

  12. Click Save.