You must specify an existing user to be the BCC Administrator user. This user should have at least Read and Write rights to the All Attribute Rights property on the Cluster object of the cluster.
Perform the following tasks to configure the BCC Administrator user and group:
Launch a Web browser and enter the URL for iManager:
https://server_ip_address/nps/iManager.html
Replace server_ip_address with the IP address or DNS name of the server that has iManager and the Identity Manager installed (that is, the IDM node).
Specify the administrator user name and password.
Specify the IP address of the LDAP server in the tree.
Click
.Before you configure BCC in the cluster, you must create a BCC group (bccgroup) and BCC Administrator user (bccadmin). Members of the group include the BCC Administrator user and the UNIX workstation objects of each node in every peer cluster. The group must be enabled for Linux User Management (LUM). The group allows the inter-cluster communication to function properly.
IMPORTANT:Linux User Management (LUM) requires case-insensitive names by default. The names you specify must be in all lowercase.
To use mixed case for the BCC group and user names, you must enable the Case Sensitive option in LUM before you attempt to create the BCC group and user.
In iManager, select the
view.Create a BCC group, such as bccgroup.
Select
> .On the Create Object page, select
, then click .Specify the information for the group, then click
.Create a BCC Administrator user, such as bccadmin.
Select
> .On the Create Object page, select
, then click .Specify the information for the user, then click
.Add the BCC Administrator user to the BCC group.
Select
> .Select the BCC group, then click
.On the group’s Properties page, select the
tab.Add the BCC Administrator user as a member of the BCC group.
Enable the group for Linux.
Select
> .Browse to select the bccgroup, then click .
Enable the group for Linux.
Ensure that you do the following when you LUM-enable bccgroup:
On the Select Groups page, select the
option.On the Select Workstations page, add all bccgroup.
objects for all BCC cluster nodes in all peer clusters for the BCC to theIMPORTANT:If you later add a node or reinstall a node in any of the peer clusters in the BCC, its UNIX workstation object must be added manually to this group.
For information about LUM-enabling groups, see Managing User and Group Objects in eDirectory
in the OES 11 SP1: Novell Linux User Management Administration Guide.
On every node in every peer cluster, refresh the local cache for LUM-enabled users and groups. Log in as the root user, open a terminal console, then enter
namconfig cache_refresh
You need to assign trustee rights to the BCC Administrator user for each cluster you plan to add to the business continuity cluster.
In iManager, select the
view.Select
, then select .Browse and select the Cluster object, then click
.Click
to view the trustee information for the Cluster object.If the BCC Administrator user is not listed as a trustee, click the
(plus) button for , browse and select the User object, then click .Click
for the BCC Administrator user.Click
, select , then click .The [All Attributes Rights] and [Entry Rights] properties should automatically be listed. Add them if they are not present.
Assign rights and inherit settings for each property:
Property Name |
Assigned Rights |
Inherit |
Description |
---|---|---|---|
ACL |
None |
No |
Explicitly removing the rights for the ACL property ensures that no rights flow from eDirectory to the file system. |
[All Attributes Rights] |
Compare, Read, Write |
Yes |
Read and Write are required. |
[Entry Rights] |
Create, Delete |
Yes |
The Create right allows the trustee to create new objects below the container and also includes the Browse right. The Delete right allows the trustee to delete the target from the directory. |
For example:
Click
to save your changes.Repeat Step 2 through Step 9 for the Cluster objects of each peer cluster in your business continuity cluster.
In order for the BCC Administrator user to gain access to the cluster administration files (/admin/novell/cluster) on other Linux cluster nodes in your BCC, you must add that user to the Novell Cluster Services administration group (such as ncsgroup) on each cluster node.
Log in as root and open the /etc/group file.
Find either of the following lines:
ncsgroup:!:107:
or
ncsgroup:!:107:bccd
The file should contain one of the above lines, but not both.
Depending on which line you find, edit the line to read as follows:
ncsgroup:!:107:bccadmin
or
ncsgroup:!:107:bccd,bccadmin
Replace bccadmin with the BCC Administrator user you created.
Notice the group ID number of the ncsgroup. In this example, the number 107 is used. The actual number is the same on each node in a given cluster; it might be different for each cluster.
After saving the /etc/group file, execute the id command from a shell.
For example, if you named the BCC Administrator user bccadmin, enter id bccadmin.
The ncsgroup should appear as a secondary group of the BCC Administrator user.