Skip navigation FileNet logo
Glossary  |  Help Directory  
  Help for Process Engine Administration
  Search  |  Index
Process Reference  
Process Engine Administration
Workflow administration tasks
System administration tasks
  Configuring the Process Engine
  Configuring users and groups (Workplace)
    Defining users and groups
    Changing the fnsw password
  Configuring users and groups (Open Client/FileNet Web Services Client)
  Configuring optional features
  Running the Process Engine
  Improving system performance
  Troubleshooting
   

Defining users and groups (Workplace)

Process Engine supports two directory service products, Sun ONE and Microsoft Active Directory. These directory services provide a naming scheme that enable administrators to organize and manage users and groups in a networked system. The directory service also provides user authentication. Use Process Task Manager to configure the directory service for Process Engine; see Configuring the LDAP connection for detailed instructions.

NOTE For Process Engine, the fully qualified user or group name must not exceed 180 characters. On systems that use Active Directory the fully qualified user or group name (the principal name) consists of both a prefix and a suffix, for example, jsmith@sales.westcoast.mycompany.com. On systems that use Sun ONE, the fully qualified user or group name consists of the distinguished name, for example, uid=jsmith, ou=Region1, dc=mycompany, dc=com.

Following are additional directory service considerations for Process Engine:

  • Supported Group Types
    • Sun ONE: static
    • Active Directory: domain local, domain global, universal
  • Nested Groups
    Supported on both Sun ONE and Active Directory
  • Short name logons
    For Sun ONE systems, the user short name (uid or cn) and groups (cn) must be unique within the base distinguished name (DN) set for the Process Engine. If there are duplicate user short names, those users will be unable to log on to Process Engine. If a work item is sent to a duplicate user or group, an error is written to the system log indicating that multiple records were found for the same name. Depending upon the user or group status in Process Engine, the work item either is sent to the Conductor queue or to the Inbox of the user or expanded group member list.
  • Full domain name logons
    Not supported on Process Engine
  • Anonymous logons
    Not allowed
  • Blank passwords
    Not allowed