Novell iManager 2.5 Administration Guide

Category
Development software
Type
Administration Guide
Novell
www.novell.com
novdocx (ENU) 01 February 2006
Novell iManager 2.5 Administration Guide
iManager
2.5
March 15, 2006
ADMINISTRATION GUIDE
novdocx (ENU) 01 February 2006
Legal Notices
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and
specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose.
Further, Novell, Inc. , reserves the right to revise this publication and to make changes to its content, at any time,
without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims
any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc.
reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to
notify any person or entity of such changes.
You may not use, export, or re-export this product in violation of any applicable laws or regulations including,
without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2004-2005 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied,
stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this
document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S.
patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent
applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the online documentation for this and other Novell products, and to get
updates, see www.novell.com/documentation.
novdocx (ENU) 01 February 2006
Novell Trademarks
ConsoleOne is a registered trademark of Novell, Inc. , in the United States and other countries.
DirXML is a registered trademark of Novell, Inc. , in the United States and other countries.
eDirectory is a trademark of Novell, Inc.
exteNd is a trademark of Novell, Inc.
exteNd Director is a trademark of Novell, Inc.
NetWare is a registered trademark of Novell, Inc. , in the United States and other countries.
NMAS is a trademark of Novell, Inc.
Novell is a registered trademark of Novell, Inc. , in the United States and other countries.
Novell Directory Services and NDS are registered trademarks of Novell, Inc. in the United States and other countries.
Nterprise is a trademark of Novell, Inc.
SUSE is a registered trademark of SUSE LINUX AG, a Novell company.
Novell Distributed Print Services is a tradement of Novell, Inc. , in the United States and other countries.
NDPS is a registered trademark of Novell, Inc. , in the United States and other countries.
Nsure is a registered trademark of Novell, Inc. , in the United States and other countries.
Novell Certificate Server is a trademark of Novell, Inc. , in the United States and other countries.
Third-Party Materials
All third-party trademarks are the property of their respective owners.
novdocx (ENU) 01 February 2006
novdocx (ENU) 01 February 2006
5
About This Guide
This guide describes how to administer Novell
®
iManager 2.5. It is intended for network
administrators and contains the following sections:
Chapter 1, “Overview,” on page 7
Chapter 2, “Accessing iManager,” on page 9
Chapter 3, “Navigating the iManager Interface,” on page 13
Chapter 4, “Roles and Tasks,” on page 17
Chapter 5, “Configuring for iManager Auditing,” on page 37
Chapter 6, “Configuring and Customizing iManager,” on page 39
Chapter 7, “Preferences,” on page 57
Chapter 8, “Troubleshooting,” on page 59
Chapter 9, “Best Practices and Common Questions,” on page 65
Additional Documentation
Documentation for all Novell software products is available at www.novell.com/documentation
(http://www.novell.com/documentation).
For documentation on installing and using NetWare
®
, see the Novell NetWare documentation Web
site (http://www.novell.com/documentation/NetWare.html).
For documentation on installing and running eDirectory
TM
, see the Novell eDirectory documentation
Web site (http://www.novell.com/documentation/eDirectory.html).
For additional information on current iManager 2.5 issues, please see TID #10097429, Novell
iManager 2.5 Readme Addendum (http://support.novell.com/cgi-bin/search/searchtid.cgi?/
10097429.htm).
For support documentation, see http://support.novell.com (http://support.novell.com).
For other documentation resources, see Section 1.2, “Additional Resources,” on page 7.
Documentation Updates
For the latest iManager documentation, see the Novell documentation Web site (http://
www.novell.com/documentation).
Documentation Conventions
In this documentation, a greater-than symbol (>) is used to separate actions within a step and items
within a cross-reference path.
A trademark symbol (
®
,
TM
, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party
trademark.
6 Novell iManager 2.5 Administration Guide
novdocx (ENU) 01 February 2006
When a single pathname can be written with a backslash for some platforms or a forward slash for
other platforms, the pathname is presented with a backslash. Users of platforms that require a
forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.
Overview
1
novdocx (ENU) 01 February 2006
7
1
Overview
Novell
®
iManager is a Web-based administration console that provides secure, customized access to
network administration utilities and content from virtually anywhere you have access to the Internet
and a Web browser.
iManager provides the following:
Single point of administration for Novell eDirectory
TM
objects, schema, partitions and replicas
Single point of administration for many other network resources
Management of many other Novell products using iManager plug-ins
Role-Based Services (RBS) for delegated administration
1.1 What's New in Version 2.5
Novell iManager 2.5 contains the following new features:
Improved installation programs
Enhanced group management capabilities
Backward compatibility with most iManager 2.0.x plug-ins
Enhanced Role-Based Services (RBS) management and reporting
Improved interface customization options
Mobile iManager software, which allows you to run iManager locally on a Linux* or
Microsoft* Windows* workstation
1.2 Additional Resources
For more information on topics relevant to Novell iManager, refer to the following Web sites:
Apache HTTP server (http://httpd.apache.org)
Tomcat servlet container (http://jakarta.apache.org/tomcat)
Java* Web site (http://java.sun.com)
Microsoft Windows Web Services (http://www.microsoft.com/technet/treeview/
default.asp?url=/technet/prodtechnol/iis/default.asp)
Novell eDirectory product home page (http://www.novell.com/products/edirectory)
Novell eDirectory product documentation (http://www.novell.com/documentation/
eDirectory.html)
Novell eDirectory Cool Solutions community (http://www.novell.com/coolsolutions/nds)
8 Novell iManager 2.5 Administration Guide
novdocx (ENU) 01 February 2006
Accessing iManager
2
novdocx (ENU) 01 February 2006
9
2
Accessing iManager
Novell
®
iManager is accessed via a Web browser. This section includes the following topics:
Section 2.1, “Using a Supported Web Browser,” on page 9
Section 2.2, “Accessing iManager,” on page 9
Section 2.3, “Accessing iManager with a Screen Reader and Other Accessibility Options,” on
page 10
Section 2.4, “Access Modes,” on page 10
Section 2.5, “Authenticating,” on page 11
Section 2.6, “iManager Session Timeouts,” on page 11
2.1 Using a Supported Web Browser
For iManager access and complete use of all its features, you must use a computer running one of
the following Web browsers:
Microsoft Internet Explorer 6.0 SP1
Mozilla* 1.7
Mozilla Firefox* 1.0
IMPORTANT: Although you might be able to access iManager via a Web browser not listed, we do
not guarantee or support full functionality with any browser other than those listed above.
2.2 Accessing iManager
To access Novell iManager:
1 Enter the following in the address (URL) field from a supported Web browser:
http://server_IP_address/nps/iManager.html
For example:
http://127.0.0.1/nps/iManager.html
NOTE: You might be redirected to an https secure page, depending on your platform.
2 Log in using your username and password.
You will have access only to those features you have rights to. To have full access to all Novell
iManager features, you must log in as Supervisor of the tree.
10 Novell iManager 2.5 Administration Guide
novdocx (ENU) 01 February 2006
2.3 Accessing iManager with a Screen Reader
and Other Accessibility Options
iManager includes a simple display that can be effectively used with screen readers in Internet
Explorer on a Windows* platform (client side).
1 Enter the following in the Address (URL) field of a supported Web browser:
http://server_IP_address/nps/Simple.html
For example:
http://127.0.0.1/nps/Simple.html
2 Log in using your username, context, password, and eDirectory
TM
tree name.
You will have access only to those features you have rights to. To have full access to all Novell
iManager features, you must log in as Supervisor of the tree.
Complete accessibility statements are available on the Novell Web site (http://www.novell.com/
accessibility).
2.4 Access Modes
When you start iManager, you are granted an access mode based on the rights you've been assigned.
iManager has three access modes. The mode you are in is displayed in the upper left corner of the
iManager interface.
Unrestricted Access
This is the default mode before RBS is configured. It displays all of the roles and tasks
installed. Although all roles and tasks are visible, the authenticated user still needs the
necessary rights to use the tasks.
There is a setting that you can add to the config.xml file in <tomcat
location>\webapps\nps\WEB-INF which forces Unrestricted Access, even if Role Based
Services is installed. Add the following setting to config.xml and restart Tomcat:
<setting>
<normal><![CDATA[RBS.forceUnrestricted]]></name>
<value><![CDATA[true]]></value>
</setting>
Assigned Access
Displays only the roles and tasks assigned to the authenticated user. This mode takes full
advantage of the Role-Based Services technology.
Collection Owner
Displays all of the roles and tasks installed in the collection. It allows you to use all of the roles
and tasks in the collection, even if specific rights have not been assigned. Role-Based Services
must be installed in order to use this mode.
NOTE: The collection owner sees all roles and tasks, regardless of role membership.
Accessing iManager 11
novdocx (ENU) 01 February 2006
2.5 Authenticating
If eDirectory is installed and running on another port besides the default port 524, you can use the IP
address or DNS name of the eDirectory server to log in if you also specify the port. If you use the
tree name to log in, you do not have to specify a port. (Example: 127.0.0.1: 1080)
2.5.1 The Tree Name Field
Possible values for the tree name field are: Tree name, Server IP Address, and Server DNS name.
2.5.2 Single Sign-on
Single Sign-on functionality (including Forward authentication, OLAC, and Form Fill) is not
compatible with iManager 2.5. iManager 2.5 requires a username, password, and tree name for
login, so Single Sign-on using Forward authentication or OLAC will not work. Form Fill also fails
because the Exit button in the iManager toolbar directs you back to the initial login form. When
FormFill is active, you are simply logged back in to iManager.
2.5.3 Logging into a Server without a Replica
You can log in to a server without a replica if you have previously logged in to the tree using the tree
name, or if you have logged in to the tree using a server that contains a replica.
2.5.4 Unsuccessful Authentication
Login failures occur for a variety of reasons. Authentication Error Messages are addressed in the
Troubleshooting chapter.
2.6 iManager Session Timeouts
iManager session timeouts are controlled by a timeout setting in the web.xml file located in
webapps/nps/WEB-INF/. Remove the comment tags to change the timeout from the default of 30
minutes.
<session-config>
<session-timeout>10</session-timeout>
</session-config>
12 Novell iManager 2.5 Administration Guide
novdocx (ENU) 01 February 2006
Navigating the iManager Interface
3
novdocx (ENU) 01 February 2006
13
3
Navigating the iManager Interface
This section describes how to navigate through the Novell
®
iManager 2.5 interface.
Section 3.1, “iManager Interface,” on page 13
Section 3.2, “Special Characters,” on page 14
Section 3.3, “Using the Object Selector,” on page 15
Section 3.4, “Enable Pop-ups,” on page 15
3.1 iManager Interface
Use only the buttons within the interface when you are navigating in iManager. The Web browser's
toolbar buttons (Back, Next, etc.) are not supported.
Figure 3-1 By default, the iManager Interface displays Roles and Tasks
3.1.1 Views
iManager 2.5 has several views that you access using the icons at the top of the iManager interface:
Roles and Tasks: contains all the tasks you are authorized to perform
View Objects: contains browsing and searching functionality to find objects
Configure: contains Role-Based Services, iManager Server, Object Creation List, Module
Installation, E-mail Notification, and Views, all of which you can configure as you want
14 Novell iManager 2.5 Administration Guide
novdocx (ENU) 01 February 2006
Favorites: displays your most frequent tasks, selected from the Preferences > Favorites page
Preferences: Set your preferences according to your most frequent tasks, how the Object
Selector displays, how your Object View displays, what view appears after logging in to
iManager, and what language iManager displays in.
Help: Applicable information related to the page you are on appears when you select this
icon
Roles and Tasks is the default view. For information on how to change the default view, see Chapter
6, “Configuring and Customizing iManager,” on page 39.
3.1.2 Contents Panel
The Contents Panel displays a navigation pane. Its contents vary, depending on which view you
have selected.
New in iManager 2.5 is the Category selector, which provides groups of roles and tasks specific to a
particular function. Categories include the following:
•All Categories
Authentication & Passwords
Collaboration
Directory
File Management
Identity Manager
Infrastructure
•Install & Upgrade
•Network
•Nsure Audit
•Printing
Security
•Servers
Software Licenses & Network Usage
Users and Groups
Tasks under categories are listed in order of probable use.
3.2 Special Characters
In iManager, some characters have special significance and must be escaped with the backslash (\)
character:
NDAP (NDS):
•period (.)
•equal sign (=)
•plus (+)
Navigating the iManager Interface 15
novdocx (ENU) 01 February 2006
backslash (\)
LDAP:
DNs:, = + \ @; < >
Leading #
Leading or trailing spaces
For LDAP, any character can be specified with \xx. See RFC 2253 (http://www.faqs.org/rfcs/
rfc2253.html) for more information.
3.3 Using the Object Selector
Follow these guidelines when using the iManager search feature, Object Selector:
1. In dotted NDS
®
names, you must escape the following characters with a backslash (\):
•period (.)
equal (=)
•plus (+)
backslash (\)
2. You don't need escape characters in most values, but you do need them when the name is a
Distinguished Name or R Distinguied Name.
3. In a search filter, you must escape these characters with a backslash:
•asterisk (*)
backslash (\)
For example:
To search for all objects containing a period, the search filter = *.*
To search for all objects containing a plus the search filter = *+*
However, to search for all objects containing a backslash, the search filter = *\\*
3.4 Enable Pop-ups
For some iManager wizards and help to work, you must enable pop-up windows in your Web
browser while working in iManager. If you use an application that blocks pop-up windows, you
must disable the blocking feature while working in iManager or allow pop-ups from the iManager
host.
16 Novell iManager 2.5 Administration Guide
novdocx (ENU) 01 February 2006
Roles and Tasks
4
novdocx (ENU) 01 February 2006
17
4
Roles and Tasks
The Roles and Tasks icon displays all of the roles and tasks that you have set up; some are part of
iManager and others are plug-ins. This chapter describes only those roles and tasks that are intrinsic
to iManager.
Section 4.1, “eDirectory Administration,” on page 17
Section 4.3, “Groups,” on page 21
Section 4.4, “Help Desk,” on page 23
Section 4.5, “Partitions and Replicas,” on page 24
Section 4.6, “Passwords,” on page 28
Section 4.7, “Rights,” on page 31
Section 4.8, “Schema,” on page 32
Section 4.9, “Users,” on page 35
4.1 eDirectory Administration
eDirectory
TM
administration involves the management of objects in your directory tree. You can
create, edit, and organize objects. You can also set up user accounts and assign rights, grant
equivalence, and block inheritance. When you configure Role-Based Services, you can define
administrator roles for specific administrative applications through the Role-Based Services object.
4.1.1 Copy Object
You can either create a new object with the same attribute values as an existing object, or copy
attribute values from one object to another.
1 In Roles and Tasks, select eDirectory Administration > Copy Object.
2 In the Object to Copy From field, type the name and context of the object or use the search
feature to find it.
3 Select one of the following options:
Create New Object and Copy Attribute Values
Copy Attribute Values to an Existing Object
4 Select the Copy ACL Rights check box if you want to copy access control list rights to this
object. This step might take additional processing time, depending on your system and
networking environment.
4.1.2 Create Object
1 In Roles and Tasks, select eDirectory Administration > Create Object.
2 Select the object class from the list that appears and click OK.
18 Novell iManager 2.5 Administration Guide
novdocx (ENU) 01 February 2006
3 Enter the requested information that appears according to the object class you selected, and
click OK.
4 A confirmation message appears: “The Create Object request succeeded.” Click OK, Repeat
Task, or Modify.
4.1.3 Delete Object
1 In Roles and Tasks, select eDirectory Administration > Delete Object.
2 Type the name and context of the object, or use the search feature to find it, and click OK.
3 A confirmation message appears: The Delete Object request succeeded.
4.1.4 Modify Object
1 In Roles and Tasks, select eDirectory Administration > Modify Object.
2 Type the name and context of the object, or use the search feature to find it, and click OK. The
Modify Objects screen appears, displaying a set of tabs which are specific to the object you
selected. Tabs and their features are described below this task.
3 Complete the modification based on the tabs you select and click OK.
General
The General tab displays the Identification page.
1 Complete the form with the following information:
Other Name
Owner
Location
Department
Organization
Description
Modify your description using the add, delete, and edit features.
2 Click OK.
The See Also page displays the search feature (Object Selector) to help you locate the object to
modify.
The Other page displays the Valued Attributes and Unvalued Attributes list boxes. You can move,
edit, or delete attributes for the object.
Security
The Security tab displays one or both of the following options, according to the object selected. The
following attributes are used in rights calculation for eDirectory.
Security Equal To Me
This attribute specifies other objects that are security equivalent to this object.
Security Equal To
Roles and Tasks 19
novdocx (ENU) 01 February 2006
This attribute specifies objects that this object is security equivalent to.
Restrictions
Use the Limit Grace Login option to force users to change their passwords after a number of logins
using an expired password.
Set the maximum number of concurrent connections a user is allowed.
Dynamic
Use the Member Query page to specify the search criteria when looking for members of a Dynamic
Group object.
1 Select the Dynamic Group check box to make a static group dynamic.
After a static group becomes dynamic, it can be converted back to static status by clearing the
Dynamic Group check box.
2 Complete the Start Search at (Base dn) text box with the location that you are searching from.
3 Specify the search scope. If you do not specify, the base scope is assumed.
Search Base DN, searches only the base object.
Search One Level, searches the direct subordinates of the base object, but the base object
itself is not searched.
Search Sub Containers, searches the base object and all objects in the subtree below it.
4 Choose whether the search for Dynamic Members should involve multiple servers or only the
server containing the Dynamic Group object.
Yes, the server communicates with other servers while searching for Dynamic Members.
No, the search for Dynamic Members returns only local results.
5 Use the two Search Filter icons to refine the search and manually edit the string if you know the
syntax.
6 Click Apply to update the Query Results.
Use the Settings page to establish an identity object and other object-related search parameters.
1 Select the Identity Object. This is the object that the LDAP server uses to log in to the tree as, to
query.
2 Leave the Time Out blank unless you give iManager a reasonable amount of time to load the
objects it finds.
If you do not allow enough time for iManager to load and it times out, the object becomes
unusable. You must delete the object and start over.
3 Select Allow Duplicates to reduce the load on the server while listing dynamic group members.
Unless you fully understand the implications of this feature, leave it unchecked.
4 Leave Allow Unknowns unselected unless you fully understand the implications of this feature.
Allow Unknowns determines the inclusion or exclusion of members in the dynamic group
when the membership cannot be correctly determined.
20 Novell iManager 2.5 Administration Guide
novdocx (ENU) 01 February 2006
RPM
This configuration task applies only to NDPS
®
printers. iPrint printers are not affected.
1 Select Do Not Update Workstations if Remote Printer Management is disabled and printers are
not installed or removed from workstations.
2 Select Allow Only Specified Printers to Reside on Workstations to allow only the printers
specified in Remote Printer Management.
All other NDPS printers on the workstation are removed. This does not remove any iPrint
printers.
3 Select Show the Results Window on Workstations to display a window on the workstation that
shows the printers that were installed and removed.
4 Select the printers to install.
5 Set a default printer.
6 Indicate printers to be removed, if, any, and click OK, or Apply.
4.1.5 Move Object
1 In Roles and Tasks, select eDirectory Administration > Move Object.
2 Type the name and context of the object, or use the search feature (Object Selector) to find it,
and click OK.
3 In the Move To field, select the container you want to move the object to.
4 Select Create an Alias in Place of Moved Object if you want to create an alias in an old location
for each object being moved.
5 Click OK. A confirmation message appears: The Move Object request succeeded.
4.1.6 Rename Object
1 In Roles and Tasks, select eDirectory Administration > Rename Object.
2 Type the name and context of the object, or use the search feature to find it.
3 Type only the name of the new object; do not include a context.
4 Select to save the old name if you want to save it.
This saves the old name as an additional unofficial value of the Name property. Saving the old
name lets users search for the object based on that name. After renaming the object, you can
view the old name in the Other Name field on the General Identification tab for that object.
5 Select Create an Alias in Place of Renamed Object if you want to create an alias for the object
being named.
This allows any operations that are dependent on the old object name to continue uninterrupted
until you can update those operations to reflect the new name.
6 Click OK. A confirmation message appears: The Rename Object request
succeeded.
4.2 eDirectory Maintenance
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69

Novell iManager 2.5 Administration Guide

Category
Development software
Type
Administration Guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI