The BCC Administrator user is a trustee of each of the peer Cluster objects in the business continuity cluster. During the install, you specify an existing user to be the BCC Administrator user. This user should have at least Read and Write rights to the All Attribute Rights property on the Cluster object of the remote cluster. The user should also have rights to the sys:/tmp directory.
The BCC Administrator user will be a trustee of each of the peer cluster objects in the business continuity cluster. Identify an existing user, or create a new user, who you want to use as the BCC Administrator user.
Assign trustee rights to the BCC Administrator user for each cluster that you plan to add to the business continuity cluster.
Start your Internet browser and enter the URL for iManager.
The URL is http://server_ip_address/nps/iManager.html. Replace server_ip_address with the IP address or DNS name of the NetWare server or Windows server where you have installed iManager and the Identity Manager preconfigured templates for iManager.
Specify your username and password, specify the tree where you want to log in, then click .
In the column, click , then click the link.
Specify the Cluster object name, or browse and select it, then click OK.
If the BCC Administrator user is not listed as a trustee, click the button, browse and select the User object, then click .
Click for the BCC Administrator user, and then ensure the and check boxes are selected for the property.
Click to save your changes.
Repeat Step 3 through Step 7 for the other clusters in your business continuity cluster.
You must also ensure that the BCC Administrator user has file system rights to the _ADMIN:\Novell\Cluster directory of each of the nodes in your BCC. This is necessary because the _ADMIN volume is virtual, and is created each time the server starts. For this reason, you cannot assign eDirectory trustee rights to the _ADMIN volume.
To assign BCC Administrator user file system rights to the _ADMIN:\Novell\Cluster directory:
Open the sys:\etc\trustrees.xml file
Add a trustee entry for the BCC Administrator user that assigns Read, Write, Modify, and File Scan (RWMF) rights to the _ADMIN:\Novell\Cluster directory.
Repeat this process on all NetWare nodes that are part or your BCC.
The trustee entry could be similar to the following entry:
<addTrustee>
<name>BCCAdmin.users.lab.acme_tree</name>
<fileName>_ADMIN:\Novell\Cluster</fileName>
<rights>
<read/>
<write/>
<fileScan/>
<modify/>
</rights>
</addTrustee>
Note the following items with this example:
The <name> element is the BCC Administrator user. The tree name is required.
The <filename> element must be _ADMIN:\Novell\Cluster
The rights must be RWMF.
You must add the trustee entry to all the NetWare nodes in your BCC.
The following is an example of a complete trustees.xml file. Note the multiple trustee entries. For this reason you should edit this file and add the BCC entry rather than copy the file from server to server.
<specialTrustees>
<addTrustee>
<name>BCCAdmin.users.lab.acme_tree</name>
<fileName>_ADMIN:\Novell\Cluster</fileName>
<rights>
<read/>
<write/>
<fileScan/>
<modify/>
</rights>
</addTrustee>
<addTrustee>
<context/>
<name>[public]</name>
<fileName>_admin:manage_nss\files.cmd</fileName>
<rights>
<read/>
<write/>
<fileScan/>
</rights>
<background/>
</addTrustee>
</specialTrustees>
After the trustees.xml file has been modified on all NetWare nodes, the NetWare nodes must be rebooted. This can be done in a rolling fashion. You should start with the node that has the highest IP address first and work down in IP address order. This speeds the rate at which the Novell Cluster Services master node acquires the change.
You must also ensure that the BCC Administrator user is a trustee with Read, Write, Create, Erase, Modify, and File Scan access rights to the sys:\tmp directory on every node in your NetWare clusters.
IMPORTANT:If you are concerned about denial of service attacks with the BCC Administrator user, you can set a quota of 5 MB for that user. This can prevent the BCC Administrator user from filling the sys: volume by copying an excessive number of files to the sys:\tmp directory.
To assign BCC Administrator user file system rights to the sys:\tmp directory:
Open the sys:\etc\trustrees.xml file
Add a trustee entry for the BCC Administrator user that assigns Read, Write, Create, Erase, Modify, and File Scan (RWCEMF) rights to the sys:\tmp directory.
Repeat this process on all NetWare nodes that are part or your BCC.
The trustee entry could be similar to the following entry:
<addTrustee>
<name>BCCAdmin.users.lab.acme_tree</name>
<fileName>sys:\tmp</fileName>
<rights>
<read/>
<write/>
<create/>
<erase/>
<fileScan/>
<modify/>
</rights>
</addTrustee>
Note the following items with this example:
The <name> element is the BCC Administrator user. The tree name is required.
The <filename> element must be sys:\tmp
The rights must be RWCEMF.
You must add the trustee entry to all the NetWare nodes in your BCC.
IMPORTANT:Make sure that you edit each trustees.xml file on each cluster node to add the BCC entry rather than copy the file from server to server.
After the trustees.xml file has been modified on all NetWare nodes, the NetWare nodes must be rebooted. This can be done in a rolling fashion. You should start with the node that has the highest IP address first and work down in IP address order. This speeds the rate at which the Novell Cluster Services master node acquires the change.