Excluded Users; Security Equivalent User; Section 4.3, "Excluded Users; Section 4.4, "Security Equivalent User - Novell BUSINESS CONTINUITY CLUSTERING 1.1 SP1 - 9-21-2010 ADMINISTRATION GUIDE FOR OPEN ENTERPRISE SERVER 1 SP2 LINUX Administration Manual

4.3 Excluded Users

If certain users do not synchronize between clusters, it is possible that those users are included in the
excluded users list.
NOTE: The eDirectory
To see the excluded users list:
1 Start your Internet browser and enter the URL for iManager.
The URL is http://server_ip_address/nps/iManager.html. Replace server_ip_address with the
IP address or DNS name of the server that has iManager and the Identity Manager
preconfigured templates for iManager installed.
2 Specify your username and password, specify the tree where you want to log in, then click
Login.
3 In the left column, click DirXML, then click the DirXML Overview link.
DirXML is called Identity Manager in the latest releases.
4 Select Search Entire Tree, then click Search.
5 Select the user synchronization driver you want to check by clicking the blue User Sync icon.
This is not necessary for the cluster synchronization driver.
6 Click the blue icon again, then click the DirXML tab if it is not already selected.
7 Click Excluded Users, and view, add, or remove users as desired.

4.4 Security Equivalent User

If resources or peers don't appear in other clusters in your BCC, it is possible that either a cluster or
user synchronization driver is not security equivalent to a user with administrative rights to the
cluster.
NOTE: Rather than using the eDirectory Admin user to administer your BCC, you should consider
creating another user with sufficient rights to the appropriate contexts in your eDirectory tree to
manage your BCC.
The IDM Driver object must have sufficient rights to any object it reads or writes in the following
containers:

The Identity Manager driver set container.

The container where the Cluster object resides.

The container where the Server objects reside.
If server objects reside in multiple containers, this must be a container high enough in the tree
to be above all containers that contain server objects.
Best practice is to have all server objects in one container.

The container where the cluster pool and volume objects are placed when they are
synchronized to this cluster. This container is sometimes referred to as the landing zone. The
NCP TM
placed in the landing zone.
66 Novell Business Continuity Clustering 1.1 Administration Guide for Linux
Admin user should never be synchronized between clusters.
TM
server objects for the virtual server of a business-continuity-enabled resource are also