Novell iManager 2.7.5 Administration Guide - NetIQ
Novell iManager 2.7.5 Administration Guide - NetIQ
Novell iManager 2.7.5 Administration Guide - NetIQ
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
To further tighten security, do not allow AutoUpdate and use only the system keystore. If you do this,<br />
you must manually import the certificates that you want to reside in the default system keystore by<br />
using the tools that come with Java. If you disable UpdateAllowAll, then certificate imports occur<br />
only from a successful <strong>iManager</strong> authorized user login.<br />
6.4.2 Security<br />
These settings affect your entire Web server configuration and are saved in the config.xml file. You<br />
can either save as you go or click Save once after you have made all your changes.<br />
Warn When Using a Nonsecure Connection<br />
Select this option if you want users without a secure connection between the Web browser and the<br />
Web server to receive the following warning: You are using a non-secure connection.<br />
Enable <strong>Novell</strong> Audit<br />
Make sure you have met the <strong>Novell</strong> Audit Prerequisites. Select the Enable <strong>Novell</strong> Audit option and<br />
select specific <strong>iManager</strong> logging events, then click Save.<br />
Auto Import Tree Certificate for Secure LDAP<br />
Secure LDAP connections require a certificate. If you select this feature, the system automatically<br />
imports a public tree certificate for secure LDAP.<br />
Authorized Users and Groups<br />
Authorized users and groups are those that <strong>iManager</strong> permits to perform its various administrative<br />
tasks. Authorized user data is saved in TOMCAT_HOME\webapps\nps\WEB-<br />
INF\configiman.properties. The <strong>iManager</strong> installation process creates this file only if authorized<br />
user and group information is provided, but doing it, is not required. Failure to do it results in<br />
<strong>iManager</strong> allowing any user to install <strong>iManager</strong> plug‐ins and modify <strong>iManager</strong> server settings (not<br />
recommended long‐term.)<br />
When a group or an organizational role is added to this list, all members of the group or the<br />
organizational role become authorised users. Adding a nested group supports only first level of<br />
members. But adding a dynamic group is not supported because it can have any type of objects as its<br />
members.<br />
After installing <strong>iManager</strong>, you can add an authorized user, group, or organizational role by<br />
specifying, or by using the Objector Selector icon next to the Authorized Users and Groups list. Doing<br />
this modifies the configiman.properties file.<br />
To designate all users of the tree as authorized users, type AllUsers.<br />
NOTE: You can add and save only valid users to the Authorized Users and Groups list. If you add<br />
invalid users and click Save, an error message, which says that the object is not found, is displayed. If<br />
you add only invalid users to the list and click Save, the error message is displayed and the list of<br />
invalid users is automatically replaced by AllUsers. If you do not want all the users of the tree to be<br />
authorized users, remove AllUsers from the list, add desired valid users to the list, and click Save.<br />
70 <strong>Novell</strong> <strong>iManager</strong> <strong>2.7.5</strong> <strong>Administration</strong> <strong>Guide</strong>