11.5 Policy

Micro Focus Kanaka for Mac clients request various items of user-related information from eDirectory. The following options allow you to configure how these items are obtained as well as the operation of the clients themselves.

These two self-explanatory settings are selected by default.

The UID is a User ID that is unique for each user logging in to macOS. This option allows you to use an existing number or use a randomly generated number from a range of numbers defined by Micro Focus Kanaka for Mac.The auxiliary attribute class is posixAccount. The attribute is uidNumber.

The GID is a primary Group ID for a user. It defines security levels on macOS. By default, the GID is set to 20 (equivalent to “staff” on macOS) in Micro Focus Kanaka for Mac. If you want your users to have admin privileges on macOS, you can set the GID to 80 (equivalent to “admin” on macOS), but this is not recommended for lab environments. The auxiliary attribute class is posixAccount. The attribute is gidNumber.

The third option is based on an extended attribute that is added during the Kanaka installation. The class in eDirectory is named cccKanakaGidNumberClass and the attribute name is cccKanakaGidNumber. You can use this attribute to define the GID for users individually.

For example, if you want students to have a GID of 20 (staff) and teachers or administrators to have a GID of 80 (admin), you can set the cccKanakaGidNumber attribute for the teachers or administrators to a value of 80 and choose the Use Kanaka alternate GID attribute option.

This region lets you specify how the user’s name is displayed in the Kanaka Plug-in Console, Desktop Client, and the logout option.

This setting gives you the option to allow the user to log in or not if the Home Directory attribute is not populated. If you choose the proxy directory option, you need to add and configure a proxy home directory for your environment. This is a directory with limited rights, and you can display a message to explain (such as a document or HTML page) that the user does not have a home directory defined, and perhaps direct them to a contact at the Help Desk.

This setting indicates whether Micro Focus Kanaka for Mac should actually test for the existence of the path specified in the home directory attribute. By default, this option should be turned off. If you do test for existence and the path doesn’t exist, you have the option to use the proxy directory or deny login.

This is the default shell for the user's environment on macOS.

These settings enable the mounting of additional storage other than the user’s home directory.

By enabling the Login Script Parser, the Kanaka Engine will parse any login scripts associated with the user. Login scripts are parsed with the same criteria as NetStorage logins.

For several years, Apple has had a technology for managing workstations and the user experience, often referred to as MCX, or Managed Client for OS X via a Workgroup Manager server. Micro Focus Kanaka for Mac gives the administrator the ability to choose between Micro Focus Kanaka for Mac or a Workgroup Manager server to deliver these settings to the workstation.

Micro Focus Kanaka for Mac clients can receive Managed Client Settings (MCX) configured in the Kanaka policy or from a properly configured OS X server. The following options instruct the client to use MCX settings generated by Micro Focus Kanaka for Mac or to use settings obtained from an OS X server.

If you choose the setting for Workgroup Manager, you will need to verify that your LDAP v3 settings in the macOS Directory Utility point to that server.

This option displays an icon on the Dock for the user’s home directory and for any additional storage that is configured.

These options place a mount point on the user’s desktop. This mount point is at the root of the volume, so users will need to drill down to get to the folders and files they have rights to.

This setting enables the Kanaka Plug-in Console to automatically start after a login.