If your network users will authenticate to the Novell® NterpriseTM Branch OfficeTM appliance using their existing central office eDirectoryTM LDAP username and password, you must enable several components on your Central Office LDAP server and eDirectory tree including having a simple password in addition to their eDirectory password. These passwords can be set to the same value so that users do not need to remember two different passwords.
HINT: If you are using Windows* and Active Directory* as your corporate LDAP server, skip to Using Windows and Active Directory As Your Corporate LDAP Server.
When users log in to the appliance for the first time using HTTP, NCP, CIFS, AFP, or FTP, User Access Provisioner automatically creates the user account on the appliance with the same username and password as the user had in the central office eDirectory tree.
If your central office server is a NetWare® 6.5 server, you should enable universal passwords during the installation. (See the NetWare 6.5 Overview and Installation Guide and the NetWare 6.5 Universal Password Deployment Guide.) Universal Password enforces password policy uniformly across multiple authentication systems (such as Native File Access). Universal Password also manages multiple types of password authentication methods from disparate systems. This is done by creating a common password that can be used by all protocols to authenticate users. Enabling Universal Passwords correctly configures the LDAP-enabled eDirectory tree to authenticate using simple passwords. Bypass all the LDAP configuration procedures in this chapter and complete only the steps provided in Assigning Simple Passwords for User Accounts.
IMPORTANT: Some Advanced Password rules in iManager Universal Password may not work. For more information on this issue, please referer to the Password Readme Addendum.
If your central office server is NetWare 6.0 SP4 and simple passwords are not enabled currently, you must enable them. The process to enable simple passwords is explained in this section.
After simple password is configured on the server, you can enable simple passwords for all users. When users log in through Virtual Office the first time, the users' simple passwords are set to the same value as their existing password. See Assigning Simple Passwords for User Accounts.
Users do not need to remember a new username or password for the appliance. When changes are made to the username and password at the central office, these changes are synchronized to the appliance automatically. Because the User objects and credentials for these users reside on the central office eDirectory tree, these users are called remote users.
This chapter covers the steps necessary to enable existing users to authenticate to the appliance as remote users. If you do not have existing user accounts in a central office eDirectory tree that you want to provide access to the appliance, you do not need to enable automatic user access provisioning through the LDAP protocol. You can add new user accounts to the appliance directly or import user accounts from a Windows NT* domain. See "Managing Nterprise Branch Office User Accounts" in the Nterprise Branch Office Administration Guide.
This chapter includes the following sections: