Novell Home

My Favorites

Close

Please to see your favorites.

iChain 2.2: Novell Remote Manager Configuration Quick Start

(Last modified: 11Feb2003)

This document (10080151) is provided subject to the disclaimer at the end of this document.

fact

iChain 2.2

NetWare 6 SP2

goal

iChain 2.2: Novell Remote Manager Configuration Quick Start

fix

Novell Remote Manager (NRM)

This feature is installed by default with NetWare 6 and is implemented through Portal.nlm and Httpstk.nlm. By default, it listens on ports 8008 (non-secure) and 8009 (secure). A user connecting on port 8008 over http will be redirected to secure port 8009 for login and all subsequent actions. Login to NRM uses Basic Authentication headers in the https packet and requires the username in that packet to be in NDS “dot delimited” format. A leading “.” is allowed but not required.  If a user object is in an OU for which bindery context is set on the NW6 server, login can be done using CN only, if desired.

 

Accelerator Configuration:

For the following configuration to work, Portal.NLM and HTTPSTK.NLM must be working properly. Verify that browsing directly to the Portal server’s address using https on port 8009 returns the Portal login prompt and that the user is able to login.

 

On Web Server Accelerator page:

Name:  rm

DNS Name: cpq350.rm.dsm.cit.novell.com

Cookie Domain: rm.dsm.cit.novell.com

Use host name sent by browser is selected

Web Server Port: 8009

Web Server Address: 10.251.201.2 (Primary ip address of a NW6 server)

Accelerator Proxy port: 80

Accelerator IP address: 10.251.200.1

Enable Authentication is enabled

Authentication options:

Service Profile=ldap

Forward authentication info to web server is disabled

Enable Secure Exchange is enabled

SSL Listening Port: 8009

Certificate: Auto

Secure Exchange Options:

Client<-8009->Proxy<-8009->Web Server

“Enable secure access between the iChain Proxy and the Origin Web Server” is enabled

“Allow pages to be cached at the browser” is not enabled

 

On Access Control Page:

 “Enable OLAC” and  “Enable Form Fill Authentication” are both disabled

ConsoleOne Configuration

In ConsoleOne->ISO object properties:

Add resource for the iManager web site:

Name=rm

URL Prefix=http://cpq350.nrm.dsm.cit.novell.com/*

Access: Restricted

 

User’s should now be able to browse to URL http://cpq350.rm.dsm.cit.novell.com (which resolves to the iChain address), login to Proxy, then get the Portal login prompt and successfully login to Portal.

 

Single Sign On through iChain:

Since NRM requires a dot delimited name or CN for login, OLAC can be configured to work properly with NRM as follows:

 

In ConsoleOne, create a resource for NRM under the ISO object. For that resource, configure OLAC parameters as follows:

 

If users are in a bindery context, NRM login will accept the user’s CN. For this configuration, set the OLAC parameters as follows:

 

Name:.                     ICHAIN_UID

Data Source:         LDAP

Value:                     CN

 

If users are not in a bindery context, NRM requires the full dot delimited username. Select some LDAP attribute which will be used to hold the user’s full dot delimited NDS name and then populate that attribute using ConsoleOne. For example, for user cn=admin,o=novell,c=us, set that user’s “fullName” attribute to admin.novell.us. The OLAC parameters would then be configured as follows:

 

Name:                     ICHAIN_UID

Data Source:         LDAP

Value:                     fullName

 

In iChain’s GUI configuration tool, be sure to enable the accelerator’s “Forward authentication information to web server” check box, and also enable checkbox “Enable Object Level Access Control” on the Configuration->”Access Control” page.

 

.

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

  • Document ID:
  • 10080151
  • Solution ID: NOVL87080
  • Creation Date: 11Feb2003
  • Modified Date: 11Feb2003
    • NovellBeta

Did this document solve your problem? Provide Feedback