User & Team management (Lotus Foundations Start v1.1 Administration Guide) 

For the original or accessible version of this article, see Lotus Foundations Start Administration Guide - All available languages (1.1).

User & Team management

Service integration

User and team management is integrated with a number of other Lotus^(R) Foundations services. It is important that you understand how user and team management relates to these other functions before creating, editing, and deleting users and teams. Read the following section carefully.

Lotus Foundations email, file, Web, and FTP services are tightly integrated. Every user and team account that is created has instant and automatic access to all of these services. When a user is created, a number of things happen in the background:

• A login account is created and the password defined by the administrator is assigned to that account.
• A personal User directory is created on the server. This directory is accessible in Windows' Network Neighborhood or on Macintosh's AppleShare drive. If NFS is enabled, UNIX^(R) and similar systems can use the path /export/home/USERNAME to access this directory. For example, the path for someone with the username janedoe would be /export/home/janedoe.
• A WWW directory is created within the user's personal directory. Any file stored in this directory is automatically published on the user's personal web page. This is only valid if you have the option for 'Users Personal Home Page:' set to Enabled or Only Trusted Hosts. See Web Server in WebConfig for additional information.
• An FTP account (which points directly to the user's personal directory) is created for the user. If the user logs in to the FTP server using the proper username and password, they can access the files in their personal directory.
• An email account is created for the user. Email is available through either POP3, IMAP, or the Domino^(R) email protocol.

Similarly, when a team is created, a number of things happen in the background:

• A team login account is created and the password defined by the administrator is assigned to that account.

The default configuration is to have no password. Remember, assigning a password to a team takes up one user license.

• A Team directory is created. This directory is accessible to all Team members in Windows' Network Neighborhood or on Macintosh's AppleShare drive. If NFS is enabled, UNIX and similar systems can use the path /export/home/TEAMNAME to access this directory. For example, the path for a Team named sales would be /export/home/sales.
• A WWW directory is created within the team directory. Any file stored in this directory is automatically published on the team's web page.
• An FTP account (which points directly to the team directory) is created for the team. If a team member logs into the FTP server using the proper team name and password, they can access the files in the team directory.
• An email distribution account is created for members of the team. Team email can be accessed through either POP3 or IMAP mailboxes. Email received by the Team email account can be set to be automatically forwarded to all members of the Team.

Note:
All Lotus Foundations user and team accounts with a password require a Lotus Foundations user license. Lotus Foundations user licenses are not required for team accounts without a password; team members can still access team data/services using their personal User account passwords. Users who do not need to access Lotus Foundations se rvices (such as email, file, print, MySQL, and FTP services), do not require a user license. One additional "free" Lotus Foundations user license is allocated for a Lotus Foundations administrator. See User licenses for more information.


User accounts

Browsing users

Users are listed in the Users section of the WebConfig console. You can search for users and teams by user ID, Team ID or full name.

Disabled users are displayed in this list with '(disabled)' appended to the Full Name field. Users are considered disabled when they have no password set.

Creating users

Follow these steps to create users:
1.        Select Users from the left-side menu of WebConfig.
2.        Click the Users tab.
3.        Click Add User.  

Figure 14. Creating a user in the WebConfig console

4.        Enter the User ID (also known as a "username") that serves as the User's login and personal directory name.    
Note:
User IDs cannot contain spaces or any punctuation other than hyphens, periods, and underscores, for example, jane-doe, jane.doe, jane_doe are all acceptable user IDs. 

• With Lotus Foundations Start installed, this user ID becomes part of the user's email address. For example, if the username janedoe is created on a Lotus Foundations server that resides in the example.com domain, Jane's email address is janedoe@example.com.

5.        Enter the user's full name. This full name must be unique to all other names when running Lotus Foundations Start.
6.        Enter a password for the user. User passwords should also be unique to help maximize security and access controls.
7.        Re-enter the password to ensure that it has been entered correctly. If the passwords do not match, you are asked to re-enter the password in both fields.
8.        Select a preferred language for the user. This determines the language for the email template and for the Lotus Notes^(R) client through the one-click installation.
9.        Indicate whether or not this user has administrative privileges.  

• Administration privileges means that this user has unrestricted access to all configuration functions of Lotus Foundations. If you give a user administrative privileges, disk and email quota values are not configurable. Administrative users automatically have unlimited quotas.

10.        Indicate whether or not this user has FTP access to his or her private directory.  

• The FTP file server has to be enabled before the user can have FTP access. If FTP is enabled in Trusted Hosts Only mode, the user can access files from a trusted, internal network or from a VPN. If FTP is enabled in open mode, the user can access files using FTP from anywhere on the Internet.

11.        Indicate whether or not the user is allowed to establish a remote VPN (PPTP) or dial-in modem connection to the internal network.  

• For security reasons, most users should not be able to establish a remote connection. VPN services must be enabled before a user can establish a VPN co nnection. Similarly, dial-in for a specific modem has to be enabled before a user can establish a dial-in connection on that modem. See Remote access services for more information.

12.        If the domain controller is enabled, choose a drive that the user's files can be automatically mounted to when logged into a domain workstation. The
default drive is X:.  

• Be sure to choose a drive that is not already in use. For more information, see NT domain services.

13.        Select a quota value for this user. For more information, see Disk quotas.
14.        Select an email quota value for this user. This is the total amount of disk space a user's email file can occupy.
15.        Enter any nicknames that are required for this user. Email sent to any of these nicknames are delivered to this user.
16.        Under Join Teams, select the team(s) from the Available Teams list that this user is a part of. Click Join. The teams are displayed in the Member of Teams box.    
Note:
Team membership gives users full access to the team's shared directory. If one of the joined teams is a member of any other team(s), when it is added to the Member of Teams list it has (# inherited) listed after it. The user has "inherited" team membership to those other team(s).
17.        Click Save Changes. This returns you to the main User Setup page, and the user is displayed in the list of previously created users.

Editing users

Follow these step to edit users:
1.        On the User Setup page, click the Users tab. Click the appropriate user's edit icon  . The Modify User screen is displayed. 
Note:
While running Lotus Foundations Start, user and team names are not modifiable.
2.        Change the user's information as necessary. Refer to the previous section, Creating users for a description of the fields on this screen.
3.        Click Save Changes.

Other Actions

• Remove a user's password to disable the account.
• Enter a password for a disabled user to re-enable him or her.

Deleting Users
Note:
Deleting a user means that all of the user's personal files, email settings, mailbox, and any undelivered email in the mailbox is deleted. Once this is done, none of the above can be recovered (unless you restore the data from a previous backup).

To delete an individual user:
1.        On the User Setup page, click the Users tab. Click the appropriate user's delete icon  .
2.        An "Are you sure you want to delete user" confirmation box is displayed. Click OK to continue and delete the user.

To delete multiple users

To delete multiple users, you can use pre-existing pwdump2 or spreadsheet data using the following syntax:

username1, username2 , username3, username4.

User names should be separated by new lines or commas.

Fields other than the username field are optional and should use the following syntax:

username[,user2,user3(...)]:password:full_name

The ":" (colon) separator can be replaced by ";" (semi-colon) or [TAB].
1.        In WebConfig, click Users in the menu.
2.        Click the Users tab. Click Import Users. The Import Users screen is displayed.
3.        In the Action field, select Delete Users.
4.        Right-click the field called Import Users Info. Select Copy. This copies the contents of the file.
5.        Click Save Changes.

Import users from Windows^(R)

Follow these steps to upload user information from a Windows 2000 or NT server:
1.        You need to download an executable file called pwdump2. The program is freely available online and can be found at various locations on the Internet.
2.        Download the file called pwdump2.zip and unzip the contents to its own folder. For example, extract the contents to a folder called pwdump2 on your C drive.
3.        Click Start, and select Run.
4.        Enter cmd, then click OK.
5.        Type the following, then press Enter:  

cd pwdump2
6.        This changes the directory to the folder you created on your C drive that contains the contents to the file pwdump2.zip.
7.        Type the following, then press Enter:  

pwdump2 > list.txt
8.        This runs the file called pwdump2.exe and generates a text file called list.txt in the same folder.
9.        Open the file called list.txt. This contains a list of Windows users. Highlight the users that you wish to import, right-click and choose Copy.
10.        In WebConfig, click Users in the menu. Click the Users tab.
11.        Click Import Users.
12.        Right-click the field labeled Import Users Info. Select Paste. This copies the contents of the file called list.txt into this space.
13.        When importing users, you can specify each user's quota value as small,
medium, or large by using the following syntax:    

username[,user2,user3(...)]:password:full_name:quota.
14.        Click Save Changes. The Import Users screen is displayed.
15.        Click Save Changes.

For more information on quota values, see Disk quotas.

Because Windows uses a one-way hash algorithm for storage of passwords, the passwords are not easily recovered. The administrator needs to create new passwords for each imported user from the Modify User screen.

You can only import either a block of pwdump2-generated data or a block of spreadsheet-generated data at one time. If you need to import both, import each type separately.

Modifying user email settings
1.        Click Users from the left-side menu of WebConfig.
Click the Users tab. The main User Setup screen is displayed.
2.        Click the appropriate user's edit action button. The Modify User screen is displayed.
3.        Click User Email Settings located at the bottom of the screen.

The following fields are displayed on the user email page:

• Ret rieve Mail from POP Server:  
  
• Used to pull POP mail from one account from a mail provider or a third party POP mail provider, for example, Yahoo/Hotmail.
• Configure by entering the full server name used to pull mail down from your ISP, for example, pop1.isp_server.com.

• Remote POP Username:    
  
• Enter the appropriate account credentials for the mail service you are retrieving from.

• Remote POP Password:    
  
• Enter the password for the POP account.

• Re-enter POP Password:    
  
• Re-enter the password for the POP account to ensure that it was typed correctly.

For more information about the following Spam related fields, see Spam scanner.

Team accounts

Creating teams

Follow these steps to create teams:
1.        Select Users from left-side menu of WebConfig. Click the Teams tab. The main User Setup screen is displayed.
2.        Click Add Team. The Create New Team screen is displayed.  

Figure 15. Creating a team in the WebConfig console

3.        Enter a team ID.  

• This ID serves as the name of the team's shared directory and as the team's FTP login name, which gives team members FTP access to the shared directory and the WWW directory. Team IDs cannot contain spaces or any punctuation other than hyphens, periods, or underscores.

4.        Enter a descriptive name for the team in the Full Name field. This descriptive name must be unique.
5.        Enter a login password for the team. Team passwords should be unique.
6.        Re-enter the password to ensure it was entered correctly. If the passwords do not match, you are asked to re-enter the password in both fields.
7.        Select a preferred language.
8.        Indicate whether or not the team has FTP access to the team directory. 

• The FTP file service has to be enabled before the team can have FTP access. If FTP is enabled in Trusted Hosts Only mode, the team can access files from the internal network or from a VPN. If FTP is enabled in open mode, the team can access files using FTP from anywhere on the Internet.

9.        Indicate whether or not team members are allowed to establish a remote VPN (PPTP) or dial-in modem connection to the internal network. For security reasons, most teams should not be able to establish a remote connection. 

• VPN services and dial-in services have to be enabled before a team member can establish a VPN or dial-in connection. See Remote access services for more information.

10.        Select the team type to create this team as:  

• Normal Team
• Room
• Resource

Teams created as a room or a resource can be reserved by users using Lotus Notes.
11.        If you chose to create the team as a room, select the capacity of the room referred to.
12.        Select a quota value for this team.  For more information, see Disk quotas.
13.        Enter any nicknames required by thi s team. Emails sent to any of these nicknames are delivered to the team.
14.        Under Team Members, select the user(s) from the Users list who are a part of this team. Click Add. The user(s) is displayed in the Team Members box.  

• Team membership gives users full access to the team's shared directory.
• If one of the members is a team, when it is added to the Team Members list it has (# members) listed after it. That team's members have inherited team membership.

15.        Click Save Changes. This returns you to the main User Setup page, and the team is displayed in the list of previously created teams.

Editing Teams

Follow these steps to edit teams:
1.        On the User Setup screen, click the Teams tab. Click the appropriate team's edit icon  .
2.        The Modify Team screen is displayed.  
Note:
While running Lotus Foundations Start, the team name and the team type are not modifiable. If you created a team as a room you cannot convert it to a resource, but you can modify the capacity of the room. Similarly if you created a team as a normal team or a resource, you cannot convert it to another team type.
3.        Change team information as necessary. Refer to the previous section,  Creating teams for a description of the fields on this screen.
4.        Click Save Changes.

Testing email

When modifying a team, click Send on the Test Email row to send a test email to the team.

Deleting teams
Note:
Deleting a team means that the team's shared network directory and all of the files contained within the directory are deleted. Once this is done, none of the above can be recovered unless you restore the data from a previous backup.

Follow these steps to delete teams:
1.        On the main User Setup screen, click the Teams tab. Click the appropriate team's delete icon  .
2.        In the confirmation dialog that displays, click OK.

Searching for teams

The User Setup screen restricts the number of entries that are displayed by default. If there are a large number of teams, only the first 10 teams are displayed in the User Setup section. At the bottom of the section there are links to a series of teams. For example, if you have 43 teams, the screen displays: [show all] [a - o] [p - y]. Clicking on the [p - y] link displays all teams with team names beginning P through Y. To help administrators to easily locate teams' records, there is a Team Search field at the top of the User Setup screen. To search for a team, type in that team's ID (or portion thereof) and click Search.

Password policy

The password policy feature helps an administrator to set restrictions on the format of passwords chosen by users. For example, the administrator can specify that uppercase and lowercase letters must be i ncluded in the password and/or that passwords must be of a particular minimum length.

Creating a password policy

Follow these steps to create a password policy:
1.        Select Users from the left-side menu of WebConfig.
2.        Click the Password Policy tab.
3.        Choose whether or not to enforce the password policy on passwords set by administrators.  

• The password policy settings are always enforced for passwords chosen by users. If this option is enabled, the password policy settings are also enforced for passwords chosen by administrators, including their own passwords.

4.        Select which password policy criteria should be enforced by checking the appropriate boxes.  

• The "Passwords must contain letters" and "Passwords must contain both uppercase and lowercase letters" rules are tied to each other. Therefore, enabling the latter settings automatically enables the former.

5.        If you want to enforce a minimum password length, enter the number of characters in the Password minimum length text box. Use 0 for no minimum.
6.        Click Save Changes.

Illegal passwords

When a password that does not conform to the policy as specified by the administrator is entered for a user, that user receives an email notifying them that they need to change their password to one that conforms to the policy. The email also includes instructions on how to perform this password change.

If a user changes their password in their personal WebConfig to one that does not meet the policy criteria, they get a pop-up error message.

An error message is also displayed in WebConfig's Notices box telling them that their password was not changed.

If the "Enforce password policy on passwords set by admins" option is set to No, Administrators are able to change a user's password to one that does not meet the policy criteria. This helps administrators to set an easy-to-remember temporary password for a new user, until that user can set his or her own password.

The administrator receives a warning message in WebConfig's Notices box informing him or her that the password does not meet the policy criteria, but that the password has been changed.

If a user is already set up and the administrator creates or changes a password policy, that user's password is valid - even if it does not meet the policy criteria - until the next time he or she logs onto WebConfig.

Return to the Table of Contents for the Lotus Foundations Start V1.1 Administration Guide.