iManagerOES Linux includes iManager 2.5, a web-based tool for administering, managing, and configuring OES components, services, and eDirectory objects. iManager allows Role Based Services (RBS) to give you a way to focus the user on a specified set of tasks and objects as determined by the user's role(s). What users see when they access iManager is based on their role assignments in eDirectory.Chapter 14, "OES Web Foundations."Although other management tools, such as ConsoleOne, can be used to administer specific components of OES Linux, nearly all management tasks can be done through iManager. Among other things, you can define management roles to administer Linux User Management (LUM), iPrint, iFolder, IP address management, and perform eDirectory object management. iManager is the preferred management platform for OES Linux. Installing iManagerIn some OES Linux installations and patterns, iManager will not be installed automatically. If you did not select to install iManager during the server installation, it can be manually reinstalled through YaST, or the command line. To install iManager via YaST, complete the following steps: When you've installed iManager, you can open it from its URL, using either HTTP or HTTPS, at <server IP address >/nps/iManagerl. You will be required to authenticate in order to access iManager, and will have access to only those features to which you have rights. For full access to all iManager features, authenticate as a user with Supervisory rights to the eDirectory tree (see Figure 5.2). Figure 5.2. The iManager 2.5 home page.[View full size image] ![]() iManager BasicsAs shown in Figure 5.2, iManager is organized into three main sections, or frames: Header frame The Header frame is located at the top of the screen. Its buttons provide access to the various "views," or content categories, available through iManager, as well as an Exit link to close the browser window. Navigation frame The Navigation frame is located on the left side of the screen. It allows you to navigate among the various management tasks associated with the selected iManager view. What you see is further constrained by the rights of your authenticated identity. Content frame The Content frame occupies the middle-right part of the screen. When you select a link in the Header or Navigation frames, the appropriate information is displayed in the Content frame. TIP If you see the Looking Glass icon next to a field in iManager, you can use it to browse or search the tree for specific objects to use in creating, defining, and assigning roles. Role-Based Management with iManagerRole-Based Services (RBS) allow administrators to assign users a management role. A role is a specific set of functions, or tasks, that the user is authorized to perform. After users have been given a role, or roles, what they see and have access to in iManager is based on their role assignments. Only the tasks assigned to the authenticated user are displayed. Compared to older iManager versions on NetWare or Linux, RBS has been significantly expanded in iManager 2.5. RBS now offers very robust configuration and assignment of network management responsibilities. RBS is configured through iManager, and all RBS-related information is maintained in a set of RBS objects in eDirectory. These object types include the following: RBS Collection A container object that holds a set of RBS modules that will be assigned to a given portion of your eDirectory tree. RBS Module A container inside the RBS collection that organizes available RBS Tasks and Books into functional groups. RBS modules let you assign users responsibility for specific functionality within a product or service. RBS Role Specifies the tasks that users (members) are authorized to perform. Defining a role includes creating an RBS Role object and linking it to the tasks that the role can perform. RBS roles can be created only in an RBS Collection container. RBS Task Represents a specific function, such as resetting login passwords. RBS Task objects are located only in RBS Module containers. RBS Book Represents written materials associated with a given module, such as manuals, instructions, and so on. RBS books are located only in RBS Module containers. RBS Scope Represents the context in the tree where a role will be performed, and is associated with RBS Role objects. This object is dynamically created when needed, and automatically deleted when no longer needed. WARNING Never change the configuration of an RBS Scope object. Doing so can have very serious consequences and could potentially break the system. CONFIGURING ROLE-BASED SERVICESDuring the iManager installation, the schema of your eDirectory tree was extended to support the RBS object types specified previously. To set up RBS for the first time, complete the following steps in iManager:
Based on your selections, this will create all the appropriate RBS objects in your eDirectory tree. When you have configured your RBS Collection, selecting RBS Configuration in the Navigation frame will open the RBS Configuration task, as shown in Figure 5.3. Figure 5.3. RBS Configuration page in iManager 2.5.[View full size image] ![]() CONFIGURING RBSFrom RBS Configuration you have full control over the structure of your role-based management system, including creating new Collections, adding/deleting Modules within Collections, and creating/assigning Roles to users. When you install RBS, iManager creates specific relationships between Tasks, Modules, and Roles. However, you can modify task assignments, create customized Roles, or do most anything else you might need in order to align the RBS system to the realities of your network. For example, to assign a Role object to a specific user, complete the following steps in iManager:
After being assigned to Roles, users will have access to the iManager pages associated with the assigned Role. RBS is a powerful framework for configuring and managing administrative access to your network. Consider your assignments carefully and you can greatly increase the security of your environment by giving only the level of access necessary for a user to perform his or her job. |