If you do not see this task, you are not an authorized user. See Authorized Users.
There are three settings in the config.xml file that control the security and the certificates used when iManager creates an LDAP SSL connection.
If the value of AutoUpdate is true, when a user successfully logs in to iManager, the certificate from that eDirectory server might automatically be imported into the iManager-specific keystore. Select the setting, Auto Import Tree Certificate for Secure LDAP on the interface (Configure iManager > Security).
When Security.Keystore.UpdateAllowAll is true, then any successful user login imports/updates a certificate into the iManager certificate keystore. If the setting=false, only an authorized user login imports/updates certificates.
The keystore.priority setting contains two words that define the search order for certificates during a connection: “system” and “imanager.” “system” uses the default JVM* keystore to locate certificates when created the SSL context. If that fails, it then goes to the iManager keystore.
You can change the search order by switching “system” and “iManager,” or remove either word from the entry.
To further tighten security, do not allow AutoUpdate and use only the system keystore. If you do this, you must manually import the certificates that you want to be inside of the default system keystore by using the tools that come with Java. If you disable UpdateAllowAll, then certificate imports occur only from a successful iManager authorized user login.
These settings affect your entire Web server configuration and are saved in the config.xml file.You can either save as you go or click
once after you have made all your changes on the various tabbed pages.Select if you want the following message to warn users: “You are using a non-secure connection.” This setting applies to the connection between the browser and the Web server.
Assumption: you have met the Nsure® Audit prerequisites. Select the Enable Nsure Audit option to send iManager logging events data to Nsure Audit.
Secure LDAP connections require a certificate. If you select this feature, the system automatically imports a public tree certificate for secure LDAP.
Authorized users are users who can run various administrative tasks. Authorized user data is saved in webapps/nps/WEB-INF/configiman.properties. This file automatically gets created at install time, and the installing administrator’s name is added to this file.
Using this option, you can modify the configiman.properties file. The tree name must be included with the names specified for example: admin.novell.mytree. To designate all users as authorized users, type AllUsers.
Use this screen to customize the appearance of the iManager interface. Information about look and feel is saved in webapps/nps/WEB-INF/configiman.xml.
Type your organization name in this text box. It will appear in the title bar of the Web browser in place of the default text, Novell iManager.
The Title bar contains three images: the header background image, the header filler image, and the header branding image. Your own images must conform to the dimensions given on the interface.
Store these files in nps/portal/modules/fw/images. Type the path of each image in its respective text field.
You can customize the color of the menu header and the background of the navigation menu on the left.
You can type either color names or hexidecimal numbers. Entries do not need to be case sensitive. Click
to change your color selections.Select a logging level for Web server debugging, from No Logging to Errors, Warnings, and Information messages.
To set your logging options, follow the onscreen instructions on the
> page.The log file path and log file size both appear on this page. Select to view the log file and it appears in html format. Select to clear the log file and all data in it is deleted; then the Log File Size resets to 0 (zero).
Authentication configuration affects the iManager login page.
If you select this option, you will enter only your password to login.
This setting specifies whether iManager communicates via LDAP SSL or LDAP clear text. Some plug-ins, such as Dynamic Groups and NMAS, will not work if this option is not selected. This setting will not take effect until you logout of iManager.
If you select this option, the Tree text box appears on the login page. If you do not select this option, you must have a default tree name. Otherwise, you will not be able to log in.
Select this option to allow users to type usernames on the login page without specifying a context.
Populating the following boxes is optional.
The values you specify in the following text boxes depend on the tree name that you type here. The tree name is the tree that the contextless configuration will be applied to.
Which containers (for the selected tree) iManager must search to find a specific user. If you do not specify a container by default, iManager searches from the root of the tree down through the entire tree. The search to find the user object can take several minutes, depending on the size of the tree.
By default, iManager connects with public access, requiring no specific credentials. If you want, you can specify a user with specific credentials to do the search for the contextless lookup. The iManager public user will be used if you don’t specify a user.
The password (for the selected tree) for the user specified in Public Username.
Role-Based Services (RBS) assigns the rights within eDirectory to perform tasks. In order to do certain things, you must have rights in the eDirectory tree. When you assign a role to a user, RBS assigns the rights necessary to perform the tasks of that role.
Select this option to allow RBS to allow dynamic groups to be members of a role.
For more information on dynamic groups, see the Novell eDirectory Administration Guide
If you select this option, collection owners will see all roles and tasks whether they are members of them or not. If you do not select it, owners will see only their assigned roles.
Click the drop-down arrows for lists of the following:
This option indicates where in the tree iManager is to search for roles that are assigned to a member.
This option indicates where in the tree iManager is to search for Dynamic Group membership. Role membership will then be checked in the Dynamic Groups found.
This option selects which type of Dynamic Groups should be searched for role membership
When a collection owner or a Role member authenticates, this setting is auto-populated with the eDirectory tree’s name. This effectively keeps track of the eDirectory trees where RBS has been configured. If RBS is removed from an eDirectory tree, remove that tree’s entry in this list in order to return to Unassigned Access mode.
You can safely ignore this option. Enable [this] was added to iManager to allow some internal teams to modify their own objects. [this] is an attribute in the tree that enables specific self-management functionality. If [this] is enabled, all servers in the tree must be version 8.6.2 or later.
Specifies the URL to eGuide. This is used in the eGuide launch button in the header and in the eGuide role and task management tasks. This must be a full URL, (for example, https://my.dns.name/eGuide/servlet/eGuide) or the keyword EMFRAME_SERVER. Using EMFRAME_SERVER causes eMFrame to look for eGuide on the same server that eMFrame is located on.
For more information on eGuide, see the Novell eGuide documentation Web site