The ZENworks Middle Tier proxy user needs rights in the following categories:
If your users exist in subcontainers of the defined Users Context, LDAP is used to find their context during the authentication process. To perform this LDAP query, the Middle Tier proxy user account needs the Read right to the CN attribute of the user objects that will log in through this Middle Tier Server.
Users in an environment without the Novell ClientTM (that is, using the Desktop Management Agent only) log in to the eDirectory tree through the Middle Tier Server. The Middle Tier proxy user account needs Write rights to the zendmWSNetworkAddress attribute on the user objects that log in through this Middle Tier Server. The network address stored in this attribute is updated during each user login through this Middle Tier Server and is used by the Remote Management process to determine the network location of the user.
NOTE: The Middle Tier proxy user account also needs Create entry rights to these user objects because the zendmWSNetworkAddress attribute is not present by default on an eDirectory User object. The attribute is created when a user logs in for the first time from the Desktop Management Agent through the Middle Tier Server.
Any additional users who need to administer the Middle Tier Server using the NSAdmin utility (http://midtier/oneNet/nsadmin) must be Security Equivalent to the Middle Tier proxy user account. The proxy account is stored in the registry of the Middle Tier server at HKLM (or myserver for NW) \Software\Novell\XTier\Configuration\Xsrv.
If a NetWare 6.5 Middle Tier Server is also the Novell iFolder® NetStorage server, grant the Middle Tier proxy user Add rights for adding an auxiliary class (xTier) and Write rights to the attribute (xTier-iFolderPassPhrase). These rights allow the proxy user to set a password when it is changed from within NetStorage.