iManager
NetWare 6.5 includes iManager 2.0, a Web-based tool for administering, managing, and configuring NetWare products, services, and eDirectory objects. iManager allows Role-Based Services (RBS) to give you a way to focus the user on a specified set of tasks and objects as determined by the user's role(s). What users see when they access iManager is based on their role assignments in eDirectory.
iManager has been re-architected to use Novell's exteNd Web services platform, and is in effect a management portal for Novell's products and services. It runs on the Apache Web server for NetWare. For more information on Apache Web server for NetWare, see Chapter 9.
As you will see, many of the default management tasks formerly requiring ConsoleOne can now be done through a common Web interface with iManager. Among other things, you can define management roles to administer Novell Licensing Services (NLS), iPrint, DNS/DHCP services, and perform eDirectory object management. Over time, iManager will grow to replace ConsoleOne completely as Novell's preferred management platform.
Installing iManager
In some NetWare 6.5 installations and patterns, iManager will not be installed automatically. If you did not select to install iManager during the server installation, it can be manually re-installed through Deployment Manager or the graphical server console. To install iManager via Deployment Manager, complete the following steps:
Make sure you are logged in as a user with administrative rights to eDirectory and the NetWare server.
At the workstation, insert the NetWare 6.5 Operating System CD-ROM. Run Deployment Manager (NWDEPLOY.EXE) from the root of the CD-ROM.
In Deployment Manager, select Install NetWare 6.5 Products in the left pane, and click Remote Product Install in the right pane.
Select the target server from the list of available servers, and then click Next. Provide admin user information when requested.
At the Components screen, select iManager 2.0 and Apache 2 Web Server and Tomcat 4 Servlet Container and click Next. Make sure all other products are deselected. All the necessary application files will be copied to the target server. This might take a few minutes. You might need to restart these services manually from the server console. To do this, stop Tomcat by typing TC4STOP and stop Apache by typing AP2WEBDN. Restart the services by typing AP2WEBUP to restart Apache and TOMCAT4 to restart Tomcat.
At the Installation Complete screen, click Reset Apache to restart Tomcat and the Apache Web server. Close Deployment Manager once the installation is finished.
Once the files have been installed on the server, the exteNd environment in which iManager runs must be configured. To perform this initial configuration, complete the following steps:
-
Open a browser and go to the following URL:http://<server IP address>/nps/servlet/configure.
-
Click the Start button.
-
Provide the LDAP name of an Admin user for the eDirectory tree in which the server resides. Use commas (,) instead of periods (.) in providing the distinguished name of the admin user object.
-
Select the PLATFORM.XAR file and click Next.
-
Accept the Novell exteNd Director 4.1 license agreement by selecting I Accept the Terms of the License Agreement, and click Next.
-
Select Custom Installation and click Next.
-
Specify the portal object to work with and click Next. You can choose an existing object or choose to create a new one. You will be asked to specify a distinguished name and password for the object.
-
At the Configuration screen, click Configure to set up the portal object in eDirectory. All of the portal modules to be configured will be listed.
Once the configuration has been written to eDirectory, and the portal object created, restart Tomcat and Apache 2 at the server console. To do this, stop Tomcat by typing TC4STOP and stop Apache by typing AP2WEBDN. Restart the services by typing AP2WEBUP to restart Apache and TOMCAT4 to restart Tomcat.
You can now open iManager from its URL, using either HTTP or HTTPS, at <server IP address>.iManager.html. You will be required to authenticate in order to access iManager, and will have access to only those features to which you have rights. For full access to all iManager features, authenticate as a user with Supervisory rights to the eDirectory tree (see Figure 3.4).
Figure 3.4 The iManager 2.0 home page.
You can also open iManager in Simple mode (see Figure 3.5), suitable for compliance with Federal accessibility guidelines. It provides the same functionality as Regular mode, but with an interface optimized for accessibility by those with disabilities (for example, expanded menus for blind users who rely upon spoken commands). To use Simple mode, simply replace iManager.html with Simple.html in the iManager URL. For example:
https://www.quills.com/nps/Simple.html
or
https://137.65.192.1/nps/Simple.html
Figure 3.5 The iManager 2.0 home page in Simple mode.
Using either interface, you will have access to only those features to which you have rights. For full access to all iManager features, authenticate as a user with Supervisory rights to the eDirectory tree.
iManager Basics
As shown in Figure 3.3, iManager is organized into three main sections, or frames:
Header frame: The Header frame is located at the top of the screen. It contains links to the Home, Roles and Tasks, Configuration, and Help pages, as well as an Exit link to close the browser window.
Navigation frame: The Navigation frame is located on the left side of the screen. It allows you to navigate among the various management tasks or directory objects, depending on the view that is selected. What you see is also constrained by the rights of your authenticated identity.
Main Content frame: The Main Content frame occupies the middle-right of the screen. When you select a link in the Header or Navigation frames, the appropriate page will be displayed in the Main Content frame.
TIP
If you ever see the Looking Glass icon next to a field in iManager, you can use it to browse or search the tree for specific objects to use in creating, defining, and assigning roles.
Role-Based Management with iManager
Role-based services allow administrators to assign users a group of specific set of functions, or tasks, into Role objects. When users are assigned a given role, what they see when they access Novell iManager is based on their role assignments. Only the tasks assigned to the authenticated user are displayed. The role-based services available through iManager are represented by objects in eDirectory. The object types include
RBS Collection: A container object that holds all RBS role and task objects for an eDirectory tree. You specify the location for this object during NetWare 6.5 installation.
RBS Role: Specifies the tasks that users (members) are authorized to perform. Defining a role includes creating an RBS Role object and linking it to the tasks that the role can perform. RBS roles can be created only in an RBS Collection container.
RBS Module: A container inside of the RBS collection that organizes available RBS Task objects into functional groups. RBS modules let you assign users responsibility for specific functionality within a product or service.
RBS Task: Represents a specific function, such as resetting login passwords. RBS Task objects are located only in RBS Module containers.
RBS Scope: Represents the context in the tree where a role will be performed, and is associated with RBS Role objects. This object is dynamically created when needed, and automatically deleted when no longer needed.
CAUTION
Never change the configuration of an RBS Scope object. Doing so can have very serious consequences and could potentially break the system.
Configuring Role-Based Services
During the iManager installation, the schema of your eDirectory tree was extended to support the RBS object types specified previously. It also created an RBS Collection container for your role-based services and installed the iManager plug-ins to support all currently available product packages. However, you can complete these tasks manually from iManager, if necessary.
To install RBS schema extensions, complete the following steps in iManager:
Select the Configure button.
Under RBS Configuration, select Extend Schema.
Select OK to add the new Role-Based Services schema extensions to the tree. If you get a message that the schema extensions have been previously installed, you are good to go.
To create the RBS Collection container, complete the following steps:
-
Select the Configure button.
-
Under Collection Configuration, select Create Collection.
-
In the Create Collection screen, enter the requested information and select OK.
-
Name: Enter a name for the Collection object.
-
Container: Specify a context for the Collection object.
To install product packages, complete the following steps in iManager:
-
Select the Configure button.
-
Under RBS Configuration, select Configure iManager. This launches the iManager configuration wizard.
-
At the Available Options screen, select Upgrade Collections and click Next.
-
Select the Collection object with which you want to work and click Next.
-
Provide the necessary information and click Start.
-
Modules to Be Installed: Specify all RBS modules you want associated with the Collection.
-
Scope: Specify the container for which the new role assignments, which will be created for the modules you are installing, will be active.
-
Inheritable: Specifies whether the role rights will flow down to all containers under the specified scope.
-
Click Close once the update process has completed. This will return you to the iManager Configure screen.
In most cases you won't have to do this manually, but its nice to know how it's done...just in case.
Defining RBS Roles
RBS roles specify the tasks that users are authorized to perform. The tasks that RBS roles can perform are exposed as RBS Task objects in eDirectory. RBS tasks are created automatically during the installation of product packages. They are organized into one or more RBS Module containers, each of which corresponds to a different type of functionality within the product.
Create and assign a Role object by completing the following steps in iManager:
-
Select the Configure button.
-
Under Role Configuration, select Create iManager Role. Choose Create eGuide Role if you want to define a role specific to eGuide management.
-
In the Name screen, enter the requested information and click Next.
-
Role Name: Specify a name for the Role object.
-
Collection: Specify a collection to hold the object.
-
(Optional) Description: Enter a role description, if desired.
-
From the All Tasks box, select those tasks that should be assigned to the role you are creating and click the right arrow to move them to the Assigned Tasks box. Click Next.
-
Specify the eDirectory objects and scopes for the role you are creating and click Add. You can select multiple objects to occupy the role, and multiple scopes for each object. The scope specifies the container at which the role will be active in the directory tree. Once all objects and scopes have been defined, click Next.
-
Review the role summary, and click Finish to create the new Role object.
Once created, you can modify RBS roles by completing the following steps in iManager:
Select the Configure button.
Under Role Configuration, select Modify iManager Role. Choose Modify eGuide Role if you want to modify an eGuide-specific role.
Make the desired task or role occupant changes. Click Modify Tasks to add or remove tasks from the Role. Click Modify Members to add or remove occupants from the role, or change the scope of an existing role occupant.
To delete any RBS object from your tree, complete the following steps in iManager:
Select the Configure button.
Under the appropriate RBS object heading, select Delete <object type>.
Specify the full name and context of the RBS object you want to delete and click OK.