User Management

  • General Information
  • User Roles and Rights
  • User Accounts
  • User Details Dialog
  • LDAP Authentication


    • General Information

    With the boom integrated User Management you can manage your user accounts. User accounts let you control who can access the boom Console. You can create accounts that allow full access to the Open Manager or accounts that allow only access to certain areas. The boom User Management comes with the default "Administrator" role and the default "admin" user. The "Administrator" role has full rights and cannot be changed or deleted! Also the "admin" user cannot be deleted or moved to another role. The boom User Management is divided into two sections, the left section shows a list of all existing user roles with the user accounts assigned to them. The right area displays all the rights that belong to the selected user role.


    user management view



    User Roles and Rights

    User accounts are assigned to user roles. User roles define all rights a user have.

    If you select a user role in the User Management View , you will get two groups of access rights which are assigned to a single user role. "General Rights" specify a list of all boom Workbench areas which can be restricted by user rights. "Action Rights" define the access rights to the boom Actions Groups.

    There are three possible access rights:
    Disabled = no access
    Guest = read only access
    Owner = full access

    Please note: The access rights of the "Administrator" Role cannot be changed!


    Right-click on a User Role will open the role context menu:

    user role context menu      Add User Role: Adds a new user role.

    Rename User Role: The rename action is disabled for the "Administrator" Role. All other user roles can be renamed. This "Administrator" role is not editable at all!

    Delete User Role: The delete action is disabled for the "Administrator" Role. All other user roles can be deleted. This "Administrator" role is not editable at all!

    Add User: A new user can be added to any user role. This action opens the User Detail Dialog where all user information can be specified.



    User Accounts

    A user account has to be created for every user who wants to login to the boom Workbench. Once an User Account has been created, you can move the user by drag & drop to a different user role.

    Right-click on a single User will open the user context menu:

    user context menu      Add User Role: Adds a new user role.

    Add User: Adds a new user account. This action opens the User Detail Dialog where all user information can be specified.

    Edit User: All user specific information can be specified in the User Details Dialog.

    Delete User: Deleting a user removes him completely from the system.

    Disable User: Disabling a user prevents the user from logging in to the boom Workbench. You would typically do this when a user leaves your organisation.

    Send a message: Allows you to send a message to a selected user.

    Kill UI Session: Allows you to logoff any signed on user from the user interface.
    user context menu      Enable User: This will enable an user account.

    Color coding of users: online vs. offline, boom user vs. LDAP user

    Note: For details on LDAP users and how to set up LDAP authentication please refer to the LDAP Authentication section.

    Logged on users are depicted with a green bar beneath the corresponding user icon, while the offline users have none. Refresh the corresponding top folder in the user management tab to see changes, who is logged on.

    Native boom users (configured in the boom database) are depicted by a blue user icon, while LDAP users are presented by a red user icon.

    Logged on boom user: boom user (online).

    Logged on LDAP user: LDAP user (online).

    Logged off boom user: boom user (offline).

    Logged off LDAP user: LDAP user (offline).



    User Details Dialog

    All user specific attributes are managed in the User Details Dialog. When adding a new user, all mandatory fields have to be specified. Once the user account has been save, the login name is the only information that cannot be changed any more.

    user details dialog



    Field Description:

    Login Name The login name is case insensitive and cannot be modified once the user has been created!
    Password Passwords are case sensitive! When creating a password you have to pay attention to:
  • upper case and lower case letters
  • passwords must not contain any blanks
  • avoid really short passwords
    		•
    Reset Password   It is not possible to readout a users password because the password is encrypted. Only an Administrator has the right to reset a password. The Administrator has to enter a new password which will overwrite the old one.
    Active Indicates if the user is active or if he has been disabled.
    Role Add the user to an existing user role.
    Last Name The Last Name of the user is mandatory, first name can be empty.
    First Name First Name of the user. This field is not mandatory and can be empty.
    eMail Email of the user. This field is not mandatory and can be empty.
    Phone Number Phone number of the user. Since this field is a text field, no special format needs to be considered. This field is not mandatory and can be empty.
    Pager If the user has a pager, you can enter the number here. Since this field is a text field, no special format needs to be considered. This field is not mandatory and can be empty.


    LDAP Authentication

    Users can be imported from a LDAP (or several) server(s) into boom. Initially, such imported users are per default disabled and placed in the LDAP role folder.

    With LDAP Authentication configured, during a login boom will forward authentication requests to the configured LDAP server(s) and if these fail will try to authenticate the user against native boom users stored in the database.

    Setting up LDAP Authentication

    LDAP Authentication in boom is easily set up by following the described steps.

  		• Create an LDAP configuration file ldap.conf on the boom server in the installation directory under the <boom_server_installdir>/srv/ldap/ folder. You can create several configuration files if you you are going to use several LDAP servers (e.g.: ldap1.conf, ldap2.conf). A simple LDAP configuration file has the following entries 
    LDAP_BASE=dc=company,dc=com
    LDAP_URL=ldap://ldapserver:389
    ENABLED=true
    Note: For a full list of parameters for the LDAP configuration file check the table below
  		• In the boom GUI edit the server action "LDAP Import Users"

    Import LDAP

    Adjust the Call field to your LDAP settings and save the changes, e.g.: 
    LDAP IMPORT LDAP_URL=ldap://ldapserver:389/ 
    LDAP_ADMIN_PASS=adminPassword LDAP_SEARCH_KEY=userprincipalname 
    LDAP_SEARCH_DC="dc=company,dc=com"
  		• Execute the previously adjusted "LDAP Import Users" server action to import the LDAP users in boom.
    The imported LDAP users will be located in the LDAP user role folder under the user management tab and will be disabled.
  		• Configure the imported LDAP users under the user management tab by selectively applying user roles (drag & drop to correspondent user role folder) and enabling the accounts.

    boom LDAP configuration file(s) location: 

    <boom_server_installdir>/srv/ldap/ldap.conf
    <boom_server_installdir>/srv/ldap/ldap1.conf
    <boom_server_installdir>/srv/ldap/ldap2.conf
    <boom_server_installdir>/srv/ldap/...
    LDAP configuration parameters:

    Parameter Default Description
    LDAP_URL - url of LDAP server, i.e. ldap://ldapserver:389
    LDAP_BASE - LDAP base dc's, i.e. dc=company,dc=com
    ENABLED - Valid values are: true|false. Enable or disable LDAP authentication.
    LDAP_USER_ATTR - Attribute in LDAP that contains username, i.e. uid (for linux).
    LDAP_AUTHENTICATION simple Authentication type.
    LDAP_FACTORY com.sun.jndi.ldap.LdapCtxFactory java LDAP Factory class.
    LDAP_EXPIRE - Session expiration time in minute, i.e. 60