Novell® iManager configuration settings are saved in webapps/nps/WEB-INF/config.xml.
NOTE: You can either save as you go or click Save after you have made all your changes on the various tabbed pages.
Security
The security page contains the following features:
When Using a Nonsecure Connection
Select this option if you want the message "You are accessing Novell iManager with a non-secure connection." to warn usersAuto Import Tree Certificate for Secure LDAP
Secure LDAP connections require a certificate. If you select this feature, the system automatically imports a public tree certificate for secure LDAP.Authorized Users and Groups
Authorized users and groups are users who can run various administrative tasks. Authorized user data is saved in webapps/nps/WEB-INF/configiman.properties. This file is automatically created at install time.Using this option, you can modify the configiman.properties file. The tree name must be included with the names specified (for example, admin.novell.mytree). If you want to designate all users as authorized users, type AllUsers.
You can also add static and nested groups and organizational role to the list so that all the members of the group/organization become authorized users.
Note: If a nested group is added to the Authorized Users and Groups list, only the first level members of the group become authorized users. You cannot make a dynamic group authorized.
Note: You can add and save only valid users to the Authorized Users and Groups list. If you add invalid users and click Save, an error message, which says that the object is not found, is displayed. If you add only invalid users to the list and click Save, the error message is displayed and the list of invalid users is automatically replaced by AllUsers. If you do not want all the users of the tree to be authorized users, remove AllUsers from the list, add desired valid users to the list, and click Save.
Important: If you have installed iManager for the first time, the Authorized Users and Groups list is empty. As an Admin user, you must immediately add users and groups to the list to make them authorized, and to have rights to modify the list. Otherwise, a non-admin user might add users and groups to the list by which he/she acquires the rights to modify the list. You (Admin) might lose the rights to modify the list.
Auditing
- Before you enable auditing, import the Nsure® Audit formatting file that allows the audit server to format logging events.
- Locate the IMAN_EN.lsc file from one of the following locations where iManager server is installed.
- Sys:\tomcat\5.0\webapps\nps\support\audit (for NetWare)
- C:\Program Files\Novell\Tomcat\webapps\nps\support\audit (for Windows)
- /var/opt/novell/tomcat5/webapps/nps/support/audit (for Linux)
- Copy this file to a temporary location on the local machine.
- In iManager, click Roles and Tasks > Auditing and Logging > Logging Server Options.
- Browse for the Logging Server object and click OK. Logging Server Options: page is displayed.
- Click the Log Applications tab.
- Select Container Name, then under Application Actions Menu, click New. The New Log Application dialog box is displayed.
- Specify a name for the Log Application Name (for example, iManagerInst).
- Browse for the IMAN_EN.lsc file on the local machine or from the server location (see Step 1), then click OK to save the new Log Application object.
- In the Logging Server Options: page, under Applications, click the Log Application Name (which you have specified in Step 7) link. The Modify Object: page is displayed.
- Click Configure > Events.
- Select iManager Events from the Not grouped list, click Apply, then click OK.
- Restart/Reload the Audit Secure Logging Server for the changes to take effect.
- Click Configure > iManager Server > Configure iManager. The Configure iManager page is displayed.
- Select Enable Novell Audit to log any events that you select.
Note: If you unselect Enable Novell Audit, your event selections retain their check marks to remind you of your preferences in case you activate auditing again later, but they are disabled (appears dimmed) which indicates that all auditing is turned off.
Look and Feel
Use this page to customize the appearance of your iManager.
Title Bar Name
Type your organization' s name in this text box. It appears in the title bar of the Web browser in place of the default text, Novell iManager.
Images
The title bar contains three images: the header background image, the header filler image, and the header branding image. Your own images must conform to the dimensions given on the interface.Store these files in nps/portal/modules/fw/images. Type the path of each image in its respective text field.
Navigation Menu Colors
You can customize the color of the menu header and the background of the navigation menu on the left.You can type either color names or hexidecimal numbers. Entries can be case insensitive. Click the Reset button to change the color back to the default color. Information about look-and-feel is saved in webapps/nps/WEB-INF/config.xml.
Logging Events
Logging Level
Select a logging level for Web server debugging: No Logging to Errors, Warnings, or Information Messages.Logging Output
Select the desired option, indicating whether to send the log output to Standard Error Device, Standard Output Device, or Debug.HTML file. The log file path and log file size appear on this page.View: Click this button to view the log file.
Clear: Click this button to clear all the data in the log file. The Log File Size resets to 0 bytes (zero).
Authentication
Authentication configuration affects the iManager login page.
Remember Login Credentials
If you select this option, only your password is required.Use Secure LDAP for auto-connection
This setting specifies whether iManager communicates via LDAP, SSL, or LDAP clear text. Some plug-ins, such as Dynamic Groups and NMAS, do not work if this option is not selected. This setting does not take effect until you log out of iManager.Hide specific reason for login failure
Replaces authentication-related eDirectory messages with a generic error message that reads: Login Failure. Invalid Username or Password. This helps prevent unauthorized access.Allow 'Tree' Selection on Login Page
If you select this option, the Tree text box appears on the login page. If you do not select this option, you must have a default tree name; otherwise, you cannot log in.Contextless Login
Contextless login allows users to log in with only a username and password, without knowing or understanding their entire user object context. For example, admin.support.If there are multiple users with the same username in the tree, contextless login tries to log in using the first user account it finds with the supplied password. In this case, a user should either provide a full context when logging in or limit the search container that contextless login searches.
Select the search containers option and specify the containers where user objects can be found for login or select the search from root option to search from the root of the tree for contextless login.
- Containers to Search
The containers iManager must search to find a specific user in the provided order. You can rearrange the container search order by using the Up and Down arrows. iManager searches for a user based on the order of the container list.- Public Username
By default, iManager connects with public access, requiring no specific credentials. If you want, you can specify a user with specific credentials to do the search for the contextless lookup. The iManager public user is used if you don't specify a user.
Correct syntax for the public username is username.context; for example, admin.novell.
IMPORTANT: If you specify a public user, consider carefully the implications to password expiration settings. If the password is set to expire on the public user, you have no opportunity to change the password during login, when it expires.
- Public User Password
The password for the user specified in Public Username. The Password is saved unencrypted, in clear text.- Retype Password
Retype for accuracy.iManager Server Timeout Settings
- If you want the iManager server to time out after a certain period, specify the number of days, hours, and minutes in the respective fields.
- If you never want the server to time out, select the Never Timeout option.
Redirection after Logout
Selecting the Redirection after Logout option allows you to specify the URL to be redirected to after logging out of iManager. If you have not selected this option, then clicking Exit logs you out of iManager and by default, the Login page is shown.
Enable: Select this option to enable the Redirection After Logout feature.
URL: Specify the URL to be redirected to after logging out.
RBS
Role-Based Services (RBS) assigns the rights within eDirectory to perform tasks. In order to do certain things, you must have rights in the eDirectory tree. When you assign a role to a user, RBS assigns the rights necessary to perform the tasks of that role.
Force Unrestricted Access
After you configure RBS and create a collection object in the tree for iManager, you see the mode set to Collection Owner Access or Assigned Access every time you log in. If you want to bypass RBS for troubleshooting purposes, you can force iManager to use the Unrestricted Mode.IMPORTANT: Selecting the Force Unrestricted Access option allows even an unauthorized user to view all the Roles and Tasks of other users, which is not recommended.
This should be used only for troubleshooting purposes and should not be used as a long-term solution.Enable Dynamic Groups
Selecting the Enable Dynamic Groups option enables RBS to allow Dynamic Groups to be members of a role.NOTE: A group cannot be converted to a dynamic group or vise versa if the object has any role assignments.
Show Roles in Owned Collection
Selecting this option allows collection owners to see all roles and tasks where they are members. If you do not select it, owners can see only their assigned roles.
Click the drop-down arrows for lists of the following:
- Role Discovery Domain
Indicates where iManager is to search in the tree for roles that are assigned to a container object.
- Parent: Searches for roles in the user's parent container.
- Partition: Searches for roles assigned up to the first eDirectory partition of a user.
- Root: Searches for roles in the entire tree.
- Dynamic Group Discovery Domain
Indicates where iManager is to search in the tree for dynamic group membership. Role membership is checked in the dynamic groups found.
- Parent: Searches for dynamic groups up to the parent container.
- Partition: Searches for dynamic groups up to the first eDirectory partition.
- Root: Searches the entire tree for dynamic groups, up to root.
- Dynamic Group Search Type
Indicates which type of dynamic groups should be searched for role membership.
- Dynamic Group Objects Only: Searches for objects that are of the dynamicGroup class type.
- Dynamic Group Objects and Aux Classes: Searches for objects that either are of the dynamicGroup class type or have been extended with the dynamicGroupAux class. This includes Group objects that were later converted to dynamic groups.
- RBS Tree List
When a collection owner or a Role member authenticates, this setting is auto-populated with the eDirectory tree's name. This effectively keeps track of the eDirectory trees where RBS has been configured. If RBS is removed from an eDirectory tree, remove that tree's entry in this list in order to return to Unassigned Access mode.
Plug-In Download
Novell Plug-In Module Download Settings
The Novell Plug-In Module Download Settings pane provides the following download options to keep you informed of updated plug-ins.Query download site for new Novell Plug-in modules (NPM). Select one of the following options to download Novell plug-in modules.
- Novell Download site: Select this option to download the plug-in modules from the Novell download site.
- Custom download site: Select this option to download the plug-in modules from a custom site. Specify the URL of the custom site in the Download URL field.
Show every available plug-in: This option displays all the plug-ins that are available in the selected site. Show only updates to installed plug-ins: This option displays only updates that are available in the selected site.
A list of NPMs is found on the Available Novell Plug-ins page.
Proxy
If iManager Servers are running under the firewall proxy, the client can access the Internet through a proxy server. Only HTTP Proxy is supported. It is a Web proxy HTTP. To download the plug-ins through the proxy, fill in the following fields:Enable Proxy: Select this option to enable the Proxy feature.
Proxy Host: Specify the proxy host IP address.
Proxy Port: Specify the proxy port number.
Username: Specify the proxy username.
Password: Specify the proxy password.
Retype Password: Specify the proxy password again.
Misc
Enable [this]
You can safely ignore this option. Enable [this] was added to iManager to allow Novell teams to modify their own objects. [this] is an attribute in the tree that enables specific self-management functionality. If [this] is enabled, all servers in the tree must be version 8.6.2 or later.eGuide URL
Specifies the URL for eGuide. This is used in the eGuide launch button in the header and in the eGuide role and task management tasks. This must be a full URL (for example, https://my.dns.name/eGuide/servlet/eGuide) or the keyword EMFRAME_SERVER. Using EMFRAME_SERVER causes eMFrame to look for eGuide on the same server that eMFrame is located on.
Encryption
You can use the Encryption tab to choose the cipher level based on your security requirement.
- NONE - Allows any type of cipher.
- LOW - Allows a 56-bit or a 64-bit cipher.
- MEDIUM - Allows a 128-bit cipher.
- HIGH - Allows ciphers that are greater than 128-bit.
By default, the cipher level is set to NONE. The selected cipher level is activated after the Tomcat server is restarted.
For more information on changing the cipher levels in Mozilla Firefox, refer to the Encryption section of the
Novell iManager 2.7.4 Administration Guide.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For more information, see Legal Notices.