4.1 Overview of the Provisioning Process

Novell provides a number of tools to help you provision your AD users and groups for NSS access. Figure 4-1 provides a high-level overview of the provisioning process.

Figure 4-1 Provisioning AD User and Groups for NSS Access

Table 4-1 Upgrading to OES 2015 SP1 and Deploying NSS AD

Step

Information and Links

  • If you have NetIQ IDM 4.5 or later, and you have created an Active Directory to eDirectory user map using IDM Designer (not the IDM iManager plug-in), the User Resource Map utility (NURM) can leverage the map for replicating NSS ACLS for eDirectory users and groups to NSS ACLs for corresponding AD users and groups.

    Select the IDM option to use a map file in eDirectory.

    IMPORTANT:Ensure that the eDirectory user entered in NURM has access to the DirXML-ADContext attribute in eDirectory from the administrative workstation where you will run NURM.

  • If you don’t have an applicable Active Directory to eDirectory user map, NURM helps you create one.

  • After you have verified the user map and the rights to be assigned to the users and groups, you can apply the rights to the selected NSS volume.

  • To enable AD users and groups that don’t have corresponding eDirectory accounts, you can use the rights CLI command at the server’s terminal prompt.

  • You can also use the NFARM Windows shell extension to assign NSS trustee rights to AD users and groups.