Novell IMANAGER 2.7.3 Administration Guide

Novell®

www.novell.com

Administration Guide

iManager

novdocx (en) 22 June 2009

AUTHORIZED DOCUMENTATION

2.7.3

September 30, 2009

Novell iManager 2.7.3 Administration Guide

Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the

Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on

exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

novdocx (en) 22 June 2009

Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/

trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

novdocx (en) 22 June 2009

4 Novell iManager 2.7.3 Administration Guide

Contents

About This Guide 9

1Overview 11

1.1 What's New in iManager 2.7.3 (Field Patch 1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

1.2 Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2 Accessing iManager 13

2.1 Using a Supported Web Browser. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.2 Accessing iManager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.2.1 Accessing Server-based iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.2.2 Accessing iManager Workstation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.3 Access Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

2.4 Authenticating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.4.1 Tree Name Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.4.2 Logging in to a Server without a Replica . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.4.3 Unsuccessful Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.4.4 Expired Password Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.4.5 Contextless Login Using Alternate Object Classes and/or Alternate Attributes. . . . . 16

novdocx (en) 22 June 2009

3 Navigating the iManager Interface 17

3.1 iManager Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.1.1 Header Frame. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.1.2 Navigation Frame . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

3.1.3 Content Frame. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3.2 Special Characters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

4 Browsing Objects 23

4.1 Using the Object View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.1.1 Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

4.1.2 Browse. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

4.1.3 Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

4.2 Using the Object Selector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

4.2.1 Browse. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

4.2.2 Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

5 Roles and Tasks 33

5.1 Navigating Roles and Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

5.1.1 Selecting and Filtering Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

5.2 Directory Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

5.2.1 Copying an Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

5.2.2 Creating an Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

5.2.3 Deleting an Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

5.2.4 Modifying an Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

5.2.5 Moving an Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

5.2.6 Renaming an Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Contents 5

5.3 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

5.3.1 Creating a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

5.3.2 Deleting a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

5.3.3 Modifying a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

5.3.4 Modifying Members of Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.3.5 Move Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.3.6 Rename Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.3.7 Viewing My Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.4 Help Desk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.4.1 Clearing a Lockout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

5.4.2 Creating a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5.4.3 Setting a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5.5 Partitions and Replicas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5.5.1 Creating a Partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

5.5.2 Merging a Partition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5.5.3 Moving a Partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5.5.4 Viewing Replica Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

5.5.5 Viewing Partition Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

5.5.6 Using the Filtered Replica Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

5.6 Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

5.6.1 Modifying the Inherited Rights Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5.6.2 Modifying Trustee Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5.6.3 Rights to Other Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5.6.4 Viewing Effective Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

5.7 Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

5.7.1 Adding an Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

5.7.2 Viewing Attribute Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

5.7.3 Viewing Class Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

5.7.4 Creating an Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

5.7.5 Creating a Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.7.6 Deleting an Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.7.7 Deleting a Class. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.7.8 Extending a Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.7.9 Extending an Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

5.8 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

5.8.1 Creating a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

5.8.2 Deleting a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

5.8.3 Disabling an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

5.8.4 Enabling an Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

5.8.5 Modifying a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

5.8.6 Moving a User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

5.8.7 Renaming a User. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

novdocx (en) 22 June 2009

6 Configuring and Customizing iManager 53

6.1 Role-Based Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

6.1.1 RBS Objects in eDirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

6.1.2 Installing RBS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

6.1.3 Removing RBS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

6.2 RBS Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

6.2.1 The Role Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

6.2.2 The Task Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

6.2.3 The Property Book Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

6.2.4 The Module Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

6.2.5 The Category Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.2.6 Plug-In Studio . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

6.2.7 Editing Member Associations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

6 Novell iManager 2.7.3 Administration Guide

6.2.8 Editing Owner Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.3 RBS Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.3.1 Creating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6.3.2 Using Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

6.4 iManager Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.4.1 Configure iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

6.4.2 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

6.4.3 Look and Feel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

6.4.4 Logging Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

6.4.5 Redirection After Logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

6.4.6 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

6.4.7 RBS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

6.4.8 Plug-In Download . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

6.4.9 Misc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

6.5 Object Creation List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

6.5.1 Adding an Object Class to the Creation List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

6.5.2 Deleting an Object Class from the Creation List . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

6.6 Plug-In Module Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

6.6.1 Available Novell Plug-in Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

6.6.2 Installed Novell Plug-in Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

6.7 Downloading and Installing Plug-in Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

6.7.1 If RBS is Configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

6.7.2 Uninstalling a Plug-in Module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

6.7.3 Customizing the Plug-In Download Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

6.8 E-Mail Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

6.8.1 Mail Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

6.8.2 Task Event Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

6.9 Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

6.9.1 Showing and Hiding iManager Views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

novdocx (en) 22 June 2009

7 Preferences 85

7.1 Manage Favorites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

7.2 Object Selector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

7.3 Object View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

7.4 Set Initial View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

7.5 Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

8 Troubleshooting 87

8.1 Authentication Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

8.1.1 HTTP 404 Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

8.1.2 HTTP 500 Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

8.1.3 601 Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

8.1.4 622 Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

8.1.5 632 Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

8.1.6 634 Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

8.1.7 669 Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

8.2 Deleting and Re-creating User Accounts with the Same Name (Windows XP/2000) . . . . . . . 90

8.3 DNS 630 Error Message Appears When Creating a Property Book with Invalid Characters in

Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

8.4 eDirectory Maintenance Task Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

8.5 Enabling Debug Messages for Install and Configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

8.6 History Does Not Automatically Sync Across Multiple Simultaneous User Logins . . . . . . . . . 91

Contents 7

8.7 iManager Doesn't Work after Installing Groupwise 7.0 WebAccess (Windows Server 2000/

2003) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

8.8 Missing Attribute, Object, or Value Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

8.9 Missing Roles or Tasks in the Configure View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

8.9.1 Possible Missing Roles or Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

8.9.2 Possible Reasons Why You Are Not an Authorized User . . . . . . . . . . . . . . . . . . . . . 92

8.10 Performing a System Restore from Image Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

8.11 Running eDirectory and iManager on the Same Machine (Windows only) . . . . . . . . . . . . . . . 93

8.12 “Service Unavailable” Message Appears During Multiple Plug-In Installs . . . . . . . . . . . . . . . . 94

8.13 Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

8.13.1 Starting and Stopping Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

8.13.2 Tomcat Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

8.14 “Unable to Determine Universal Password Status” Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

8.15 iManager Workstation Does Not Display Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

8.16 Sometimes Refresh Button Does Not Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

8.17 iManager Plug-in Installation Hangs or Plug-ins Are Not Properly Installed . . . . . . . . . . . . . . 96

8.18 Login Issue with Respect to Tree IP Address Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

8.19 Java Error Messages are Displayed After Closing the Browser of iManager Workstation. . . . 98

novdocx (en) 22 June 2009

9 Auditing iManager Events 99

9.1 Installing the IMAN_EN.LSC File in iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

9.2 Enabling Audit in iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

9.3 Configuring Audit for iManager Instrumentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

9.4 Configuring Audit for iManager Instrumentation with Third-Party Certificates . . . . . . . . . . . . 101

10 Best Practices and Common Questions 103

10.1 Backup and Restore Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

10.2 Coexistence with previous versions of iManager 2.x and Role-Based Services . . . . . . . . . . 103

10.3 Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

10.4 Failed Installs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

10.4.1 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

10.4.2 Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

10.5 High Availability: Running iManager in a Clustered Environment . . . . . . . . . . . . . . . . . . . . . 105

10.6 Patching iManager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

10.7 Performance Tuning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

10.7.1 Using Dynamic Groups with RBS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

10.7.2 Role Assignments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

10.8 iManager AppArmor Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

A iManager Security Issues 109

A.1 Secure LDAP Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

A.2 Self-Signed Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

A.3 iManager Authorized Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

A.4 Preventing Username Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

A.5 Tomcat Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

A.6 Encrypted Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

A.7 Secure Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

B Novell Plug-in Modules 113

8 Novell iManager 2.7.3 Administration Guide

About This Guide

This guide describes how to administer Novell® iManager 2.7, and contains the following sections:

 Chapter 1, “Overview,” on page 11

 Chapter 2, “Accessing iManager,” on page 13

 Chapter 3, “Navigating the iManager Interface,” on page 17

 Chapter 4, “Browsing Objects,” on page 23

 Chapter 5, “Roles and Tasks,” on page 33

 Chapter 6, “Configuring and Customizing iManager,” on page 53

 Chapter 7, “Preferences,” on page 85

 Chapter 8, “Troubleshooting,” on page 87

 Chapter 9, “Auditing iManager Events,” on page 99

 Chapter 10, “Best Practices and Common Questions,” on page 103

novdocx (en) 22 June 2009

Audience

This guide is intended for network administrators.

Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to Novell Documentation Feedback (http://www.novell.com/

documentation/feedback.html) and enter your comments there.

Documentation Updates

For the most current version of the iManager 2.7 Administration Guide, see the English version of the documentation at the iManager 2.7 documentation site (http://www.novell.com/documentation/

imanager27/index.html).

Additional Documentation

 iManager 2.7 Installation Guide (http://www.novell.com/documentation/imanager27)

 Tomcat servlet container (http://jakarta.apache.org/tomcat)

 Java* Web site (http://java.sun.com)

 eDirectory

 eDirectory documentation (http://www.novell.com/documentation/edir88/index.html)

home (http://www.novell.com/products/edirectory)

 eDirectory Cool Solutions community (http://www.novell.com/coolsolutions/nds)

 Novell Technical Services (http://support.novell.com)

About This Guide 9

Documentation Conventions

In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (

, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party

trademark.

When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux or UNIX, should use forward slashes as required by your software.

novdocx (en) 22 June 2009

10 Novell iManager 2.7.3 Administration Guide

Overview

Novell® iManager is a Web-based administration console that provides secure, customized access to network administration utilities and content from virtually anywhere you have access to the Internet and a Web browser.

iManager provides the following:

novdocx (en) 22 June 2009

 Single point of administration for Novell eDirectory

 Single point of administration for many other network resources

 Management of many other Novell products using iManager plug-ins

 Role-Based Services (RBS) for delegated administration

Because iManager is a Web-based tool, it enjoys several advantages over client-based administrative tools:

 Upgrade once, on the server, for all administrative users

 Changes to iManager look, feel, and functionality are immediately available to all

administrative users

 Do not need to open additional administrative ports for remote access. iManager leverages

standard HTTP ports (80/443)

 Not necessary to download and maintain an administrative client

 Not necessary to keep client software synchronized with changes to server software

objects, schema, partitions, and replicas

1.1 What's New in iManager 2.7.3 (Field Patch 1)

Novell iManager 2.7.3 has the following new features:

 Newly Supported Platform and Browser. In addition to the existing platforms and Web ,

iManager 2.7.3 FTF 1 supports Windows 7 (32-bit and 64-bit), Windows 2008 R2 platforms, and Internet Explorer 8 (IE 8).

For more information on the supported platforms, refer to the iManager 2.7.3 Installation

Guide (http://www.novell.com/documentation/imanager27/).

 “Hide” and “Show Hidden” Buttons in the Available Novell Plug-In Modules Page: The

Available Novell Plug-in Modules page now has Hide and Show Hidden buttons for hiding the selected plug-in modules, and viewing/unhiding the hidden plug-in modules respectively.

 Preferred Object Selection Method for a Task of a Property Book: In the Property Book

page, the user can now define/modify a preferred object selection method for an existing task. For this, a new feature, Target Chooser Mode has been added to the Actions list.

 Ability to Add Organizational Role to the Authorized Users and Groups List: In the

Security page of the Configure iManager window, the user can now add an organizational role to the Authorized Users and Groups list so that all the members (users and groups) of the organizational role become authorized users.

Overview

 iManager Caches Login Information for Faster Logins: iManager now caches the first-

time-login information with the tree name and uses that information in the subsequent logins. This process makes the logins fast.

 Ability to Configure the Proxy by Using DNS: The user can now configure a proxy also by

using DNS names. The proxy host field now accepts DNS names also.

1.2 Additional Resources

For more information on topics relevant to Novell iManager, refer to the following Web sites:

 Tomcat servlet container (http://jakarta.apache.org/tomcat)

 How to setup Tomcat to use a proxy (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/proxy-

howto.html)

 Java* Web site (http://java.sun.com)

 Microsoft* Windows* Web Services (http://www.microsoft.com/technet/treeview/

default.asp?url=/technet/prodtechnol/iis/default.asp)

 Novell eDirectory product home page (http://www.novell.com/products/edirectory)

 Novell eDirectory product documentation (http://www.novell.com/documentation)

novdocx (en) 22 June 2009

 Novell eDirectory Cool Solutions community (http://www.novell.com/coolsolutions/nds)

12 Novell iManager 2.7.3 Administration Guide

Accessing iManager

You access Novell® iManager via a Web browser. This section includes the following topics:

 Using a Supported Web Browser (page 13)

 Accessing iManager (page 13)

 Access Modes (page 14)

 Authenticating (page 15)

2.1 Using a Supported Web Browser

For iManager access and complete use of all its features, use one of the following Web browsers. Although you might be able to access iManager via a Web browser not listed, we do not guarantee or support full functionality with any browser other than the following:

 Microsoft IE 6 SP2 on Windows XP

 Microsoft IE 7

 Microsoft IE 8

novdocx (en) 22 June 2009

 Firefox* 1.5.x, 2.x, or 3.0

In order for some iManager wizards and help to work, you must enable pop-up windows in your Web browser. If you use an application that blocks pop-up windows, then disable the blocking feature while working in iManager or allow pop-ups from the iManager host.

If you have configured your Web browser to not display Web site images, the iManager interface may become garbled and unusable. In Firefox v1.5.x, for example, users can disable image loading from Tools > Options > Content.

2.2 Accessing iManager

Accessing iManager varies based on the iManager version (server-based or workstation) and the platform on which iManager is running.

For information on installing iManager, see “Installing a New Version of iManager” in the iManager

2.7 Installation Guide.

2.2.1 Accessing Server-based iManager

To access server-based iManager:

1 Enter one of the following in the Address (URL) field of a supported Web browser.

Because iManager 2.7 uses only Tomcat 5/5.5 for its Web server requirements, on platforms other than Novell Open Enterprise Server 2 (OES 2) you must specify the Tomcat port as part of the iManager URL. The default URL to start iManager 2.7 is as follows:

Secure URL:

https://<server ip address>:8443/nps/iManager.html

iManager 2.7 on the OES 2 platform, both Linux and NetWare, use the following default iManager URL:

Accessing iManager

novdocx (en) 22 June 2009

Secure URL:

https://<server ip address>/nps/iManager.html

Although slightly different iManager URLs might work on some platforms, Novell recommends using these URLs for consistency.

2 Log in using your username, password and treename.

2.2.2 Accessing iManager Workstation

To access iManager Workstation:

1 Execute the appropriate iManager Workstation startup script.

Linux: Navigate to the

imanager/bin

directory and execute

./iManager.sh

NOTE: If you plan to run iManager Workstation as a non-root user in the future, do not run iManager as root the first time.

Windows: Execute

imanager\bin\iManager.bat

2 Log in by using your username, password, and treename.

2.3 Access Modes

When you start iManager, you are granted an access mode based on the rights you've been assigned. iManager has three access modes. The mode you are in is displayed on the iManager home page.

Unrestricted Access: This is the default mode before RBS is configured. It displays all of the roles and tasks installed. Although all roles and tasks are visible, the authenticated user still needs the necessary rights to use the tasks.

There is a setting that you can add to the

config.xml

file which forces Unrestricted Access, even if

Role-Based Services is installed. To force Unrestricted Access for all users, add this setting to

TOMCAT_HOME\webapps\nps\WEB-INF\config.xml

</setting>

, then restart Tomcat:

For information about restarting Tomcat, see “Starting and Stopping Tomcat” on page 94.

NOTE: When using iManager in Unrestricted mode, you typically see the following message on the iManager Home Page:

Notice: Some of the roles and tasks are not available.

Clicking View Details might display a

Not supported by current authenticators

message for several of the tasks, even though the tasks work correctly. This message is misleading, and iManager removes these messages after you configure RBS.

Assigned Access: Displays only the roles and tasks assigned to the authenticated user. This mode takes full advantage of the Role-Based Services technology.

14 Novell iManager 2.7.3 Administration Guide

Collection Owner: Displays all of the roles and tasks installed in the collection. If you are a collection owner, though you are not assigned specific roles, it allows you to use all the roles and tasks in the collection. Role-Based Services must be installed in order to use this mode. Adding a group or user as a collection owner does not assign any RBS rights. To assign rights you must make explicit RBS role assignments or make trustee assignments.

NOTE: When collection is assigned to a group, all the members of that group get the collection ownership. The collection owner sees all roles and tasks, regardless of role membership.

2.4 Authenticating

Be aware of the following issues related to iManager authentication:

 Section 2.4.1, “Tree Name Field,” on page 15

 Section 2.4.2, “Logging in to a Server without a Replica,” on page 15

 Section 2.4.3, “Unsuccessful Authentication,” on page 15

 Section 2.4.4, “Expired Password Information,” on page 16

novdocx (en) 22 June 2009

 Section 2.4.5, “Contextless Login Using Alternate Object Classes and/or Alternate Attributes,”

on page 16

NOTE: If your network has more than three servers, or one or more servers that do not host eDirectory information, see the Novell Open Enterprise Server SLP documentation (http://www.novell.com/

documentation/oes/networking-protocols.html#slp).

replicas, you must have SLP properly configured for iManager to log in. For more

2.4.1 Tree Name Field

If eDirectory is installed and running on another port besides the default port 524, you can use the IP address or DNS name of the eDirectory server to log in if you also specify the port (for example,

127.0.0.1: 1080). If you use the tree name to log in, you do not have to specify a port.

Possible values for the Tree Name field are the tree name, the server IP address, and the server DNS name. For best results, use the IP address.

2.4.2 Logging in to a Server without a Replica

If necessary, iManager can log in to the eDirectory tree using a server that does not host an eDirectory replica. To do this, iManager maintains a connection cache with the information it needs to successfully log in. To populate the connection cache, the first time you login to an eDirectory tree with iManager you must log in to a server that hosts a replica.

Restarting Tomcat or the iManager server clears the connection cache, so the first time iManager logs in following one of these events, you must log in to a server that hosts a replica.

2.4.3 Unsuccessful Authentication

“Authentication Issues” on page 88.

Accessing iManager 15

For information about limiting the error messages that iManager displays upon a failed authentication attempt, see “Preventing Username Discovery” on page 111.

2.4.4 Expired Password Information

If a password expires, the user sees a message to this effect. However, users might not be aware that grace logins can be quickly consumed, depending on certain operations such as modifying a dynamic group, simple find, and setting a simple password.

These operations consume additional grace logins each time a user performs a task. We highly recommend that you encourage users to change their passwords the first time they are prompted.

2.4.5 Contextless Login Using Alternate Object Classes and/or Alternate Attributes

To enable contextless authentication using an alternate object type, do the following:

1 Open iManager and browse to Configure > iManager Server > Configure iManager >

Authentication.

If you do not see this task, you are not an authorized user. See “Authorized Users and Groups”

on page 72.

novdocx (en) 22 June 2009

2 Set Public Username and Password to a user that has rights to read the desired attributes.

3 Modify

TOMCAT_HOME\webapps\nps\WEB-INF\config.xml

to include a

property that lists the attributes you want to add to the contextless search, and then restart Tomc at.

For information about restarting Tomcat, see “Starting and Stopping Tomcat” on page 94.

For example, the following XML adds the Alias and User objects to the contextless search:

Similarly, the following XML allows users to log in with the CN or uniqueID attribute:

IMPORTANT:

 In the sample code above, replace treename with the name of the appropriate directory tree in

lower case.

 If you save any iManager Server settings from the Configure iManager task after editing the

config.xml file, verify that the treename is still in lowercase or customized contextless login will fail.

16 Novell iManager 2.7.3 Administration Guide

Navigating the iManager Interface

This section describes how to navigate through the Novell® iManager 2.7 interface.

 Section 3.1, “iManager Interface,” on page 17

 Section 3.2, “Special Characters,” on page 20

3.1 iManager Interface

The iManager interface comprises three main regions, or frames.

 Header Frame

 Navigation Frame

 Content Frame

Figure 3-1 iManager interface with default Roles and Tasks view

novdocx (en) 22 June 2009

NOTE: Use only the buttons within the interface when you are navigating in iManager. Do not use the Web browser's navigation buttons (Back, Next, etc.)

To change the default view in Preferences, see “Set Initial View” on page 86.

Navigating the iManager Interface

3.1.1 Header Frame

The Header frame is a largely static frame that occupies the top of the iManager interface. It provides icons with which you can access iManager’s various views. A view is a combination of Navigation and Content frames that deliver specific management functionality. For example, the default Roles and Tasks view lets you select a given task in the Navigation frame, and then perform the selected task in the Content frame.

Figure 3-2 iManager Header frame

The iManager Header frame includes the following icons:

 Home: Returns the Content frame to its default view (as in Figure 3-1).

 Exit: Logs you out of eDirectory.

 Roles and Tasks: This view displays all the tasks you are authorized to perform in the

Navigation frame. This is iManager’s default view. For more information, see Chapter 5,

“Roles and Tasks,” on page 33.

 View Objects: This view contains browsing and searching functionality to find objects,

including a Tree View feature similar to that used in ConsoleOne

Chapter 4, “Browsing Objects,” on page 23.

 Configure: This view contains Role-Based Services, iManager Server, Object Creation

List, Plug-in Installation, E-mail Notification, and Views, all of which you can configure as you want.

 Favorites: This view displays your most frequent tasks, selected from the Preferences >

Favorites page.

. For more information, see

novdocx (en) 22 June 2009

 Preferences: This view sets your preferences according to your most frequent tasks, how

the Object Selector displays, how your Object View displays, what view appears after logging in to iManager, and what language iManager displays in.

 Help: Displays applicable context-sensitive help information, as determined by the current

Content frame.

Additionally, the Header frame identifies the currently authenticated user and the treename to iManager in the upper left.

For information on how to change iManager’s default view, see Chapter 6, “Configuring and

Customizing iManager,” on page 53.

3.1.2 Navigation Frame

The Navigation frame resides along the left side of the iManager UI. It displays task and functionality options related to the currently selected view. For example, the default Roles and Tasks view lists all the tasks your are authorized to perform. Tasks are organized into categories. The list of categories and tasks varies based on the installed plug-ins and the rights granted to you as an authenticated iManager user.

18 Novell iManager 2.7.3 Administration Guide

Figure 3-3 Contents of the Navigation frame when in the Roles and Tasks view

novdocx (en) 22 June 2009

The ordering of tasks within each category is determined by the author of the applicable iManager plug-in. Base plug-in tasks (those that are included with iManager) typically display before tasks from other plug-ins.

3.1.3 Content Frame

The Content frame provides the specific task or object interface, based on the current selection in the Navigation frame.

Navigating the iManager Interface 19

Figure 3-4 The default contents of the iManager Content view

novdocx (en) 22 June 2009

When a task is not selected, the Content frame displays the iManager homepage with general information related to your iManager access rights.

3.2 Special Characters

In iManager, some characters have special significance and must be escaped with the backslash (\) character:

NDAP (eDirectory):

 Period (.)

 Equal sign (=)

 Plus sign (+)

 Backslash (\)

LDAP:

 DNs and = + \ @; < >

20 Novell iManager 2.7.3 Administration Guide

 Leading #

 Leading or trailing spaces

For LDAP, any character can be specified with \xx. See RFC 2253 (http://www.faqs.org/rfcs/

rfc2253.html) for more information.

novdocx (en) 22 June 2009

Navigating the iManager Interface 21

novdocx (en) 22 June 2009

22 Novell iManager 2.7.3 Administration Guide

Browsing Objects

iManager lets you manipulate and manage directory objects. There are two paradigms for doing this. First, you can browse for and select the objects with which you want to work, and then specify the task you want to perform on those objects (object-then-task.) Second, you can select the task you want to perform, and then specify the objects to which you want to apply the task (task-then-object.) Either way of doing things is valid, and iManager lets you use the method with which you are most comfortable.

iManager provides the Object View for those from the object-then-task school, and the Object Selector for those from the task-then-object school. The Object Selector is used extensively in the Roles and Tasks view. For more information, see Chapter 5, “Roles and Tasks,” on page 33.

This chapter includes the following sections:

 Section 4.1, “Using the Object View,” on page 24

 Section 4.2, “Using the Object Selector,” on page 29

novdocx (en) 22 June 2009

NOTE: iManager 2.7 now supports browsing and selecting objects in an NCP-enabled file system. Access file system objects through Server and Volume objects in the directory tree.

The ability to browse and select file system objects is available from both the Object View and the Object Selector. However, the actual tasks available for file system objects is provided by the NSS iManager plug-in, which is available separately.

Regardless of the tool you are using, remember the following guidelines when specifying object names:

 If the following characters are part of a dotted eDirectory

(\). You don't need escape characters in most values, but you do need them when the name is a distinguished name or relative distinguished name.

 Period (.)

 Equal sign (=)

 Plus sign (+)

 Backslash (\)

 If the following characters are part of a name you want to specify in a search, escape them with

a backslash (\):

 Asterisk (*)

 Backslash (\)

name, escape them with a backslash

For example:

 To search for all objects containing a period, use = *.* as the search filter

 To search for all objects containing a plus, use = *+* as the search filter

 To search for all objects containing a backslash, use = *\\* as the search filter

Browsing Objects

4.1 Using the Object View

The Object view is designed to let you browse for and locate objects in the directory. Once you have selected the objects with which you want to work, you can then specify the tasks to perform on those objects. Open the Object view by selecting the View Objects icon in the Header frame.

The Object View includes the following tabs in the Navigation frame, each of which give you a different way to browse for and locate directory objects:

 Tree

 Browse

 Search

4.1.1 Tree

The Tree tab lets you browse a directory tree with a look and feel similar to ConsoleOneTM. Tree view uses both the Navigation frame and the Content frame to provide its functionality.

Figure 4-1 The Tree Tab in iManager’s Object View

novdocx (en) 22 June 2009

Tree View Navigation Frame

In the Tree view, the Navigation frame displays the directory structure in the familiar ConsoleOne format. The Navigation frame displays Container, including Volume (file system), objects. Click on the plus and minus icons to expand and collapse the container objects and browse the directory tree.

By default, Tree View displays up to 100 subordinate objects per container, but you can change this setting in the Object View Preferences.

24 Novell iManager 2.7.3 Administration Guide

Tree View Content Frame

Selecting one of the container objects in the Navigation frame causes the Content frame to display all the objects in that container. The Content frame is where you actually manipulate directory objects. The Content frame includes a header from which you can select from among several available actions:

Bread Crumbs: At the very top of the Content frame, Tree view provides a bread crumb feature that lets you navigate along the containers in the current context.

Title Bar: The Content frame’s title bar displays the name of the currently selected container object. Click the Pencil icon to edit the properties of this container.

Object List Header: The object list header provides access to the following:

 Menu Bar: The Content frame’s menu bar provides access to the object-related actions you can

perform. Options include the following:

 New: Opens a dropdown menu of “create” tasks.

 Edit: Opens the property book for the selected objects so you can modify their attributes.

Selecting multiple objects of the same type lets you set attributes for all the objects to the same value.

novdocx (en) 22 June 2009

NOTE: You can also open a leaf object’s property book by selecting it in the object list. Selecting a container object in the object list opens the selected container and displays all that container’s subordinate. To edit the attributes of a container object, you must select its checkbox, then click Edit.

 Delete: Deletes the selected objects. To select an object to edit, select its checkbox in the

object list.

 Actions: Opens a dropdown menu of supported tasks for the selected objects. To perform a

task, select it from the dropdown menu and provide the required information.

NOTE: If you have configured RBS, the Actions menu displays only those tasks in your assigned roles.

 Object Count: To the right of the menu bar, Tree view lists the number of objects in the current

page and the total number of objects in the selected container.

 Select All: The checkbox in the header functions as a “select all” checkbox for the current page

of objects.

 Sort: Directly above the Object list is a “Name” column heading and a sort icon . Click either

of these to toggle the object sort between ascending and descending alphabetical order.

 Define Filter: At the far right of the header, under the object count, is the object filter icon .

Select this icon to create a filter that limits the objects displayed in the object list. You can filter on object type and object name, as needed.

Select Show All Containers to display container objects in the Object List regardless of the defined filter.

Select Advanced Filter to open the Advanced Filter dialog that lets you create a filter using almost any object attribute. For more information, see “Advanced Selection” on page 34.

Browsing Objects 25

NOTE: When a filter is active, the filter icon changes to a colored icon , and the filter setting is listed next to the icon. If you configure an advanced filter, iManager displays a checkmark icon next to the filter icon.

Object List: The Content frame’s object list displays all objects in the container currently selected in the Navigation frame. By default, the object list displays 100 objects on a page, but you can change this setting in the Object View Preferences.

To perform an action on an object, select its checkbox, then select the action from the Object List header. Select the (current level) object to perform an action on the container in which you are currently browsing.

Select the double-period object to navigate up one level to the parent container.

IMPORTANT: Tree view does not support selecting objects across multiple pages in the object list. If you need to do this, use Object View’s Browse tab to perform the multiple object action. For more information, see “Browse” on page 26.

novdocx (en) 22 June 2009

4.1.2 Browse

The Browse tab leverages a user interface and functionality similar to the Object Selector to provide a directory browsing tool. For information on navigating the Browse user interface, see “Using the

Object Selector” on page 29.

Figure 4-2 The Browse tab in iManager’s Object View

The Browse tab uses only the Navigation frame to provide its functionality. It includes the following primary components:

Object Filter: Located at the top of the Navigation frame, the object filter lets you limit the objects displayed in the object list. Once defined, click Apply to use the filter.

26 Novell iManager 2.7.3 Administration Guide

IMPORTANT: The object filtering in the Browse tab only applies to directory objects. It does not filter file system objects, even though they might be visible in the Browse tab.

The object filter uses the following fields:

 Context: Displays only those objects in the specified context. This is identical to opening the

container from the object list.

 Name: Displays only those objects that conform to the specified name filter. Use the asterisk

(*) wildcard to specify a partial name. For example: ldap*, *cert, *server*.

 Type: Displays only those objects of the type specified.

NOTE: If you select a specific object type, a plus icon [+] appears that lets you open the Advanced Selection tool, from which you can specify additional, attribute-level filter settings. For more information, see “Advanced Selection” on page 34.

 Load/Save: These two links let you load a previously defined filter definition and save the

current filter so it can be re-used, respectively.

Multiple Select / Single Select: Located above the right side of the object list, this link lets you toggle between selecting a single object or multiple objects against which you want to perform a task. The default option is Single Select. For more information, see “Selecting and Filtering

Objects” on page 33.

novdocx (en) 22 June 2009

Object List: Displays a list of directory objects, as defined by the criteria in the Object Filter. By default, the object list displays 100 objects on a page, but you can change this value in the Object

View Preferences. Use the

and

buttons to navigate between object pages. You can

navigate amongst the objects in the object list by doing the following:

 Select the down arrow icon next to a container object to open that container and view its

objects in the object list.

 Select the up arrow icon at the top of the object list to view the contents of the current

container’s parent. This moves you up one level in the directory tree.

 Select an object, either container or leaf, to open a window with the available tasks for that type

of object. Selecting a task opens that tasks UI in the Content frame.

4.1.3 Search

The Search tab is similar to the Browse tab, but instead of displaying a tree structure in the Navigation frame, it displays only those objects resulting from the specified search.

Browsing Objects 27

Figure 4-3 The Search tab in iManager’s Object view

novdocx (en) 22 June 2009

The Search tab uses only the Navigation frame to provide its functionality. It includes the following primary components:

Object Search: Located at the top of the Navigation frame, the object search lets you define the search criteria. Once defined, click Search to perform the specified search operation.

IMPORTANT: The object filtering in the Search tab only applies to directory objects. It does not filter file system objects, even though they might be visible in the Search tab.

You can define your search using the following fields:

 Context: Specifies the starting container for the search operation. If you want the search to

include subordinate containers, select Search sub-containers.

 Name: Defines the object name filter for this search. Use the asterisk wildcard to specify a

partial name. For example: ldap*, *cert, *server*.

 Type: Defines the object type filter for this search. iManager only displays objects of the

specified type.

 Load/Save: These links let you load a previously defined search definition and save the current

search so it can be re-used, respectively.

28 Novell iManager 2.7.3 Administration Guide

Multiple Select / Single Select: Located above the right side of the results list, this link lets you toggle between selecting a single object or multiple objects against which you want to perform a task. The default option is Single Select. For more information, see “Selecting and Filtering

Objects” on page 33.

Results List: Displays the results of the search operation. By default, the object list displays 100 objects on a page, but you can change this value in the Object View Preferences. Use the

and open a window with the available tasks for that type of object. Selecting a task opens that tasks UI in the Content frame.

NOTE: The Search tab does not let you navigate objects, such as opening container objects, in the results list. If you want to be able to do this, use the Tree tab or the Browse tab.

buttons to navigate between results pages. Select an object, either container or leaf, to

4.2 Using the Object Selector

The Object Selector lets you select the objects with which you want to work in the current task. iManager provides this tool in any situation where you are selecting a task or action before specifying the objects to which the task or action is applied.

novdocx (en) 22 June 2009

Access the Object Selector by selecting the magnifying glass icon anywhere it appears in the Content frame. The Object Selector opens in its own window on top of iManager.

Figure 4-4 iManager’s Object Selector

Browsing Objects 29

Object Selector includes two tabs for locating target objects for the tasks you want to perform:

 Section 4.2.1, “Browse,” on page 30

 Section 4.2.2, “Search,” on page 30

4.2.1 Browse

The Browse tab (default) lets you navigate the directory tree to search for the desired objects. It includes the following primary components:

Object Filter: Located on the left side of the Object Selector, the object filter lets you limit the objects displayed in the Contents list. Once defined, click Apply to use the filter. The object filter uses the following fields:

 Look in: Displays only those objects in the specified context. This is identical to opening the

container from the Contents list.

 Look for objects named: Displays only those objects that conform to the specified name filter.

Use the asterisk (*) wildcard to specify a partial name. For example: ldap*, *cert, *server*.

 Advanced Browsing: This link opens the Advanced Selection tool, from which you can specify

additional, attribute-level filter settings. For more information, see “Advanced Selection” on

page 34.

 Load Criteria/Save Criteria: These two links let you load a previously defined filter definition

and save the current filter so it can be re-used, respectively.

novdocx (en) 22 June 2009

Contents List: Displays a list of directory objects, as defined by the criteria in the object filter. By default, the object list displays 100 objects on a page, but you can change this number, if desired. Use the

and

buttons to navigate between object pages. You can navigate amongst

the objects in the Contents list by doing the following:

 Select the down arrow icon next to a container object to open that container and view its

objects in the Contents list.

 Select the up arrow icon at the top of the object list to view the contents of the current

container’s parent. This moves you up one level in the directory tree.

 Selecting an object causes iManager to identify that object as one on which you want to

perform the current task.

Selected Objects: This component only appears when you are selecting multiple objects for the current task. The Selected Objects field lists the objects currently selected for the task. Click OK when the list is complete. Click Clear All if you want to empty the selected objects list and start over.

For more information about selecting single or multiple objects for a task, see “Selecting and

Filtering Objects” on page 33.

4.2.2 Search

The Search tab lets you specify a search operation to perform on the directory tree and display the results. It includes the following primary components:

30 Novell iManager 2.7.3 Administration Guide

+ 84 hidden pages

Novell IMANAGER 2.7.3 Administration Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Novell iManager 2.7.3 Administration Guide

About This Guide

Overview

1.1 What's New in iManager 2.7.3 (Field Patch 1)

1.2 Additional Resources

Accessing iManager

2.1 Using a Supported Web Browser

2.2 Accessing iManager

2.2.1 Accessing Server-based iManager

2.2.2 Accessing iManager Workstation

2.3 Access Modes

2.4 Authenticating

2.4.1 Tree Name Field

2.4.2 Logging in to a Server without a Replica

2.4.3 Unsuccessful Authentication

2.4.4 Expired Password Information

2.4.5 Contextless Login Using Alternate Object Classes and/or Alternate Attributes

Navigating the iManager Interface

3.1 iManager Interface

3.1.1 Header Frame

3.1.2 Navigation Frame

3.1.3 Content Frame

3.2 Special Characters

Browsing Objects

4.1 Using the Object View

4.1.1 Tree

4.1.2 Browse

4.1.3 Search

4.2 Using the Object Selector

4.2.1 Browse

4.2.2 Search