Configuring iManager

Novell® iManager configuration settings are saved in webapps/nps/WEB-INF/config.xml.

NOTE: You can either save as you go or click Save after you have made all your changes on the various tabbed pages.

Security
The security screen contains the following features:

When Using a Nonsecure Connection
Select if you want the following message to warn users: "You are using a nonsecure connection."

Auto Import Tree Certificate for Secure LDAP
Secure LDAP connections require a certificate. If you select this feature, the system automatically imports a public tree certificate for secure LDAP.

Authorized Users
Authorized users are users who can run various administrative tasks. Authorized user data is saved in webapps/nps/WEB-INF/configiman.properties. This file automatically gets created at install time.

Using this option, you can modify the configiman.properties file. The tree name must be included with the names specified (for example, admin.novell.mytree). If you want to designate all users as authorized users, type AllUsers.

Auditing

Before you enable auditing, import the Nsure Audit formatting file that allows the audit server to format logging events. To do this:

1. Locate the IMAN_EN.lsc file from the iManager installation in the tomcat/4/4webapps/nps/support/audit folder.
2. Copy this file to a temporary location on the local machine.
3. In iManager, select the Roles and Tasks view > Auditing and Logging > Logging Server Options.
4. Browse to the Logging Server object and click OK.
5. Click the Log Applications tab (or select Log Applications from the drop down menu in Mozilla Browsers).
6. Click the check box next to the Applications container, then click the New Log Application link from the menu.
7. Click OK.
8. Provide a name for the Log Application (such as "iManager Instrumentation").
9. Browse to the IMAN_EN.lsc file on the local machine or server and click OK to save the new Log Application object.
10. Restart (reload) the Secure Logging Server for changes to take effect.

Select Enable Nsure® Audit to log any of the following events that you select:

• Add Authorized User
• Successful Login
• Successful NPM Install
• Startup iManager
• Failed SSL Connection
• Logout
• Changed Configuration
• Failed Login
• Failed NPM Install
• Shutdown iManager

If you deselect Enable Nsure Audit, your event selections retain their check marks (to remind you of your preferences in case you activate auditing again later), but they are inactive and grayed out, indicating that all auditing is turned off.

Look and Feel
Use this screen to customize the appearance of your iManager.

Title Bar Name
Type your organization' s name in this text box. It will appear in the title bar of the Web browser in place of the default text, Novell iManager.

Images
The title bar contains three images: the header background image, the header filler image, and the header branding image. Your own images must conform to the dimensions given on the interface.

Store these files in nps/portal/modules/fw/images. Type the path of each image in its respective text field.

Navigation Menu Colors
You can customize the color of the menu header and the background of the navigation menu on the left.

You can type either color names or hexidecimal numbers. Entries can be case insensitive. Click the Reset button to change the color back to the default color. Information about look-and-feel is saved in webapps/nps/WEB-INF/config.xml.

Logging Events
Select a logging level for Web server debugging, from No Logging to Errors, Warnings, and Information Messages.

Log Output
The log file path and log file size both appear on this page. Select to view the log file and it appears in HTML format. Select to clear the log file and all data in it is deleted; then the Log File Size resets to 0 bytes (zero).

Authentication
Authentication configuration affects the iManager login page.

Remember Login Credentials
If you select this option, only your password is required.

Use Secure LDAP for auto-connection
This setting specifies whether iManager communicates via LDAP, SSL, or LDAP clear text. Some plug-ins, such as Dynamic Groups and NMAS™, do not work if this option is not selected. This setting does not take effect until you log out of iManager.

Hide specific reason for login failure
Replaces authentication-related eDirectory messages with a generic error message that reads: Login Failure. Invalid Username or Password. This helps prevent unauthorized access.

Allow 'Tree' Selection on Login Page
If you select this option, the Tree text box appears on the login page. If you do not select this option, you must have a default tree name; otherwise, you cannot log in.

Contextless Login
Contextless login allows users to log in with only a username and password, without having to know or understand their entire user object context. For example, admin.support.

If there are multiple users with the same username in the tree, contextless login tries to log in using the first user account it finds with the supplied password. In this case, a user should either provide a full context when logging in or limit the search container that contextless login searches.

Select the search containers option and specify the containers where user objects can be found for login or select the search from root option to search from the root of the tree for contextless login.

• Containers to Search
  Which containers iManager must search to find a specific user.
• Public Username
  By default, iManager connects with public access, requiring no specific credentials. If you want, you can specify a user with specific credentials to do the search for the contextless lookup. The iManager public user is used if you don't specify a user.
  
  Correct syntax for the public username is username.context; for example, admin.novell.
  
  Important: If you specify a public user, consider carefully the implications to password expiration settings. If the password is set to expire on the public user, you will have no opportunity to change the password during login, when it expires.
  
• Public User Password
  The password for the user specified in Public Username. The Password is saved unencrypted, in clear text.
• Retype Password
  Retype for accuracy.

RBS

Role-Based Services (RBS) assigns the rights within eDirectory™ to perform tasks. In order to do certain things, you must have rights in the eDirectory tree. When you assign a role to a user, RBS assigns the rights necessary to perform the tasks of that role.

Enable Dynamic Groups
Enables RBS to allow Dynamic Groups to be members of a role.

Note: A group cannot be converted to a dynamic group or vise versa if the object has any role assignments.

Show Roles in Owned Collection

If you select this option, collection owners can see all roles and tasks whether they are members of them or not. If you do not select it, owners can see only their assigned roles.

Click the drop-down arrows for lists of the following:

• Role Discovery Domain
  Indicates where iManager is to search in the tree for roles that are assigned to a container object.
  • Parent: Searches for roles in the user's parent container.
  • Partition: Searches for roles assigned up to the first eDirectory partition of a user.
  • Root: Searches for roles in the entire tree.
• Dynamic Group Discovery Domain
  Indicates where iManager is to search in the tree for Dynamic Group membership. Role membership is checked in the Dynamic Groups found.
  • Parent: Searches for Dynamic Groups up to the parent container.
  • Partition: Searches for Dynamic Groups up to the first eDirectory partition.
  • Root: Searches the entire tree for Dynamic Groups, up to root.
• Dynamic Group Search Type
  Indicates which type of Dynamic Groups should be searched for role membership.
  • Dynamic Group Objects Only: Searches for objects that are of the dynamicGroup class type.
  • Dynamic Group Objects and Aux Classes: Searches for objects that either are of the dynamicGroup class type or have been extended with the dynamicGroupAux class. This includes Group objects that were later converted to Dynamic Groups.
• RBS Tree List
  When a collection owner or a Role member authenticates, this setting is auto-populated with the eDirectory tree's name. This effectively keeps track of the eDirectory trees where RBS has been configured. If RBS is removed from an eDirectory tree, remove that tree's entry in this list in order to return to Unassigned Access mode.

Modules

The Download Module screen offers the following download options to keep you informed of updated plug-ins.

• Query Novell Download site for new Novell Plug-in modules.
  • Show every available Novell Plug-in Module.
  • Show updated Novell Plug-in Modules.

  The NPMs appear listed on the Available Novell Plug-ins page.

Miscellaneous

Enable [this]
You can safely ignore this option. Enable [this] was added to iManager to allow Novell teams to modify their own objects. [this] is an attribute in the tree that enables specific self-management functionality. If [this] is enabled, all servers in the tree must be version 8.6.2 or later.

eGuide URL
Specifies the URL for eGuide. This is used in the eGuide launch button in the header and in the eGuide role and task management tasks. This must be a full URL (for example, https://my.dns.name/eGuide/servlet/eGuide) or the keyword EMFRAME_SERVER. Using EMFRAME_SERVER causes eMFrame to look for eGuide on the same server that eMFrame is located on.

A trademark symbol (^®, ^TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.