Administration Guide › Tools to Manage CA Directory › DSA Console › Specify Which Users Can Connect to a DSA Console

Specify Which Users Can Connect to a DSA Console

You can specify which users can connect to a DSA console.

To specify which users can connect to a DSA Console

1. Ensure that the DSA has a local or remote console port set up and working correctly.
2. Stop the DSA.
3. (Optional) Create one or more roles, containing users you want to give access to.
4. Add the following command to the DSA's settings configuration file:

   set dxconsole-users = [users], [roles];
   

   users

   Specifies the users who can connect to this DSA's console, as a comma-separated list of DNs.

   roles

   Specifies the roles which can connect to this DSA's console, as a comma-separated list of DNs.

5. Save the changed configuration file.
6. Start the DSA.

Example: Set Up the Democorp DSA to Allow Directory Users to Connect through a console

This example shows how to allow users in the Democorp directory to connect to the DSA.

1. Add the following commands to the Democorp DSA's settings file:

   set dxconsole-users = <c AU><o Democorp><ou Corporate> <ou Administration><cn "Craig Link">,<c AU><o Democorp><ou Roles>;
   set role-subtree = <c AU><o Democorp><cn Roles>;
   set use-roles=true;
   

2. Use JXweb to add passwords to the following entries in the Democorp DSA:
   • cn=Nadia Kite,ou=Administration,ou=Corporate,o=Democorp,c=AU
   • cn=Craig Link,ou=Administration,ou=Corporate,o=Democorp,c=AU
3. Use JXweb to create a new role with one member as follows:
   1. Create the following entry with an object class of groupOfNames:
      • cn=Roles,o=Democorp,c=AU
   2. Add the following DN to the member field:
      • cn=Nadia Kite,ou=Administration,ou=Corporate,o=Democorp,c=AU
4. Reinitialize the Democorp DSA by running the following command as user dsa:

   dxserver init democorp
   

   You are now ready to test the DSA console login:

5. Try to use the DSA console to connect to the Democorp DSA using the following credentials:
   • User: cn=Craig Link,ou=Administration,ou=Corporate,o=Democorp,c=AU
   • Password: Use the password you created for Craig Link in Step 2.

   The login should work.

6. Try to use the DSA console to connect to the Democorp DSA using the following credentials:
   • User: cn=Nadia Kite,ou=Administration,ou=Corporate,o=Democorp,c=AU
   • Password: Use the password you created for Craig Link in Step 2.

   The login should work.

7. Try to use the DSA console to connect to the Democorp DSA using the following credentials:
   • User: cn=John Smith
   • Password: password

   The login should not work.

More information:

How the DSA Console Can Authenticate Using Directory Entries

set dxconsole-users Command—Specify Which Users Can Connect to the DSA Console

Groups and Roles