If your network users will authenticate to the Novell® NterpriseTM Branch OfficeTM appliance using their existing central office eDirectoryTM LDAP username and password, you must enable several components on your Central Office LDAP server and eDirectory tree including having a simple password in addition to their eDirectory password. These passwords can be set to the same value so that users do not need to remember two different passwords.
When users log in to the appliance for the first time using HTTP, NCP, CIFS, AFP, or FTP, User Access Provisioner automatically creates the user account on the appliance with the same username and password as the user had in the central office eDirectory tree.
WARNING: If users will be logging in to the appliance for the first time using Novell Client for Windows NT/2000/XP version 4.9 or later, they must disable NMAS before logging in so that automatic user access provisioning can occur. Or, if your network does not take advantage of NMAS, you can disable it. See the Novell Client for Windows Administration Guide.
If your central office server is a NetWare® 6.5 server, you should enable universal passwords during the installation and then deploy it. (See the NetWare 6.5 Overview and Installation Guide and the NetWare 6.5 Universal Password Deployment Guide.) Universal Password enforces password policy uniformly across multiple authentication systems (such as Native File Access). Universal Password also manages multiple types of password authentication methods from disparate systems. This is done by creating a common password that can be used by all protocols to authenticate users. Enabling Universal Passwords correctly configures the LDAP-enabled eDirectory tree to authenticate using simple passwords. Bypass all the LDAP configuration procedures in this chapter and complete only the steps provided in Assigning Simple Passwords for User Accounts .
If your central office server is NetWare 6.0 SP2 or later or NetWare 5.1 SP5 and simple passwords are not enabled currently, you must enable them. The process to enable simple passwords is explained in this section.
After simple password is configured on the server, you can enable simple passwords for all users. Then when users log in through the Nterprise Branch Office Portal the first time, the users' simple passwords are set to the same value as their existing password. See Assigning Simple Passwords for User Accounts .
Users do not need to remember a new username or password for the appliance. And when changes are made to the username and password at the central office, these changes are synchronized to the appliance automatically. Because the User objects and credentials for these users reside on the central office eDirectory tree, these users are called remote users.
This chapter covers the steps necessary to enable existing users to authenticate to the appliance as remote users. If you do not have existing user accounts in a central office eDirectory tree that you want to provide access to the appliance, you do not need to enable automatic user access provisioning through the LDAP protocol. You can add new user accounts to the appliance directly or import user accounts from Windows NT. See "Managing Nterprise Branch Office User Accounts" in the Nterprise Branch Office Administration Guide.
Configuring the Central Office LDAP server takes several steps and requires that your central office servers meet specific requirements. NetWare 5 and NetWare 6.0 servers require more steps than NetWare 6.5 servers because some required components are installed by default on NetWare 6.5 servers when you install the NetWare 6.5 server using the Management Server Pattern. See Preparing the Central Office for central office server requirements. Then, complete the following steps before installing the Branch Office appliance so that you have all necessary components during the appliance initialization and setup process.
After these steps are completed, the SSL certificate you generated will be used during the appliance Setup Wizard.
HINT: If you have already installed the appliance, you can still enable LDAP configuration settings by either running the Setup Wizard again or configuring LDAP in the Authentication Sources page in Nterprise Branch Office Web Administrator.
To run the Setup Wizard again, enter set admin http wizard=yes at the appliance command line, followed by apply.