Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 54

Hide thumbs Also See for ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010:

Manual (374 pages)

User manual (58 pages)

Manual (30 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

Table of Contents

9 To enable the role so that it can be used in Authorization and Identity Injection policies, click

Devices > Identity Servers > Edit > Roles.

10 Select the check box next to the name of the role, then click Enable.

11 Click OK.

12 Update the Identity Server.

13 (Optional) Verify the name used for the role and the user assigned to it:

13a Enable logging by clicking Devices > Identity Servers > Edit > Logging, then set the

following values:

File Logging: Select Enabled.

Echo To Console: Select this option to enable it.

Application: In the Component File Logger Levels section, set to info.

13b Click OK, then update the Identity Server.

13c Log in to the Identity Server by using the credentials of a user who belongs the LDAP

group.

13d View the log file for the Identity Server by clicking Auditing > General Logging

13e Select the file (for Windows, select the

catalina.out

13f Look for two log entries (<amLogEntry>) similar to the following:

<amLogEntry> 2009-10-09T21:58:55Z INFO NIDS Application: AM#500199050:

AMDEVICEID#CA50FD51DB1EEE3E:

AMAUTHID#213E610199A14CEAF27395A6B35F3162:

IDP RolesPep.evaluate(), policy trace:

ou=ContentPublisherContainer,ou=Partition,ou=PartitionsContainer,

ou=VCDN_Root,ou=accessManagerContainer,o=novell:romaContentCollection

XMLDoc),Policy=(LDAP_Group),Rule=(1::RuleID_1223587171711),Action=

(AddSelectedRole::ActionID_1223588319336)~~~~Success(0)

<amLogEntry> 2009-10-09T21:58:55Z INFO NIDS Application: AM#500105013:

AMDEVICEID#CA50FD51DB1EEE3E:

AMAUTHID#213E610199A14CEAF27395A6B35F3162:

Authenticated user cn=jwilson,o=novell in User Store Internal with

roles

"cn=Doc,o=novell","authenticated".

</amLogEntry>

The first <amLogEntry> entry indicates that the action in the LDAP_Group policy was

successfully assigned.

The second entry gives the DN of the user and lists the roles assigned to the user:

cn=Doc,o=novell and authenticated.

Novell Access Manager 3.1 SP2 Policy Guide

file), then click Download.

~~RL~1~~~~Rule Count: 1~~Success(67)

~~RU~RuleID_1223587171711~LDAP_Group~DNF~~0:1~~Success(67)

~~PA~ActionID_1223588319336~~AddSelectedRoles~cn=Doc~~~Success(0)

~~PA~ActionID_1223588319336~~AddSelectedRoles~o=novell~~~Success(0)

~~PC~ActionID_1223588319336~~Document=(ou=xpemlPEP,ou=mastercdn,

</amLogEntry>

file; for Linux, select the

stdout.log

Table of Contents

Chapters

Table of Contents

Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 54

Chapters

Troubleshooting

Related Products for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 54

Chapters

Troubleshooting

Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Related Products for Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010

Table of Contents