Novell Open Enterprise Server Administrators Handbook SUSE Linux Edition [Electronic resources] نسخه متنی

iManager

OES Linux includes iManager 2.5, a web-based tool for administering, managing, and configuring OES components, services, and eDirectory objects. iManager allows Role Based Services (RBS) to give you a way to focus the user on a specified set of tasks and objects as determined by the user's role(s). What users see when they access iManager is based on their role assignments in eDirectory.Chapter 14, "OES Web Foundations."

Although other management tools, such as ConsoleOne, can be used to administer specific components of OES Linux, nearly all management tasks can be done through iManager. Among other things, you can define management roles to administer Linux User Management (LUM), iPrint, iFolder, IP address management, and perform eDirectory object management. iManager is the preferred management platform for OES Linux.

Installing iManager

In some OES Linux installations and patterns, iManager will not be installed automatically. If you did not select to install iManager during the server installation, it can be manually reinstalled through YaST, or the command line. To install iManager via YaST, complete the following steps:

1.	Access YaST from a terminal using `yast`, or from a graphical environment using `yast2` or the YaST launcher from the application menu.
2.	Select the Network Services category in YaST. From within this category, locate and select the iManager module. This module will detect that the RPMs for iManager are missing and ask if you want to install them. Select Continue to install the necessary packages.
3.	At the conclusion of the software installation, `SuSEconfig` is executed to update the system configuration. When this completes, the configuration of the iManager will begin automatically.
4.	At the iManager Configuration screen, enter the following information and click Next: eDirectory Tree Enter the name of the eDirectory tree iManager will be servicing. FDN Admin Name with Context Enter the eDirectory administrators credentials using fully qualified dot notation, for example, `cn=admin.o=novell`.
5.	The iManager configuration is now saved, and necessary iManager plug-ins are automatically installed. Depending on the OES components installed, this step can take some time.
6.	In order for iManager to be active, select to restart Apache and Tomcat when prompted.

When you've installed iManager, you can open it from its URL, using either HTTP or HTTPS, at <server IP address >/nps/iManagerl. You will be required to authenticate in order to access iManager, and will have access to only those features to which you have rights. For full access to all iManager features, authenticate as a user with Supervisory rights to the eDirectory tree (see Figure 5.2).

Figure 5.2. The iManager 2.5 home page.

[View full size image]

You can also open iManager in Simple mode, suitable for compliance with Federal accessibility guidelines. It provides the same functionality as Regular mode, but with an interface optimized for accessibility by those with disabilities (for example, expanded menus for blind users who rely upon spoken commands). To use Simple mode, replace iManagerl with Simplel in the iManager URL. For example: https://www.quills.com/nps/Simplel or https://192.168.1.100/nps/Simplel Using either interface, you will have access to only those features to which you have rights. For full access to all iManager features, authenticate as a user with Supervisory rights to the eDirectory tree.

iManager Basics

As shown in Figure 5.2, iManager is organized into three main sections, or frames: Header frame
The Header frame is located at the top of the screen. Its buttons provide access to the various "views," or content categories, available through iManager, as well as an Exit link to close the browser window. Navigation frame
The Navigation frame is located on the left side of the screen. It allows you to navigate among the various management tasks associated with the selected iManager view. What you see is further constrained by the rights of your authenticated identity. Content frame
The Content frame occupies the middle-right part of the screen. When you select a link in the Header or Navigation frames, the appropriate information is displayed in the Content frame.
TIP If you see the Looking Glass icon next to a field in iManager, you can use it to browse or search the tree for specific objects to use in creating, defining, and assigning roles.

Role-Based Management with iManager

Role-Based Services (RBS) allow administrators to assign users a management role. A role is a specific set of functions, or tasks, that the user is authorized to perform. After users have been given a role, or roles, what they see and have access to in iManager is based on their role assignments. Only the tasks assigned to the authenticated user are displayed. Compared to older iManager versions on NetWare or Linux, RBS has been significantly expanded in iManager 2.5. RBS now offers very robust configuration and assignment of network management responsibilities. RBS is configured through iManager, and all RBS-related information is maintained in a set of RBS objects in eDirectory. These object types include the following: RBS Collection
A container object that holds a set of RBS modules that will be assigned to a given portion of your eDirectory tree. RBS Module
A container inside the RBS collection that organizes available RBS Tasks and Books into functional groups. RBS modules let you assign users responsibility for specific functionality within a product or service. RBS Role
Specifies the tasks that users (members) are authorized to perform. Defining a role includes creating an RBS Role object and linking it to the tasks that the role can perform. RBS roles can be created only in an RBS Collection container. RBS Task
Represents a specific function, such as resetting login passwords. RBS Task objects are located only in RBS Module containers. RBS Book
Represents written materials associated with a given module, such as manuals, instructions, and so on. RBS books are located only in RBS Module containers. RBS Scope
Represents the context in the tree where a role will be performed, and is associated with RBS Role objects. This object is dynamically created when needed, and automatically deleted when no longer needed.
WARNING Never change the configuration of an RBS Scope object. Doing so can have very serious consequences and could potentially break the system.

CONFIGURING ROLE-BASED SERVICES

During the iManager installation, the schema of your eDirectory tree was extended to support the RBS object types specified previously. To set up RBS for the first time, complete the following steps in iManager:

1.	In the Header frame, select the Configure button.
2.	In the Navigation frame, open the Role Based Services group and select RBS Configuration.
3.	Select Configure iManager in the Content frame.
4.	Finish applying RBS schema extensions by selecting Next.
5.	Specify the name and location for the RBS Collection and click Next.
6.	In the RBS Modules page, make your desired selections and click Start: Specify the RBS Modules that you want installed in this RBS Collection. Each module provides a different set of management tasks that can be assigned as a group. Specify a scope for the RBS Modules you have selected. The scope specifies the container in which those assigned this management role will be able to perform those management tasks. Select Inheritable if you want the management tasks to be applicable to all subcontainers of the Scope you specify.
7.	When the installation of iManager modules completes, click Close.

Based on your selections, this will create all the appropriate RBS objects in your eDirectory tree. When you have configured your RBS Collection, selecting RBS Configuration in the Navigation frame will open the RBS Configuration task, as shown in Figure 5.3.

Figure 5.3. RBS Configuration page in iManager 2.5.

[View full size image]

CONFIGURING RBS

From RBS Configuration you have full control over the structure of your role-based management system, including creating new Collections, adding/deleting Modules within Collections, and creating/assigning Roles to users. When you install RBS, iManager creates specific relationships between Tasks, Modules, and Roles. However, you can modify task assignments, create customized Roles, or do most anything else you might need in order to align the RBS system to the realities of your network. For example, to assign a Role object to a specific user, complete the following steps in iManager:

1.	In the Header frame, select the Configure button.
2.	In the Navigation frame, open the Role Based Services group and select RBS Configuration.
3.	Select the Collection in which you want to work by clicking its name in the Content frame.
4.	From the Roles tab, select the Role you want to assign and click Actions, Member Associations.
5.	In the Member Associations screen, provide the requested information and click Add. You can repeat this process for as many users as you want. Browse to, or specify, the User object you want to assign to this Role. Specify the scope for which the specified user should have access to the Role. The scope specifies the directory context under which the User can perform the management tasks associated with this Role. By default, the scope will be inheritable, meaning that the Role will be active from that point down in the eDirectory tree for this user.
6.	When finished assigning users to this Role, click OK.

After being assigned to Roles, users will have access to the iManager pages associated with the assigned Role. RBS is a powerful framework for configuring and managing administrative access to your network. Consider your assignments carefully and you can greatly increase the security of your environment by giving only the level of access necessary for a user to perform his or her job.

Novell Open Enterprise Server Administrators Handbook SUSE Linux Edition [Electronic resources] نسخه متنی

فارسی

کردی

العربیه

اردو

Türkçe

Русский

English

Français

کانال فیلم من

تبیان من

فایلهای من

کتابخانه من

پنل پیامکی

وبلاگ من

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی