|
OES Linux includes iManager 2.5, a web-based tool for administering, managing, and configuring OES components, services, and eDirectory objects. iManager allows Role Based Services (RBS) to give you a way to focus the user on a specified set of tasks and objects as determined by the user's role(s). What users see when they access iManager is based on their role assignments in eDirectory. iManager has been architected to leverage Novell's exteNd web services platform, and is in effect a management portal for Novell's products and services. It runs on Apache Web Server. For more information on Apache Web Server, see Chapter 14, "OES Web Foundations." Although other management tools, such as ConsoleOne, can be used to administer specific components of OES Linux, nearly all management tasks can be done through iManager. Among other things, you can define management roles to administer Linux User Management (LUM), iPrint, iFolder, IP address management, and perform eDirectory object management. iManager is the preferred management platform for OES Linux. Installing iManagerIn some OES Linux installations and patterns, iManager will not be installed automatically. If you did not select to install iManager during the server installation, it can be manually reinstalled through YaST, or the command line. To install iManager via YaST, complete the following steps:
When you've installed iManager, you can open it from its URL, using either HTTP or HTTPS, at <server IP address>/nps/iManager.html. You will be required to authenticate in order to access iManager, and will have access to only those features to which you have rights. For full access to all iManager features, authenticate as a user with Supervisory rights to the eDirectory tree (see Figure 5.2). Figure 5.2. The iManager 2.5 home page.You can also open iManager in Simple mode, suitable for compliance with Federal accessibility guidelines. It provides the same functionality as Regular mode, but with an interface optimized for accessibility by those with disabilities (for example, expanded menus for blind users who rely upon spoken commands). To use Simple mode, replace iManager.html with Simple.html in the iManager URL. For example: https://www.quills.com/nps/Simple.html or https://192.168.1.100/nps/Simple.html Using either interface, you will have access to only those features to which you have rights. For full access to all iManager features, authenticate as a user with Supervisory rights to the eDirectory tree. iManager BasicsAs shown in Figure 5.2, iManager is organized into three main sections, or frames:
TIP If you see the Looking Glass icon next to a field in iManager, you can use it to browse or search the tree for specific objects to use in creating, defining, and assigning roles. Role-Based Management with iManagerRole-Based Services (RBS) allow administrators to assign users a management role. A role is a specific set of functions, or tasks, that the user is authorized to perform. After users have been given a role, or roles, what they see and have access to in iManager is based on their role assignments. Only the tasks assigned to the authenticated user are displayed. Compared to older iManager versions on NetWare or Linux, RBS has been significantly expanded in iManager 2.5. RBS now offers very robust configuration and assignment of network management responsibilities. RBS is configured through iManager, and all RBS-related information is maintained in a set of RBS objects in eDirectory. These object types include the following:
WARNING Never change the configuration of an RBS Scope object. Doing so can have very serious consequences and could potentially break the system. CONFIGURING ROLE-BASED SERVICESDuring the iManager installation, the schema of your eDirectory tree was extended to support the RBS object types specified previously. To set up RBS for the first time, complete the following steps in iManager:
Based on your selections, this will create all the appropriate RBS objects in your eDirectory tree. When you have configured your RBS Collection, selecting RBS Configuration in the Navigation frame will open the RBS Configuration task, as shown in Figure 5.3. Figure 5.3. RBS Configuration page in iManager 2.5.CONFIGURING RBSFrom RBS Configuration you have full control over the structure of your role-based management system, including creating new Collections, adding/deleting Modules within Collections, and creating/assigning Roles to users. When you install RBS, iManager creates specific relationships between Tasks, Modules, and Roles. However, you can modify task assignments, create customized Roles, or do most anything else you might need in order to align the RBS system to the realities of your network. For example, to assign a Role object to a specific user, complete the following steps in iManager:
After being assigned to Roles, users will have access to the iManager pages associated with the assigned Role. RBS is a powerful framework for configuring and managing administrative access to your network. Consider your assignments carefully and you can greatly increase the security of your environment by giving only the level of access necessary for a user to perform his or her job. |
|