Novell iManager For the most current version of the Novell® iManager readme file and for iManager product documentation, see the iManager documentation Web site.
Novell ConsoleOne For instructions on how to download the latest version of Novell ConsoleOne, see the Novell Product Downloads Web site. For ConsoleOne product documentation, see the ConsoleOne documentation Web site.
Web Services Software
Novell iManager 1.5.1 has the following Web services software requirements:
Web Servers
Novell iManager can be integrated with the following Web servers:
Windows
Novell iManager can be used on the following Windows* platforms:
The iManager installation program handles the installation of Web services software for each platform as follows:
On NetWare
On NetWare® 6, versions of Apache and Tomcat are already installed.
On Windows
On Windows* NT*/2000 servers, the iManager installation program will install Apache 2.0.44, Tomcat 4.1.18, and Sun* JRE 1.4.1_01 if IIS isn't installed and running.
On UNIX
On UNIX* platforms, you must install the necessary Web services software components for your server before you can install iManager. For information, see the Apache Software Foundation Web site, the Sun Java Web site, and the IBM* Java Web site.
Additional information about Apache and Tomcat can be found on the following web sites:
If you installed iManager 1.5.1 on a NetWare server running BorderManager®, you will need to re-install the iManager BorderManager plug-in. This is done by running the BMPlugin.ncf file located in patches directory. Refer to the readme.txt file in the patches directory for installation instructions.
If eDirectory 8.7 is installed before iManager on the same Windows or UNIX server, you may have port conflicts.
For UNIX platforms, Novell does not allow the use of any port other than the designated ones below 1024. If a port conflict is detected when running ndsconfig, enter a new port above 1024. For example, 8010 and 8011 are valid ports.
If iManager does not load when you click on the link in the Getting Started document, check the following file on Windows replacing this path with the path where you installed iManager: C:\Program Files\novell\iManager\tomcat\logs\jvm.stderr. You will see exceptions at the bottom of the file similar to the following. On Solaris and Linux you will see these exceptions in your Console that you are running Tomcat from.
java.lang.reflect.InvocationTargetException:
org.apache.tomcat.core.TomcatException: Root cause - Address in use: JVM_Bind
On Windows
To resolve this problem on Windows NT/2000 servers, do the following:
In Windows Control Panel for NT and Administrative Tools for 2000, select Services.
Find the jakarta or tomcat entry and click Stop.
Stop IIS or Apache.
Start ConsoleOne and login to your eDirectory 8.7 tree.
In the tree view, select the container where you installed the server object.
Open the properties of the HTTP Server - [servername] object and select the Other tab.
Change the httpDefaultClearPort and httpDefaultTLSPort attributes to port numbers other than your iManager web server (probably 80) and tomcat ports (8080, 8007, 8009). For example, change to 8010 for httpDefaultClearPort and 8011 for httpDefaultTLSPort.
Open NDS Services from the Windows Control Panel and select the Services tab.
Select ds.dlm service and click the Configure button.
In NDS Configuration, select the Triggers tab.
Click the Limber button to start the Limber process. The new Port assignments should be set.
In Windows Control Panel for NT and Administrative Tools for 2000, select Services.
Find the jakarta or tomcat entry and click Start.
Start IIS or Apache.
Verify that your web server is running. Test by opening the Getting Started page (eMFrame\help\en\install\gettingstarted.html) and select the iManager link.
On Solaris, Linux, and AIX
To resolve this problem on Solaris*, Linux*, and AIX* platforms, do the following:
Stop Apache and Tomcat.
Start ConsoleOne and login to your eDirectory 8.7 tree.
In the tree view, select the container where you installed the server object.
Open the properties of the HTTP Server - [servername] object and select the Other tab.
Change the httpDefaultClearPort and httpDefaultTLSPort attributes to port numbers other than your iManager web server (probably 80) and tomcat ports (8080, 8007, 8009).
For example, change to 8010 for httpDefaultClearPort and 8011 for httpDefaultTLSPort.
The server will be refreshed and the ports changed when limber runs next time or initiates the limber from ndstrace (set ndstrace = *L).
NOTE: HTTP Server object can be recreated using iManager, ConsoleOne or by running ndsconfig add -m http.
Start Tomcat and Apache after the limber process has run.
Verify that your web server is running. Test by opening the Getting Started page (eMFrame\help\en\install\gettingstarted.html) and select the iManager link.
On a Windows Server where IIS is installed, iManager will be installed to the Web Site that the install program determines is the default Web Site. If multiple IIS Web Sites are running on the server and iManager needs to be run from a Web Site other than the one selected by the install, it will need to be manually configured to use the ISAPI redirector to Tomcat. See the Tomcat documentation for more details: <TOMCAT_HOME>\doc\tomcat-iis-howto.html.
To set up Apache and Tomcat on Solaris, complete the following two procedures.
Procedure 1: Build and Install Apache
Install gcc, make, and the JDK and add to your path.
Update the /usr/java link if necessary to reflect the installed Java.
Verify /usr/ccs/bin is in your path.
Add and export JAVA_HOME, APACHE_HOME, TOMCAT_HOME in /etc/profile to reflect the installed locations.
Exit out of the CDE or GNOME. This is necessary for the above variables to take effect.
Install Apache by doing the following:
Procedure 2: Set Up Tomcat
Extract tomcat to /usr/local/jakarta-tomcat.
Build mod_jk.so for Apache within $TOMCAT_HOME/native/mod_jk/apache1.3/build.solaris.sh (see README.solaris).
Add the following line to $APACHE_HOME\conf\ httpd.conf at the bottom of the file, where $TOMCAT_HOME is the full path to Tomcat:
Include $TOMCAT_HOME/conf/auto/mod_jk.conf
Install Novell iManager.
Configure tomcat by running $TOMCAT_HOME/bin/startup.sh jkconf. The jkconf will generate the auto configuration file then shutdown Tomcat.
Run Tomcat with $TOMCAT_HOME/bin/startup.sh.
Verify all contexts are detected and JClient loads.
Run Apache with $APACHE_HOME/bin/apachectl start.
For more information, see the Apache web site, the Jakarta web site, and the Sun Java web site.
The following issues might occur when using a Netscape 6.2 browser:
When using iManager in simple mode with Internet Explorer 5.5, the scroll bar might not scroll down to the bottom of the screen.
NICI 2.4.x is automatically installed with eDirectory 8.7. On a machine without eDirectory 8.7, you will need to install NICI 2.4.x manually. For NetWare, run NWCONFIG and select the installs\nw\nici subdirectory from the eDirectory WebApps CD. For Windows, the install (wcniciu0.exe) is located in the installs\win\nici subdirectory on eDirectory WebApps CD.
If you intend to run iManager on a Windows machine that has NICI 1.3.x installed, you must execute the batch file named runf2dc.bat before you install NICI 2.4.x. This batch file will prepare your system such that NICI 2.4.x can be installed. The batch file is located in installs\win\nici subdirectory on the eDirectory WebApps CD.
You can quickly determine if you have NICI 1.3.x installed on your Windows machine by looking in the subdirectory %SYSTEMROOT%\system32\Novell\NICI. If you see files named
and you are missing one or more of the following files in this same directory
"Require TLS for Simple Binds with Password" was previously named "Allow Clear Text Passwords." Selecting Require TLS for Simple Binds with Password has the same effect as unselecting Allow Clear Text Passwords.
To access this option in Novell iManager, click the Roles and Tasks button > LDAP Management > LDAP Overview > View LDAP Group Objects > click on an LDAP Group object > click Information.
A problem may occur if you delete a predefined role in iManager using the Delete Role task. If a predefined role, such as eDirectory Administration, Group Management, etc., is deleted using the Delete Role task and then recreated by re-installing the iManager plug-in using the Install plug-in task, the role is recreated but no tasks are assigned to the role.
If you run the Post NetWare 5 Schema Update in the Schema Maintenance task in the eDirectory Maintenance Utilities role, it might not complete successfully.
The following tasks in the eDirectory Maintenance role can only be used on a server running eDirectory 8.7:
The iPrint plug-in for iManager is designed for NetWare 6 servers only. You will receive errors if you try to run the plug-in on any other type of server. iPrint also requires Internet Explorer 5.5 or later.
In addition to iPrint, the NLS and DNS/DHCP plug-ins will only run on NetWare 6 servers.
The SNMP Task in iManager requires eDirectory 8.7. If you try to use the task on servers that don't have version 8.7 installed, an error will display.
When iManager is running with JVM 1.3.1 for AIX, the file upload process is failing which causes the plug-in to get an empty file. Use JVM 1.3.0 on AIX if file upload/download operations are to be supported.
A random error on AIX might occur where you get an "unsatisified link" error with JClient when you start Tomcat. This may be a problem if iManager is installed before eDirectory. If you get this error, uninstall iManager, install eDirectory 8.7 first, then re-install iManager.
If you uninstall iManager on a Windows NT/2000 server using the Add/Remove Programs utility, a message will display at the end listing files that were not deleted. This is the expected behavior of the application. The iManager uninstallation program only removes the files that the iManager installation originally copied onto the server.
After running the iManager Configuration Wizard on a NetWare 6 server that has been upgraded to SP2, the objects for the following roles and their associated tasks have been created, but they have not been assigned to the creator of the collection:
In this situation, you will need to assign members to these roles in order to use them.
If iManager is installed on a Windows NT/2000 server that also has eDirectory 8.5 installed, many of the tasks in the Novell Certificate Server plug-in and other iManager plug-ins may fail due to conflicting versions of shared libraries.
It is strongly suggested that eDirectory on a Windows server be upgraded to a version later than 8.5 before iManager is installed. However, if iManager is to be installed without upgrading, then the Novell Certificate Server plugin will not function correctly until the following steps are taken:
Shutdown eDirectory on Windows using the Novell eDirectory Services utility (located on the Windows Control Panel).
Replace the sal.dll file that is in the system path (ex. \WINNT\system32\) with the one that is located in the directory: "...\Novell\Tomcat\webapps\eMFrame\WEB-INF\bin\".
Start up eDirectory again using the Novell eDirectory Services utility.
When attempting to login to eDirectory through iManager, if you receive the error "ErrorError: System Error Could not find native libraries for com.novell.emframe.fw.NDSNamespaceAuthenticator," Linux may be having a problem locating the JClient libraries.
Do the following:
Open $TOMCAT_HOME/bin/tomcat.sh.
Add the following line:
LD_LIBRARY_PATH=/usr/lib;export LD_LIBRARY_PATH
Save the tomcat.sh file.
Start Tomcat.
When Tomcat is starting, you should see in the terminal window that Novell JClient is found. There will be a line that looks something like this: "Novell JClient 1.1.1098-1.1.1098. Copyright 1999 Novell, Inc. All Rights Reserved."
After the iManager Configuration Wizard is run on your tree and has upgraded the Role Based Services Collection it deletes a file called firstTime.properties located in $TOMCAT_HOME\webapps\eMFrame\WEB-INF\misc\. If you run iManager 1.5.1 from another web server where the iManager Configuration Wizard has never been run, you will need to delete that file on that web server or the wizard will display every time you login.
Do not use ConsoleOne to modify any of the Role-Based Services objects. Role-Based Services objects were designed to be modified in iManager only.
Most administration operations on NetWare 4.x servers through iManager will fail. If NetWare 4.x is in the replica ring, perform all partition administration operations for that replica ring using ConsoleOne.
iManager always stays in secure mode, even if your receive an error from your browser software stating that "this page contains secure and non-secure items."
Under rare circumstances on servers running NetWare 6 SP2 with a minimum of 256K, the iManager installation program might hang at the end the install when it is trying to update the products.dat file. This also might cause two versions of Apache to run as well. Since all files have been copied, usually a manual re-boot of the server will take care of these issues.
During an iManager login, a -634 error could result if the IP address specified in the "Tree" field belongs to a server in the tree which has no replica or if the available advertising services (such as SAP or SLP) have no information about where to contact a replica server in the tree. To successfully log in, try specifying the IP address of a server in the tree which contains a replica.
Several roles in iManager require supervisor rights to the container to perform the required tasks of that role. When assigning roles to users or groups, the administrator is prompted for a scope. The scope defines how far up (or down) the tree rights will be assigned. If, for instance, the iPrint role is assigned to a user and the scope is set at the top of the tree, the user that was assigned to that role will have supervisor rights to the entire tree.
The following roles will assign supervisor rights to the container specified in the scope to the user:
Under some circumstances, the iManager Role-Based Services installation wizard might show a "display error." This error appears to only display when running in a browser on the console where Tomcat and eDirectory are running. The wizard continues to work in the background even though the interface indicates that it has failed.
In order to use the Simple Password method in NMAS, you need to have SSL set up on your server. For more information, see "Configuring and Using SSL for LDAP Connections" in the iManager 1.5 Administration Guide.
Selecting an eGuide Self Management role and then selecting a regular iManager role will cause the data and UI of the Modify Role Associations page to display the UI from the previously selected Self Management role. Also, the Scope textfield will be hidden from view as it is for a Self-Management role.
In order to reset the values that are causing the data and UI problem do one of the following:
There are two Role-Based Services issues known to exist in eGuide 2.1 caused by the rbsCoreLDAP.jar file (see bullets below). These issues should be resolved by downloading a new rbsCoreLDAP.jar file that is available on the Novell Support Web site and replacing it with the existing file located in the eGuide ...\WEB-INF\lib directory. Refer to Solution ID#NOVL82867.
You can look up specific error codes and their meanings using Novell iMonitor. Go to the following URL for more information:
http://[eDirectory_server_IP_address]:[port_number]/nds/error
It is possible to see a problem where "NaN" will display in the validity and expiration fields of a custom certificate. The work around is to run iManager from a English based server.
On some versions of Linux with JVM 1.3.1_xx, the Details button on the Detection Summary page will display a dialog that is not useable (i.e., too small). To resolve this issue, install JVM 1.4.1_xx.
The Byte Order Mark and all extended characters display incorrectly in the French language iManager 1.5.1 help files. Double-byte characters may not display correctly in the popup windows of Netscape web browsers when running iManager through Apache 2.0. This is a known compatability issue with Netscape and the newer versions of Apache.
If you want to use different versions of iManager in your network (1.2.x, 1.5.x), you will need to maintain two different Role-Based Services collections.
If your environment doesn't require backwards compatibility with iManager 1.2.x, Novell recommends upgrading all of iManager servers to the same version of 1.5.x.
When using different versions of iManager in the same browser you may need to clear the browser cache.
References to the eDirWebApps build, CD, or directory should be replaced with IMANAGER151.
The latest iManager readme file in the French language will be available on the Novell documentation Web site.
Upgrades are not supported on AIX 5L with IBM JRE 1.4. Use IBM JRE 1.3.1 if you want to upgrade iManager from 1.5.0.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
You may not export or re-export this product in violation of any applicable laws or regulations including, without limitation, U.S. export regulations or the laws of the country in which you reside.
Copyright © 2002-2003 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
U.S. Patent Nos. 5,608,903; 5,671,414; 5,677,851; 5,758,344; 5,784,560; 5,794,232; 5,818,936; 5,832,275; 5,832,483; 5,832,487; 5,870,739; 5,873,079; 5,878,415; 5,884,304; 5,913,025; 5,919,257; 5,933,826. U.S. and Foreign Patents Pending.
Novell is a registered trademark of Novell, Inc. in the United States and other countries.
All third-party trademarks are the property of their respective owners.