9.4 Security Equivalent User

If resources or peers don’t appear in other clusters in your BCC, it is possible that either a cluster or user synchronization driver is not security equivalent to a user with administrative rights to the cluster.

NOTE:Rather than using the eDirectory Admin user to administer your BCC, you should consider creating another user with sufficient rights to the appropriate contexts in your eDirectory tree to manage your BCC.

The IDM Driver object must have sufficient rights to create, modify, and delete objects and attributes in the following containers:

To make the Cluster Resource Synchronization driver or User Object Synchronization driver security equivalent to a user with administrative rights:

  1. Start your Internet browser and enter the URL for iManager.

    The URL is http://server_ip_address/nps/iManager.html. Replace server_ip_address with the IP address or DNS name of the server that has iManager and the Identity Manager preconfigured templates for iManager installed.

  2. Specify your username and password, specify the tree where you want to log in, then click Login.

  3. In the left column, click Identity Manager, then click the Identity Manager Overview link.

  4. Choose Search Entire Tree, then click Search.

  5. Select the driver you want to check by clicking the red Cluster Sync icon or the blue User Sync icon.

  6. Click the red or blue icon again, then click the Identity Manager tab if it is not already selected.

  7. Click Security Equals, and view or add a security equivalent user as needed.

  8. Repeat Step 5 through Step 7 for the other drivers in your BCC.

You must also ensure that the BCC Administrator user has Read, Write, Create, Erase, Modify, and File Scan access rights to the sys:/tmp directory on every node in your NetWare clusters.

For Linux, ensure that the BCC Administrator user is a LUM-enabled user. To LUM-enable a user, see Managing User and Group Objects in eDirectory in the Novell Linux User Management Technology Guide.

NOTE:For NetWare, if you are concerned about denial of service attacks with the BCC Administrator user, you can set a quota of 5 MB for that user. This can prevent the BCC Administrator user from filling the sys: volume by copying an excessive number of files to the sys:/tmp directory