Security - Novell IMANAGER 2.7.3 - ADMINISTRATION Administration Manual

Security.Keystore.AutoUpdate: If the value of AutoUpdate is True, when a user successfully logs
in to iManager, the certificate from that eDirectory server might automatically be imported into the
iManager-specific keystore. Select the setting Auto Import Tree Certificate for Secure LDAP
(Configure iManager > Security).
Security.Keystore.UpdateAllowAll: When UpdateAllowAll is True, then any successful user login
imports/updates a certificate into the iManager certificate keystore. If the setting is false, only an
authorized user login imports/updates certificates.
Security.Keystore.Priority: The priority setting contains two words that define the search order for
certificates during a connection: system, and imanager.system uses the default JVM* keystore to
locate certificates when created the SSL context. If that fails, it then goes to the iManager keystore.
You can change the search order of system and iManager by removing either word from the entry.
To further tighten security, do not allow AutoUpdate and use only the system keystore. If you do
this, you must manually import the certificates that you want to reside in the default system keystore
by using the tools that come with Java. If you disable UpdateAllowAll, then certificate imports
occur only from a successful iManager authorized user login.

6.4.2 Security

These settings affect your entire Web server configuration and are saved in the file.
config.xml
You can either save as you go or click Save once after you have made all your changes.
Warn When Using a Nonsecure Connection
Select this option if you want users without a secure connection between the Web browser and the
Web server to receive the following warning: .
You are using a non-secure connection
Enable Novell Audit
Make sure you have met the Novell Audit Prerequisites. Select the Enable Novell Audit option and
select specific iManager logging events, then click Save.
Auto Import Tree Certificate for Secure LDAP
Secure LDAP connections require a certificate. If you select this feature, the system automatically
imports a public tree certificate for secure LDAP.
Authorized Users and Groups
Authorized users and groups are those that iManager permits to perform its various administrative
tasks. Authorized user data is saved in
TOMCAT_HOME\webapps\nps\WEB-
. The iManager installation process creates this file only if
INF\configiman.properties
authorized user and group information is provided, but doing it, is not required. Failure to do it
results in iManager allowing any user to install iManager plug-ins and modify iManager server
settings (not recommended long-term.)
When a group or an organizational role is added to this list, all members of the group or the
organizational role become authorised users. Adding a nested group supports only first level of
members. But adding a dynamic group is not supported because it can have any type of objects as its
members.
72 Novell iManager 2.7.3 Administration Guide