www.corendal.com
 
Search this site

Documentation‎ > ‎

Corendal Directory Frequently Asked Questions

See also: Frequently Asked Questions common to all applications.

 
Users can only be able to edit their "fax number" and "home phone number". Is there any provision to change other fields such as Department, Office and Company ?
 
There are several levels of editing privileges. If you grant a user the Administrator role, this user can edit all attributes. Use the Admin > Accounts and Groups Monitor screen to grant access rights. There are several other fine-grained roles defined, such as Limited Account Editor and General Account Editor. The file roles.xml defines all roles.
 
For office and room numbers, there is a role Active Directory Room Administrator already defined.
 
If you want to grant all users access to other fields without assigning roles already defined, you'll need to modify the code. The class to modify is AbstractActiveDirectoryAccountEntryBlock.java. Fields that can't be edited are disabled using the setPrintOnly method.
 
 
Does Corendal Directory work with Windows Server 2008 ?
 
Yes
 
I get java.security.AccessControlException: access denied (java.security.SecurityPermission insertProvider.SunJSSE) when I start the application server.
 
You need to add a permission line to your Apache Tomcat conf/catalina.policy file.
 
grant {
...
permission java.security.SecurityPermission "insertProvider.SunJSSE";
...
};

This problem has been reported with Ubuntu distributions only.

Corendal Directory doesn't detect when accounts are locked.

Verify the value you put in the applications.xml file:

   <property
                name="framework.core.activedirectoryaccountlockout.duration">
                0
            </property>

framework.core.activedirectoryaccountlockout.duration indicates the number of minutes an account is locked after too many incorrect login attempts.

Also, make sure that your Active Directory domain controller and the application server hosting Corendal Directory are synchronized. The time on your domain controller and the time on your application server must be the same: your domain controller and your application server don't need to be in the same time zone, but their UTC+0 time must be identical.

The current time on the application server is displayed at the bottom of each page generated by Corendal Directory. 

The Exchange and Communicator attributes that are populated when a user is created do not reflect the login and email address of the new account. What is wrong ?

Check the login and email address values that are embedded in the Exchange and Communicator attributes of your template account. These values must match the login and email address of that template account. They must be in lowercase or uppercase, do not use mixed case.

How can I change the rules used to assign a login and email address to new accounts ?

You'll need to customize the AbstractAccountPickManager class in the com.corendal.netapps.framework.core.managers. The two methods to customize are getLoginPick and getEmailAddressPick.

Does Corendal Directory offer auto
provisioning/de-provisioning of objects such as Identity Lifecycle Management
streams ?

Corendal Directory does have features that belong to the identify life
cycle sphere:

 
 1/ a "Personnel File Import" scren allows the reconciliation of
account and HR data, including the automatic discovery of new accounts. 

 2/ an "Account File import wizard" screen allow mass updates of many
account attributes, through three simple export to Excel/edit in Excel/
import back into AD steps.

 3/ all updates are logged, with the type of update, date, IP address
and login of the person performing the update. These logs are
accessible from the Admin > Entry Logs menu.The person performing a
mass update through the "Personnel File Import" or "Account File
import wizard" screens also receives a log of each modification made
through that import, with "before" and "after" values specified.

4/ modifications that have a security impact (create an account,
disable an account, unlock an account, remove an account, change an
email address, modify group memberships, etc) can also be logged in
the form of emails sent to the recipient of your choice, such as an
archived mailing list for external auditing purposes.

 

Does Corendal Directory also manage Computers in Active Directory ?

No. This feature has been requested by a few people, but is not included yet. There is no immediate plan to add this feature at this time. You are welcome to communicate your requirements regarding the management of computers as I have little knowledge of the standard needs for that feature.