Novell Documentation: Novell iChain 2.1 - Access Control Configuration Page

Access Control Configuration Page

The second page of the wizard enables the user to specify the access control server parameters used during system access control, as well as form fill, OLAC, password management parameters, and load balance, as shown in Figure 41.

Figure 41
Access Control Configuration Page

The servers contained in this table are used by the proxy and authorization servers to provide access control to the actual Web servers specified in the Web server accelerators. Each server must be installed in the same directory services tree so that the login information may be used to connect to each one.

Multiple servers are provided for access control failover. If a server fails or is shut down, the system tries the next server in the list, thus maintaining a continuation of service.

The following describes the fields on this dialog:

Table 11.

Field Name	Description	Status
LDAP servers	Lists the IP address, port, and connection type of each access control server that will be used. The user can add, delete, or edit table entries.	Required
Form fill (SSO) enabled	Allows user to specify whether to enable Form Fill for this proxy server. If checked, Form Fill is enabled.	Optional
OLAC enabled	Allows user to specify whether OLAC is enabled. If checked, OLAC is enabled.	Optional
Password management servlet URL	Shows location of the password management servlet that will be used by the proxy system when it determines when the user needs to change his or her password. If a user's password expires and he or she tries to log in, the system will use this servlet to prompt the user to change the password. If the user does not populate this field upon prompt, the system will use a default password management function.	Optional
Load balance at session level only	The proxy server will use the same Web server for all fills during a session. This prevents eBusiness users from needing to log in multiple times. This setting affects all Web server accelerators configured on the proxy server.	Optional

Controls for Access Control

This section describes the following buttons:

Add

Delete

Edit

Add

The Add button allows the user to enter information that identifies an access control server. When this button is selected, a dialog box appears which specifies the IP address, port, admin name, password, and security connection parameters, as shown in Figure 42.

Figure 42
New LDAP Access Control Server Dialog Box

When you add the first entry in the table, all the fields are active. For the second and subsequent entries, only the IP address field is active. This forces all of the servers to be located within the same eDirectory tree.

The fields in Figure 42 are described in the table below:

Table 12.

Field Name	Description	Status
IP Address	The IP address of the server.	Required
Port	The Port the server communicates through.	Required
Administrator	The administrator's name used to log in to the server. This field is a non-editable field. To populate the field, the user must click the browser button next to it to use an object entry selector browser to choose the administrator from the directory.	Required
Password	The administrator's password.	Required
Password confirmation	Confirms the administrator's password.	Required
Connection	Specifies whether the connection will be secured (Secure Exchange).	Optional
Trusted root file	The name of the trusted root file that will be used to secure the connection.	Required only if using a secure connection

Figure 43 shows how the dialog box appears during the second and subsequent server entries:

Figure 43
New LDAP Access Control Server Dialog Box

Delete

The Delete button will delete a server entry from the list of LDAP servers. If the first server is deleted, the second server in the list becomes the controlling server.

Edit

The Edit button allows the user to edit all entries in a table; however, the user can only change all of the information (rather than just the IP address) when editing the first entry. When the first server entry is changed, all of the other servers will change accordingly to ensure that all servers are in the same tree. See Figure 44.

Figure 44
Modify an LDAP Access Control Server Dialog Box