1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. IMANAGER 2.7.3
  6. Administration manual

Novell IMANAGER 2.7.3 - ADMINISTRATION Administration Manual

Hide thumbs Also See for IMANAGER 2.7.3 - ADMINISTRATION:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual, Manual
AUTHORIZED DOCUMENTATION
Administration Guide
Novell
®
iManager
2.7.3
September 30, 2009
www.novell.com
Novell iManager 2.7.3 Administration Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IMANAGER 2.7.3 - ADMINISTRATION and is the answer not in the manual?

Questions and answers

Related Manuals for Novell IMANAGER 2.7.3 - ADMINISTRATION

Summary of Contents for Novell IMANAGER 2.7.3 - ADMINISTRATION

  • Page 1 AUTHORIZED DOCUMENTATION Administration Guide Novell ® iManager 2.7.3 September 30, 2009 www.novell.com Novell iManager 2.7.3 Administration Guide...
  • Page 2 Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
  • Page 4 Novell iManager 2.7.3 Administration Guide...

  • Page 5: Table Of Contents

    Contents About This Guide 1 Overview What's New in iManager 2.7.3 (Field Patch 1) ........11 Additional Resources .
  • Page 6 Editing Member Associations ......... . 66 Novell iManager 2.7.3 Administration Guide...
  • Page 7 Available Novell Plug-in Modules ........
  • Page 8 Secure Connections ............112 B Novell Plug-in Modules Novell iManager 2.7.3 Administration Guide...

  • Page 9: About This Guide

    About This Guide ® This guide describes how to administer Novell iManager 2.7, and contains the following sections: Chapter 1, “Overview,” on page 11 Chapter 2, “Accessing iManager,” on page 13 Chapter 3, “Navigating the iManager Interface,” on page 17 Chapter 4, “Browsing Objects,”...
  • Page 10 Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.

  • Page 11: Overview

    (http://www.novell.com/documentation/imanager27/). “Hide” and “Show Hidden” Buttons in the Available Novell Plug-In Modules Page: The Available Novell Plug-in Modules page now has Hide and Show Hidden buttons for hiding the selected plug-in modules, and viewing/unhiding the hidden plug-in modules respectively. Preferred Object Selection Method for a Task of a Property Book: In the Property Book page, the user can now define/modify a preferred object selection method for an existing task.

  • Page 12: Additional Resources

    DNS names. The proxy host field now accepts DNS names also. 1.2 Additional Resources For more information on topics relevant to Novell iManager, refer to the following Web sites: Tomcat servlet container (http://jakarta.apache.org/tomcat) How to setup Tomcat to use a proxy (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/proxy- howto.html)

  • Page 13: Accessing Imanager

    Because iManager 2.7 uses only Tomcat 5/5.5 for its Web server requirements, on platforms other than Novell Open Enterprise Server 2 (OES 2) you must specify the Tomcat port as part of the iManager URL. The default URL to start iManager 2.7 is as follows: Secure URL: https://<server ip address>:8443/nps/iManager.html...

  • Page 14: Accessing Imanager Workstation

    Secure URL: https://<server ip address>/nps/iManager.html Although slightly different iManager URLs might work on some platforms, Novell recommends using these URLs for consistency. 2 Log in using your username, password and treename. 2.2.2 Accessing iManager Workstation To access iManager Workstation: 1 Execute the appropriate iManager Workstation startup script.

  • Page 15: Authenticating

    SLP properly configured for iManager to log in. For more information, see the Novell Open Enterprise Server SLP documentation (http://www.novell.com/ documentation/oes/networking-protocols.html#slp). 2.4.1 Tree Name Field If eDirectory is installed and running on another port besides the default port 524, you can use the IP address or DNS name of the eDirectory server to log in if you also specify the port (for example, 127.0.0.1: 1080).

  • Page 16: Expired Password Information

    In the sample code above, replace treename with the name of the appropriate directory tree in lower case. If you save any iManager Server settings from the Configure iManager task after editing the config.xml file, verify that the treename is still in lowercase or customized contextless login will fail. Novell iManager 2.7.3 Administration Guide...

  • Page 17: Navigating The Imanager Interface

    Navigating the iManager Interface ® This section describes how to navigate through the Novell iManager 2.7 interface. Section 3.1, “iManager Interface,” on page 17 Section 3.2, “Special Characters,” on page 20 3.1 iManager Interface The iManager interface comprises three main regions, or frames.

  • Page 18: Header Frame

    Tasks are organized into categories. The list of categories and tasks varies based on the installed plug-ins and the rights granted to you as an authenticated iManager user. Novell iManager 2.7.3 Administration Guide...

  • Page 19: Content Frame

    Contents of the Navigation frame when in the Roles and Tasks view Figure 3-3 The ordering of tasks within each category is determined by the author of the applicable iManager plug-in. Base plug-in tasks (those that are included with iManager) typically display before tasks from other plug-ins.

  • Page 20: Special Characters

    In iManager, some characters have special significance and must be escaped with the backslash (\) character: NDAP (eDirectory): Period (.) Equal sign (=) Plus sign (+) Backslash (\) LDAP: DNs and = + \ @; < > Novell iManager 2.7.3 Administration Guide...
  • Page 21 Leading # Leading or trailing spaces For LDAP, any character can be specified with \xx. See RFC 2253 (http://www.faqs.org/rfcs/ rfc2253.html) for more information. Navigating the iManager Interface...
  • Page 22 Novell iManager 2.7.3 Administration Guide...

  • Page 23: Browsing Objects

    Browsing Objects iManager lets you manipulate and manage directory objects. There are two paradigms for doing this. First, you can browse for and select the objects with which you want to work, and then specify the task you want to perform on those objects (object-then-task.) Second, you can select the task you want to perform, and then specify the objects to which you want to apply the task (task-then-object.) Either way of doing things is valid, and iManager lets you use the method with which you are most comfortable.

  • Page 24: Using The Object View

    By default, Tree View displays up to 100 subordinate objects per container, but you can change this setting in the Object View Preferences. Novell iManager 2.7.3 Administration Guide...
  • Page 25 Tree View Content Frame Selecting one of the container objects in the Navigation frame causes the Content frame to display all the objects in that container. The Content frame is where you actually manipulate directory objects. The Content frame includes a header from which you can select from among several available actions: Bread Crumbs: At the very top of the Content frame, Tree view provides a bread crumb feature that lets you navigate along the containers in the current context.

  • Page 26: Browse

    The Browse tab uses only the Navigation frame to provide its functionality. It includes the following primary components: Object Filter: Located at the top of the Navigation frame, the object filter lets you limit the objects displayed in the object list. Once defined, click Apply to use the filter. Novell iManager 2.7.3 Administration Guide...

  • Page 27: Search

    IMPORTANT: The object filtering in the Browse tab only applies to directory objects. It does not filter file system objects, even though they might be visible in the Browse tab. The object filter uses the following fields: Context: Displays only those objects in the specified context. This is identical to opening the container from the object list.
  • Page 28 Advanced Selection tool, from which you can specify additional, attribute-level filter settings. For more information, see “Advanced Selection” on page Load/Save: These links let you load a previously defined search definition and save the current search so it can be re-used, respectively. Novell iManager 2.7.3 Administration Guide...

  • Page 29: Using The Object Selector

    Multiple Select / Single Select: Located above the right side of the results list, this link lets you toggle between selecting a single object or multiple objects against which you want to perform a task. The default option is Single Select. For more information, see “Selecting and Filtering Objects”...

  • Page 30: Browse

    For more information about selecting single or multiple objects for a task, see “Selecting and Filtering Objects” on page 4.2.2 Search The Search tab lets you specify a search operation to perform on the directory tree and display the results. It includes the following primary components: Novell iManager 2.7.3 Administration Guide...
  • Page 31 Object Search: Located on the left side of the Object Selector, the object search lets you define the search criteria. Once defined, click Search to perform the specified search operation. You can define your search using the following fields: Start search in: Specifies the starting container for the search operation. If you want the search to include subordinate containers, select Search sub-containers Search for objects named: Defines the object name filter for this search.
  • Page 32 Novell iManager 2.7.3 Administration Guide...

  • Page 33: Roles And Tasks

    Roles and Tasks Selecting the Roles and Tasks view in the Header frame displays all of iManager’s available roles and tasks in the Navigation frame. iManager groups related roles and tasks into categories. However, you can create custom category groups and assign roles and tasks to them. For more information, see “The Category Tab”...
  • Page 34 Does not support wildcards in the search criteria Supports only “starts with” and “equals” filters for property values Advanced Selection Advanced Selection provides a more configurable environment for searching the directory for the desired objects. Novell iManager 2.7.3 Administration Guide...
  • Page 35 iManager’s Advanced Selection Interface Figure 5-3 Advanced Selection gives you more granular control over the object filter used during the search operation. You can configure advanced selection options using the following fields: Object Type: Specifies the object base class for which you are searching. For example, User. Container: Specifies the container at which you want to start the search.
  • Page 36 (s) for all the objects in the specified container. The attributes whose fields are empty indicate that those attributes doesnot hold a common value for all the objects. You can add values to these attributes, as well. The Modify Object Screen Figure 5-5 Novell iManager 2.7.3 Administration Guide...

  • Page 37: Directory Administration

    Section 5.2.6, “Renaming an Object,” on page 39 For more information about eDirectory objects, see the eDirectory Administration guide (http:// www.novell.com/documentation/edir88/index.html?page=/documentation/edir88/edir88/data/ fbabihje.html#fbabihje). 5.2.1 Copying an Object You can either create a new object with the same attribute values as an existing object, or copy attribute values from one object to another.

  • Page 38: Creating An Object

    The Modify Object page displays pages with the selected object’s attributes. 3 Modify the object as desired, then click OK. If you are using a Mozilla browser, click the + symbol to add information instead of typing directly in the field. Novell iManager 2.7.3 Administration Guide...

  • Page 39: Moving An Object

    Section 5.3.5, “Move Group,” on page 41 Section 5.3.6, “Rename Group,” on page 41 Section 5.3.7, “Viewing My Groups,” on page 41 For more information about using and configuring Group objects, see the eDirectory Administration guide (http://www.novell.com/documentation/edir88/index.html?page=/documentation/edir88/ edir88/data/fbabihje.html#fbacjdfg). Roles and Tasks...

  • Page 40: Creating A Group

    To do this, open Configure > iManager Server > Configure iManager > RBS > Dynamic Group Search Type. Select DynamicGroupObjects&AuxClasses from the drop-down menu, then click Save. You cannot convert a dynamic group to a nested group and vice versa. Novell iManager 2.7.3 Administration Guide...

  • Page 41: Modifying Members Of Group

    Section 5.4.3, “Setting a Password,” on page 42 For more information about User objects, see the eDirectory Administration guide (http:// www.novell.com/documentation/edir88/index.html?page=/documentation/edir88/edir88/data/ afxkmdi.html). 5.4.1 Clearing a Lockout A user can be locked out for entering the wrong password too many times or trying to log in with an expired password.

  • Page 42: Creating A User

    2 In the Create Partition page, specify the container to use as the root of the new partition, or use the Object Selector to locate it, then click OK. A confirmation message appears indicating that the partition create operation was successful. Novell iManager 2.7.3 Administration Guide...

  • Page 43: Merging A Partition

    5.5.2 Merging a Partition Merging a partition effectively recombines it with its parent partition. Creating and merging partitions is how you determine how the directory is logically divided. 1 In Roles and Tasks, select Partitions and Replicas > Merge Partition. 2 In the Merge Partition page, specify the partition to merge with its parent, or use the Object Selector to locate it, then click OK.

  • Page 44: Viewing Partition Information

    Section 5.6.2, “Modifying Trustee Rights,” on page 45 Section 5.6.3, “Rights to Other Objects,” on page 45 Section 5.6.4, “Viewing Effective Rights,” on page 46 For more information about eDirectory rights, see the eDirectory Administration guide (http:// www.novell.com/documentation/edir88/index.html?page=/documentation/edir88/edir88/data/ fbachifb.html). Novell iManager 2.7.3 Administration Guide...

  • Page 45: Modifying The Inherited Rights Filter

    NetWare file system. For more information about Inherited Rights Filters, see the eDirectory Administration guide (http:/ /www.novell.com/documentation/edir88/index.html?page=/documentation/edir88/edir88/data/ fbachifb.html#a2iiidd). 1 In Roles and Tasks, select Rights > Modify Inherited Rights Filter. 2 Specify the full name of the object whose inherited rights filter you want to modify, or use the Object Selector to find it, then click OK.

  • Page 46: Viewing Effective Rights

    NOTE: Mandatory attributes can be defined only while creating a class. (A mandatory attribute is one that must be completed when an object is being created.) 1 In Roles and Tasks, select Schema > Add Attribute. Novell iManager 2.7.3 Administration Guide...

  • Page 47: Viewing Attribute Information

    2 Select the class you want to add an attribute to, then click OK. 3 Select the attributes you want to add, then click OK. Select the desired attributes from the Available Optional Attributes list, then click the Right- arrow to add these attributes to the Add These Optional Attributes list. Use the Left-arrow to remove attributes from Add These Optional Attributes.

  • Page 48: Creating A Class

    2 Follow the ICE Wizard through the import, export, migration of data, or schema update and compare operations. 5.7.9 Extending an Object 1 In Roles and Tasks, click Schema > Object Extensions. 2 Specify the name and context of the object you want to extend, then click OK. Novell iManager 2.7.3 Administration Guide...

  • Page 49: Users

    3 Depending on whether the auxiliary class that you want to use is already listed under Current Auxiliary Class Extensions, click one of the following: Yes: Quit this procedure. See Modifying an Object’s Auxiliary Properties (http:// www.novell.com/documentation/edir88/index.html?page=/documentation/edir88/edir88/ data/fbbdchgh.html#a3olrac) in the eDirectory Administration Guide instead. No: Click Add, select the auxiliary class, then click OK.

  • Page 50: Deleting A User

    2 Specify, or use the Object Selector to find, the name and context of the object, then click OK. 3 Click Enable. 5.8.5 Modifying a User To modify an existing user object’s properties: 1 In Roles and Tasks, select Users > Modify User. Novell iManager 2.7.3 Administration Guide...

  • Page 51: Moving A User

    2 Specify, or use the Object Selector to find, the name and context of the object, then click OK. The Content frame displays the user object’s property book. 3 Make your changes, then click Apply or OK to save the changes. 5.8.6 Moving a User To move a user object: 1 In Roles and Tasks, select Users >...
  • Page 52 Novell iManager 2.7.3 Administration Guide...

  • Page 53: Configuring And Customizing Imanager

    NOTE: Novell iManager Role-Based Services (RBS) grants rights based upon the Access Control List (ACL) capability of Novell eDirectory. The ACLs allow a trustee to be granted rights to a specific object or its subordinate objects. ACLs are not granted based upon specific object types.

  • Page 54: Rbs Objects In Edirectory

    Each Novell iManager task defines its applicable object types and necessary ACLs. However, these ACLs allow the user to perform those operations with other object types through eDirectory APIs or other tools such as Novell ConsoleOne or NWAdmin. Use RBS to create specific roles within your organization; the roles contain tasks that an assigned user can perform within iManager, such as creating a new user or changing a password.
  • Page 55 14 default categories: Authentication & Passwords, Collaboration, Directory, File Management, Identity Manager, Infrastructure, Install & Upgrade, Network, Novell Audit, Printing, Security, Servers, Software Licenses & Network, Usage, and Users & Groups. The All Categories selection displays all available roles and tasks.

  • Page 56: Installing Rbs

    1 In the Configure view, select iManager Server > Configure iManager. 2 Select the RBS tab. 3 Select the appropriate tree name in the RBS Tree List field, then click the minus button. 4 Click Save. Novell iManager 2.7.3 Administration Guide...

  • Page 57: Rbs Configuration

    NOTE: When using iManager in Unrestricted mode, you typically see the following message on the iManager Home Page: Notice: Some of the roles and tasks are not available. Clicking View Details might display a message Not supported by current authenticators for several of the tasks, even though the tasks work correctly.

  • Page 58: The Role Tab

    “Create a New Role” on page 59 “Edit a Role” on page 59 “Delete a Role” on page 59 “Set a Member Association” on page 59 “Assign a Category” on page 60 “Add a Description to a Role” on page 60 Novell iManager 2.7.3 Administration Guide...
  • Page 59 NOTE: To select a role, select the checkbox to the left of the role name. Create a New Role To create a new role in the collection: 1 In the Role tab, select New > iManager Role. 2 Complete the steps in the iManager Role Wizard. The wizard steps you through naming the role;...

  • Page 60: The Task Tab

    For information on creating tasks in the Plug-in Studio, see “Creating a New Task from Plug-In Studio” on page Deleting a Task To delete an existing task: 1 In the Task tab, select the task, then select Delete. Novell iManager 2.7.3 Administration Guide...

  • Page 61: The Property Book Tab

    A message appears: This operation will delete all of the selected tasks. Do you want to continue? 2 Click OK. Editing the Role Assignment of a Task To edit the list of roles to which a task is assigned: 1 In the Task tab, select the task, then select Actions > Role Assignment. 2 On the Edit Role Assignment page, add or remove roles from the Assigned Roles field, then click OK.
  • Page 62 Adding/Modifying the Description of a Property Book To add/modify a description to an existing task: 1 In the Property Book tab, select the property book, then select Actions > Description. 2 Specify/modify the description in the text box, then click OK. Novell iManager 2.7.3 Administration Guide...

  • Page 63: The Module Tab

    Defining/Modifying a Preferred Object Selection Method for a Task of a Property Book To define/modify a preferred object selection method for an existing task: 1 Under the Property Book tab, select the property book, then select Actions > Target Chooser Mode.

  • Page 64: The Category Tab

    From the Plug-in Studio task, you can perform the following operations: “Creating a New Task from Plug-In Studio” on page 65 “Editing a Task” on page 65 “Deleting a task” on page 65 “Copying Custom Tasks” on page 66 Novell iManager 2.7.3 Administration Guide...
  • Page 65 “Exporting Custom Tasks” on page 66 “Importing Custom Tasks” on page 66 Creating a New Task from Plug-In Studio To create a new task with Plug-In Studio: 1 In the Configure view, select Role-Based Services > Plug-in Studio. 2 Select New. The Task Builder appears to help you build custom tasks and property pages.

  • Page 66: Editing Member Associations

    3 Specify a role and role scope to add to this member, then click OK. This data is saved to eDirectory. After login, the newly assigned role appears in the left column of the member who owns it. Novell iManager 2.7.3 Administration Guide...

  • Page 67: Editing Owner Collections

    6.2.8 Editing Owner Collections Use this task to change the owner assigned to a collection. 1 In the Configure view, select Role Based Services > Edit Owner Collections. 2 Specify, or use the Object Selector to find, a collection owner, then click OK. 3 Add or remove collections this person can own, then click OK.

  • Page 68: Using Reports

    To change the column in which items are sorted, click the name of the column you want.To change the sort order, click the name of the column in which items are currently sorted. Novell iManager 2.7.3 Administration Guide...
  • Page 69 <selected-member-types>User, Group, Dynamic Group, Organizational Role, Container</selected-member-types> <dynamic-group> <search-enabled>yes</search-enabled> <role-search>parent sub-directory (novell)</role-search> <search-for>Dynamic Group Objects</search-for> </dynamic-group> <container-role-search>up to parent (novell)</container-role-search> </rbs-report-header> <rbs-record> <role-name>eDirectory Administration</role-name> <role-object>eDirectory Administration.Role Based Service 2.novell</ role-object> <member-type>User</member-type> <member-object>admin.novell</member-object> <scope>.MY_TREE.</scope> <rights-assigned>true</rights-assigned> <rights-inherit>true</rights-inherit> </rbs-record> <rbs-record> <role-name>eDirectory Administration</role-name> <role-object>eDirectory Administration.Role Based Service 2.novell</ role-object>...
  • Page 70 Management.RBS 270 akpal.08","User","admin.novell",".BLR-ANIL-TREE.","true","true", admin.novell,"Help Desk","Help Desk Management.Role Based Service 2.novell","User","admin.novell",".BLR-ANIL-TREE.","true","true", admin.novell,"Help Desk","Help Desk Management.RBS 270 akpal.08","User","admin.novell",".BLR-ANIL-TREE.","true","true", admin.novell,"IDE Demo Role","IDE Demo Role.Role Based Service 2.novell","User","admin.novell",".BLR-ANIL-TREE.","true","true", admin.novell,"Novell Certificate Access","Novell Certificate Access.RBS 270 akpal.08","User","admin.novell",".BLR-ANIL-TREE.","true","true", admin.novell,"Novell Certificate Server Management","Novell Certificate Server Management.RBS 270 akpal.08","User","admin.novell",".BLR-ANIL- TREE.","true","true",...

  • Page 71: Imanager Server

    Role Search: Dynamic Group Objects Container Role Search: up to parent (novell) ------------------------------------------------- Role Name: eDirectory Administration Role Object: eDirectory Administration.Role Based Service 2.novell Type: User Member: jdoe.novell Scope: novell Assigned: true Inherit: true ------------------------------------------------- 6.4 iManager Server If you do not see this task, you are not an authorized user. See “Authorized Users and Groups”...

  • Page 72: Security

    You are using a non-secure connection Enable Novell Audit Make sure you have met the Novell Audit Prerequisites. Select the Enable Novell Audit option and select specific iManager logging events, then click Save. Auto Import Tree Certificate for Secure LDAP Secure LDAP connections require a certificate.

  • Page 73: Look And Feel

    Title Bar Name Specify your organization name in this text box. It then appears in the title bar of the Web browser in place of the default text (Novell iManager). Images The Title bar contains three images: the header background image, the header filler image, and the header branding image.

  • Page 74: Redirection After Logout

    Contextless Login: Contextless login allows users to log in with only username and password, without knowing their entire User object context (for example, .admin.support.sales.novell.) If there are multiple users with the same username in the tree, contextless login allows to log in by using the first user account it finds with the supplied password within the container order list that the user has specified.

  • Page 75: Rbs

    Enable Dynamic Groups: When selected, RBS allows dynamic groups to be members of a role. For more information about dynamic groups, see the eDirectory Administration guide (http:// www.novell.com/documentation/edir88/index.html?page=/documentation/edir88/edir88/data/ fbabihje.html#fbacjdfg). Show Roles in Owned Collections: When selected, collection owners see all roles and tasks whether they are members of them or not.

  • Page 76: Plug-In Download

    Unassigned Access mode. 6.4.8 Plug-In Download The Plug-in Download tab lets you configure the following settings: Query Novell download site for new Novell Plug-in Modules (NPM): Indicates that the iManager Server should query the Novell Download site (http://download.novell.com/ index.jsp?product_id=&search=Search&build_type=SDBuildBean&families=&date_range=&key...

  • Page 77: Object Creation List

    There are two types of modules used in iManager: Novell Plug-in Module (NPM): These are archives that contain the files for plug-ins to iManager. When you install an NPM using the Available Novell Plug-in Modules task, you are installing a plug-in to iManager to add to its functionality.

  • Page 78: Available Novell Plug-In Modules

    Installation” in the iManager 2.7 Installation Guide. 6.6.1 Available Novell Plug-in Modules The Available Novell Plug-in Modules (NPM) page lists all the available NPMs contained in the packages directory/download site. (See “Plug-In Download” on page 76.) The name, version, and description of each module are in their respective manifest files.

  • Page 79: Downloading And Installing Plug-In Modules

    2 In the Configure view, select Plug-in Installation > Available Novell Plug-in Modules. The Content frame lists all the available iManager plug-ins. iManager automatically checks the Novell download site once a week for updated plug-ins. However, you can update the list at any time by clicking the Refresh link.

  • Page 80: Uninstalling A Plug-In Module

    You can create a plug-in download repository if a proxy server or firewall prevents iManager 2.7 from contacting the Novell download Web site. This lets you host plug-in modules on a local Web server or a common file system location.

  • Page 81: E-Mail Notification

    No plug-ins found or server not available download area, one or both of the following conditions can exist: There are no updated plug-ins available on the Novell download site, or the connection to download. novell.com from the install program was not successful. Verify your Internet connection.

  • Page 82: Mail Server Configuration

    From Address: Specifies the address that appears in the From field of the iManager e-mail message. Primary Mail Server: Specifies an IP address or server name (for example: smtp.novell.com) of a mail server. You must also provide the username and password for iManager to use to access the SMTP server.
  • Page 83 Hide: Hides the view. Show: Displays the view. Select Read parent containers of this object to use the settings of the object's parent container for this object. When selected, the parent settings take precedence over the object’s local settings. Configuring and Customizing iManager...
  • Page 84 Novell iManager 2.7.3 Administration Guide...

  • Page 85: Preferences

    Preferences The Preferences view lets you configure iManager settings related to the application’s look and feel. It provides access to the following tasks: Section 7.1, “Manage Favorites,” on page 85 Section 7.2, “Object Selector,” on page 85 Section 7.3, “Object View,” on page 86 Section 7.4, “Set Initial View,”...

  • Page 86: Object View

    Language setting is not set to a supported language for iManager. To avoid problems, in your Web browser, click Tools > Options > Languages or a sequence similar to this, then set the first language preference in the list to a supported language. Novell iManager 2.7.3 Administration Guide...

  • Page 87: Troubleshooting

    Troubleshooting This section provides some troubleshooting tips resulting from Novell’s testing of iManager. These tips are arranged alphabetically in the following topics: Section 8.1, “Authentication Issues,” on page 88 Section 8.2, “Deleting and Re-creating User Accounts with the Same Name (Windows XP/ 2000),”...

  • Page 88: Authentication Issues

    Apache is running on. Depending on how you installed iManager and whether you chose to use Apache or IIS, the configuration file locations vary. Apache uses either the file or the httpd.conf file. Refer to the Microsoft documentation for information on IIS port settings. ssl.conf Novell iManager 2.7.3 Administration Guide...

  • Page 89: Http 500 Errors

    8.1.5 632 Error Messages This error is a system failure with several possible causes (http://www.novell.com/documentation/ nwec/nwec_enu/nwec_ids_t_err_system_failure.html). 8.1.6 634 Error Messages The target server does not have a copy of what the source server is requesting, or the source server has no objects that match the request and has no referrals on which to search for the object.

  • Page 90: Error Messages

    Running eDirectory Maintenance Tasks requires that Role-Based Services (RBS) must be configured through iManager for the tree that is being administered. For RBS configuration information, see Chapter 4, “Browsing Objects,” on page For additional information, see the Novell eDirectory documentation (http://www.novell.com/ documentation/lg/edir871/index.html?page=/documentation/lg/edir871/edir871/data/agabn4a.html). Novell iManager 2.7.3 Administration Guide...

  • Page 91: Enabling Debug Messages For Install And Configure

    8.5 Enabling Debug Messages for Install and Configure If installation fails, you must enable some debugging messages to help determine what is wrong. Linux: Export LAX_DEBUG=true in the terminal session that you start the iManager InstallAnywhere program from. Windows: Hold the Ctrl key down as you start the iManager InstallAnywhere program and continue holding it until the debugging screen appears.

  • Page 92: Missing Roles Or Tasks In The Configure View

    If this file is truncated to or some other corrupt filename, rename the file and NPS-APACHE~1.CON then stop and restart Tomcat. For information about restarting Tomcat, see “Starting and Stopping Tomcat” on page Novell iManager 2.7.3 Administration Guide...

  • Page 93: Running Edirectory And Imanager On The Same Machine (Windows Only)

    2 Stop the eDirectory server and the Tomcat service. Also stop any other service that may be using NICI. 3 Take ownership of the directory. %systemroot%\system32\novell\NICI\SYSTEM Do this from the file properties' Security > Advanced Options. 4 Save the contents of the directory in a backup directory.

  • Page 94: Service Unavailable" Message Appears During Multiple Plug-In Installs

    /var/opt/novell/tomcat5/conf/server.xml The non-SSL port section of the file begins with Define a non-SSL Coyote HTTP/1.1 on port n, while the SSL port section begins with Connector Define an SSL Coyote HTTP/1.1 on port n. Connector Novell iManager 2.7.3 Administration Guide...

  • Page 95: Unable To Determine Universal Password Status" Error

    This utility lets you install login methods into eDirectory from a UNIX machine and is required to run the Universal Password feature. The nmasinst utility is located in the directory. For more information, see the Universal Password Deployment Guide (http://www.novell.com/ documentation/lg/nw65/universal_password/data/front.html). 8.15 iManager Workstation Does Not Display...

  • Page 96: Sometimes Refresh Button Does Not Function

    2. Select Cache and click Clear Private Data Now. 3. Log in to iManager. 4. Re-install the plug-ins. For iManager workstation: For Windows: 1. Exit iManager. 2. Browse for C:\Users\<username>\AppData\<Profile>\Mozilla\eclipse\Cache (the path varies depending on the configuration and OS). Novell iManager 2.7.3 Administration Guide...

  • Page 97: Login Issue With Respect To Tree Ip Address Change

    Now, if you log in to iManager with <XXX_TREE> tree name, you would log in to <YYY_TREE> because <XXX_TREE> maps to <xxx.xx.xx.xx>, but <xxx.xx.xx.xx> is currently configured with <YYY_TREE>. Work around: For Windows, 1. Go to ...\Program Files\Novell\Tomcat\webapps\nps\WEB-INF\ 2. Open file. config.xml 3. In the file, search for the setting and delete your...

  • Page 98: Java Error Messages Are Displayed After Closing The Browser Of Imanager Workstation

    SIGSEGV (0xb) at pc=0x8e4c6944, pid=4106, tid=3085011872 # Java VM: Java HotSpot(TM) Server VM (11.3-b02 mixed mode linux-x86) # Problematic frame: [libmozjs.so+0x2944] strftime+0x2944 Work around: Ignore the error message and the files because they don’t hs_err_pid####.log affect the iManager workstation. Novell iManager 2.7.3 Administration Guide...

  • Page 99: Auditing Imanager Events

    IMAN_EN.LSC nps/support/audit installed via the Novell Audit process. It can also be installed manually by using the Novell Audit iManager plug-in as described in the following section. 9.1 Installing the IMAN_EN.LSC File in iManager Install Novell Audit before you install the file.

  • Page 100: Enabling Audit In Imanager

    1 Log in to iManager. 2 Click Configure > iManager Server > Configure iManager. The Configure iManager page is displayed. 3 Click the Security tab, select Enable Novell Audit, select the events you want to record, then click Save. 9.3 Configuring Audit for iManager...

  • Page 101: Configuring Audit For Imanager Instrumentation With Third-Party Certificates

    9.4 Configuring Audit for iManager Instrumentation with Third-Party Certificates 1 Make sure you have created a Logging Application for iManager Instrumentation in the Audit Server. If you have not created a Logging Application, perform from Step 8 to Step 17 in Section 9.3, “Configuring Audit for iManager Instrumentation,”...
  • Page 102 102 Novell iManager 2.7.3 Administration Guide...

  • Page 103: Best Practices And Common Questions

    Questions This section contains recommendations about the following topics from some of our experts. If you find something that works well for you, please share it at Cool Solutions (http://www.novell.com/ coolsolutions). Section 10.1, “Backup and Restore Options,” on page 103 Section 10.2, “Coexistence with previous versions of iManager 2.x and Role-Based Services,”...

  • Page 104: Collections

    3a Immediately after launching the installer, hold down the Ctrl key until a console window appears. 3b After the install has completed, click the icon in the upper left corner of the console window and select Properties > Layout. 104 Novell iManager 2.7.3 Administration Guide...

  • Page 105: Linux

    (reloads) the virtual IP address on another node in the cluster. 2 Using the Generic_IP_Service template that ships with Novell Cluster Services, create a new cluster resource called iManager. This cluster resource uses a virtual IP address that moves between nodes in the cluster. When creating a new cluster resource, the wizard steps you through the creation of a load script and an unload script.

  • Page 106: Patching Imanager

    Because iManager and Tomcat are already running (Active/Active) on the other nodes, there is no load time for these applications if Novell Cluster Services has to migrate (move) the virtual IP to another node. There is little benefit in using an Active/Passive cluster because it requires much more configuration and makes you wait the entire load time for each failover.

  • Page 107: Imanager Apparmor Profile

    10.8 iManager AppArmor Profile Novell Open Enterprise Server 2—Linux includes an AppArmor profile for iManager 2.7. The profile name is and is installed at etc.opt.novell.tomcat5.init.d.tomcat5 /etc/apparmor/ profiles/extras/iManager The iManager AppArmor profile is not enabled by default. To enable it, copy the profile into the folder.
  • Page 108 108 Novell iManager 2.7.3 Administration Guide...

  • Page 109: A Imanager Security Issues

    Exporting a Trusted Root or .der Public Key Certificate (http://www.novell.com/documentation/crt32/crtadmin/data/a2ebopb.html) in the Novell Certificate Server Admin Guide. You will want to export the trusted root certificate. 1 Open a command window. 2 Change to the directory where you have installed the JDK.

  • Page 110: Self-Signed Certificates

    Authorized Users and Groups data is stored in the file, which must be configiman.properties secured to prevent unauthorized modification. To do this, modify the access controls for to restrict those users authorized to manually edit the file. configman.properties 110 Novell iManager 2.7.3 Administration Guide...

  • Page 111: Preventing Username Discovery

    NOTE: Not specifying an Authorized User or Group, which prevents the file from being created, or specifying an Authorized User or Group of configiman.properties , allows any user to install iManager plug-ins and modify iManager server settings. This is AllUsers a security risk for server-based iManager environments.

  • Page 112: Encrypted Attributes

    Requiring remote administrators to use a VPN to access iManager and eDirectory servers NOTE: Regardless of the wire-level encryption being used, passwords are always encrypted and protected as part of the iManager authentication process. 112 Novell iManager 2.7.3 Administration Guide...
  • Page 113 Rights Users Groups The best place to locate and download iManager plug-ins is within iManager on the Available Novell Plug-in Module page. Alternately, you can download plug-ins from the Novell download site (http:/ /download.novell.com). Select iManager as the product in the search criteria.
  • Page 114 114 Novell iManager 2.7.3 Administration Guide...

Table of Contents