Authentication is a complex topic, and your existing network infrastructure can affect your ability to successfully perform an initial iManager login. The following facts can help you minimize authentication-related difficulties. For more information about authentication-related topics, see Novell’s NMAS documentation and eDirectory documentation.
iManager authentication is a platform-dependent operation, meaning that it functions differently depending on the platform on which iManager is running
NetWare servers: When iManager runs on a NetWare server (including OES NetWare) it utilizes eDirectory’s legacy authentication mechanism and the regular eDirectory/NDS password. This mechanism does not support eDirectory’s Simple Password or Universal Password options.
Linux and Windows servers: When iManager runs on a Linux or Windows server it utilizes eDirectory’s legacy authentication mechanism and the regular eDirectory/NDS password. This mechanism does not support eDirectory’s Simple Password or Universal Password options.
Mobile iManager: Mobile iManager runs on a client workstation, either Linux or Windows, and leverages the NMAS client that allows it to use Universal Password, if configured.
iManager does not use LDAP for the initial iManager authentication process. It utilizes eDirectory’s proprietary authentication protocol. However, following initial authentication, iManager can, create LDAP connections to eDirectory as needed to support directory access for the installed plug-ins that require LDAP access.
iManager does not support authenticating with eDirectory’s Simple Password.
You might encounter the following error messages when authenticating to iManager. Each error message section discusses possible causes.
If you receive a 404 error the first time you attempt to access iManager, you need to verify the ports that Apache is running on. Depending on how you installed iManager and whether you chose to use Apache or IIS, the configuration file locations will vary. Apache uses either the httpd.conf file or the ssl.conf file. Refer to Microsoft’s documentation for information on IIS port settings.
If you receive an internal server error or servlet container error (either unavailable or being upgraded), iManager is having one of two problems with Tomcat:
Tomcat has not fully initialized after a reboot.
Tomcat has failed to start.
Wait a few minutes and try again to access iManager. If you still receive the same errors, verify the status of Tomcat.
Restart Tomcat.
For information about restarting Tomcat, see Starting and Stopping Tomcat and Apache.
Check the Tomcat logs for any errors.
The log file is located in the $tomcat_home$/logs directory on the UNIX, Linux, and Windows platforms. On UNIX and Linux, the logs are named catalina.out or localhost_log. date.txt ; on Windows, the log files are named stderr and stdout.
On NetWare, errors appear on the logger screen.
The object name entered could not be found in the context specified.
Some possible causes:
Contextless login might be disabled.
Your User object might not be in the configured search containers list. Either ask your administrator to add your user location to the contextless login search containers or log in with a full context.
The NDS password has been disabled in the Universal Password policy. This may also manifest itself with a 222 Error Message.
You can avoid this error with iManager Workstation by installing the NMAS client, which allows iManager to utilize the Universal Password authentication mechanism rather than eDirectory’s legacy authentication process.
This error is a system failure having any of several possible causes.
The target server does not have a copy of what the source server is requesting, or the source server has no objects that match the request and has no referrals on which to search for the object.
Some possible causes:
You entered an incorrect Tree or IP Address. If you are using the IP address, make sure you include the port if eDirectory™ is installed on a nonstandard (524) port.
iManager cannot locate your Tree or IP Address before timing out.
If the tree name fails, use the IP address.
An invalid password was used, authentication failed, one server tried to synchronize with another one but the target server’s database was locked, or a problem exists with the remote ID or public key.
Some possible causes:
You typed an incorrect password
There are multiple users with the same username in the tree. Contextless login tries to log in using the first user account it finds with the supplied password. In this case, provide a full context when you log in or limit the search containers that contextless login searches.