5.3 Configuring the Engine

The Kanaka Engine services all requests made by the Kanaka client components. Besides performing the initial authentication, the Kanaka Engine allows the Kanaka Plug-in and the Kanaka Desktop Client to operate in a contextless manner to pull relevant individual user and storage access information from eDirectory and the file system and return the information in a format relevant to macOS.

The Engine also services password change requests, specifies client storage information through the Kanaka Plug-in Console, and informs Micro Focus Kanaka for Mac users of password expirations that will occur in the near future.

  1. From a Web browser, launch the management interface by entering https://server_ip_or_DNS_name:3089.

  2. Enter eDirectory credentials capable of modifying directory services and schema, such as an Admin or Admin equivalent.

    You can log in with the following FDN formats:

    • CN=user.O=microfocus
    • .user.microfocus
    • user.microfocus

    These formats work when the user object is contained within standard Organization and Organizational Unit objects. For example:

    • CN=user.O=microfocus
    • CN=user.OU=users.O=microfocus

    However, if the user is located in something like a Locality, domain, or Country container the typeful FDN must be used. For example:

    • CN=user.O=it.L=east.O=microfocus
    • CN=user.O=IT.DC=microfocus.DC=com
    • CN=user.O=IT.c=us

    Because you are performing administrative work, your must log in using a fully distinguished name in the Username field. You can use a format such as cn=user.o=org or user.org.

    The management interface launches the Setup Wizard.

  3. Click Next to extend the eDirectory schema.

    As with all schema extensions, be aware that it might take some time for the schema extensions to be synchronized in a large tree.

    The following page appears for you to create a proxy user and administration group:

    A proxy user is needed because Micro Focus Kanaka for Mac authenticates and operates under the rights of a proxy user.

  4. Use the Browse button that corresponds to the Kanaka Proxy Object field to browse to the container where you want the Micro Focus Kanaka for Mac proxy user to reside.

    Ensure that this user has rights to retrieve user and group information from eDirectory as well as view quota information in the file system of all volumes holding user and collaborative storage.

    The name KanakaProxy is prepended to the container object you specify.

    The proxy user object is created in eDirectory when you click the Next button in the Setup Wizard..

  5. Use the Browse button that corresponds to the Kanaka Administrators Group field to do one of the following:

    • Locate and select a group whose members you want to be Kanaka for Mac administrators.

    • Browse to the location where you want the new KanakaAdmins group to reside in eDirectory.

      The name KanakaAdmins is prepended to the object you specify.

      The proxy user account and password are self-managed by the Kanaka Engine. The password is never stored in any location, so there is no concern for security of the password. No two Kanaka Proxy users ever have the same password.

  6. Leave the check box selected so the user you are logged in as can be a member of the administrators group.

    This will ensure that you are able to log in and manage Micro Focus Kanaka for Mac via the management interface.

  7. Click Next.

    The Kanaka Administrators Group object is created and the logged-in user is added to the group.

    The Kanaka proxy object is also created. By default, this user object is automatically assigned Supervisor rights at the root of the eDirectory tree. You can remove this rights assignment and assign rights more granularly to the tree and the associated file systems. The object needs the following minimum rights:

    • Browse Entry rights to the eDirectory tree

    • Read and Compare Attribute rights to any of the following objects that might be used or accessed through Micro Focus Kanaka for Mac:

      • Users

      • Groups

      • Containers, including Os, OUs, Domains, Countries, and Locales

      • Login scripts

      • Profiles

      • Servers

      • Volumes

    • Read and FileScan rights to any file system directories that might be used or accessed by a Micro Focus Kanaka for Mac user, including user home directories, group home directories, or any file system that might be mapped and later accessed through a login script.

    The following page appears for you to create a user index:

    Micro Focus Kanaka for Mac maintains an index of user objects for the purpose of supporting contextless logins from the Kanaka Plug-in and Kanaka Desktop Client. The index is made up of user objects in a set of search object containers in eDirectory.

  8. Use the Browse button to locate a context where your Micro Focus Kanaka for Mac users reside in eDirectory.

  9. Click Add, then repeat Step 8 to add another container.

    Repeat this step until you have added all the contexts you want to the list.

    Micro Focus Kanaka for Mac does not have the ability to differentiate users with the same name in different contexts. If you index containers with users having identical names, those users cannot log in.

  10. In the Search Depth region, specify whether you want Micro Focus Kanaka for Mac to search for users only at the top layer of the container, or within subcontainers as well.

  11. In the Rebuild Times region, specify the hours when you want Micro Focus Kanaka for Mac to rebuild the index.

    You should choose an hour when there is minimal network activity.

  12. Click Next.

    The index is updated under different circumstances:

    • Automatically based on individual users logging in.

      If a given user is not found in the index, the user is automatically located in the given search containers and dynamically added to the index.

    • Automatically based on the hourly rebuild times schedule set in the configuration.

    • Automatically 90 seconds after the engine loads.

    • On demand using the Micro Focus Kanaka for Mac management interface.

    The following page appears:

    Micro Focus Kanaka for Mac must be configured for each AFP or CIFS volume name for each volume on the network containing home directories or collaborative storage.

    For a description of the process that Micro Focus Kanaka for Mac uses to retrieve mount points for macOS, see Section 11.1, Storage Resources.

    Storage Resources cannot be built during the setup wizard. However, it can be built once the setup wizard has finished and an internal restart of the Kanaka Engine server takes place.

  13. Click Finish Wizard to conclude the Setup Wizard.

    When you click Finish Wizard the engine undergoes an internal restart operation and you are prompted to log in again. You might want to wait a few minutes while this process takes place.

  14. (Conditional) If you get an error trying to reload the page, check the Engine's status with the following command in a terminal session:

    rcmicrofocus-kanakaengined status

    If the status is unused, issue the following command to start the Engine:

    rcmicrofocus-kanakaengined start