Preparation
Before you begin, you must:
Know the name of each NDS tree and the top-level context in which Bravura Security Fabric performs operations.
Install the Novell Client on the Bravura Security Fabric server.
Create an administrative account in the NDS tree that can list users in the relevant NDS sub-tree and reset passwords for every user object in the sub-tree.
Create at least one test account in the sub-tree. More accounts, in multiple contexts, are better.
Create at least one template account
Bravura Security Fabric can identify users in the NDS tree based on one of two mutually-exclusive assumptions:
Each user has at most one account in the NDS tree. Ideally, but not necessarily, the common name uniquely identifies each user.
A user may have multiple accounts in different contexts in the tree, but the common name uniquely identifies the user.
You must decide which assumption best fits your NDS tree.
Installing client software
Bravura Security Fabric communicates with the NDS server via the NCP protocol. Before you can target NDS, you must install the Novell Client on the Bravura Security Fabric server. The client software must also be installed on Bravura Security Fabric proxy servers.
Do not install the Microsoft Client for Novell Networks.
If Bravura Security Fabric is installed on Windows 2008, you must install Novell Client 2 for Windows 7/2008/2008R2.
Configuring a target system administrator
Bravura Security Fabric uses a designated account on the NDS target system to perform operations.
To create an administrative account on a NDS server, first create a user on the NDS directory that you want to manage, then add the user as a trustee for the directory:
To create an administrative account on a Novell Directory Services (NDS) server, first create a user on the NDS directory that you want to manage, then add the user as a trustee for the directory:
Open Netware Administrator at <volume name>\sys\public\win32\nwadmin.exe.
Expand the tree list to see the directory-level object you want the user to manage.
For example, select Root if you want the user to manage the entire directory.
Right-click on the object name and select Add Trustee.
Netware Administrator displays the dialog box.
Select the user you want to add as a trustee and click OK to close the dialog box.
Click the appropriate checkboxes in the Object Rights section of the dialog box. These rights define the user's access permissions at the selected directory level.
Click the appropriate checkboxes in the Property Rights section. These rights define the user's actions at the selected directory level.
Click OK.
Ensure that you set and note the account’s password. You will be required to enter the account’s login ID and password when you add the GroupWise target system to Bravura Security Fabric .
If GroupWise is installed on a Windows system, Bravura Security Fabric also requires access to the UNC path using a system account. A share is established to access information required to perform the supported operations. If Groupwise is installed on a Novell NDS system, a system account is not required; GroupWise and NDS use the same Admin ID.
Expand the tree list to see the directory-level object you want the user to manage.
For example, select Root if you want the user to manage the entire directory.
Right-click on the object name and select Add Trustee.
Netware Administrator displays the dialog box.
Select the user you want to add as a trustee and click OK to close the dialog box.
Click the appropriate checkboxes in the Object Rights section of the dialog box. These rights define the user's access permissions at the selected directory level.
Click the appropriate checkboxes in the Property Rights section. These rights define the user's actions at the selected directory level.
Click OK.
Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the target system to Bravura Security Fabric .
Creating a template account
Bravura Security Fabric uses template accounts as models or "blueprints" for creating new NDS accounts. The following example illustrates how you can create a template account on your NDS server:
Open Netware Administrator at: <volume name>\sys\public\win32\nwadmin.exe.
Expand the tree list to see the Organization Unit (the second level branch) to which you want to add a new user.
Right-click on the Organization Unit name and select Create.
Netware Administrator displays the New Object dialog box.
Select User and click OK.
Netware Administrator displays the Create User dialog box.
Type a Login Name and Last Name.
Click the Use a Template icon to select a Novell template to create the new user . (Optional)
Select the checkbox next to Create Home Directory.
Click the Home Directory icon to select a
Volumeand Sub-directory for the user’s home directory.Select the checkbox next to Create Additional Property.
Click the Define additional properties icon to set the following parameters in the properties dialog box:
Login Restrictions
Account Disabled (Optional) If you want to prevent use of the account. Do this to create an inactive template account, or an account that is not used until a later date.
Account has an expiry date (Optional) To select a date when the account becomes disabled.
Password Restrictions Select from:
Allow user to change password
Require password
Force personal password changes
Require unique passwords
Limit grace logins
Login Time Restrictions To restrict the hours during which the user can connect to a server.
Group Membership To select the groups in which the user account has membership.
It is recommended that you do not add template accounts to Bravura Security Fabric managed groups. Managed group memberships should be handled by including them in roles.
Security Equal To To select a user account which has security clearance equal to that of the new user account.
Print Job Configuration To configure the user’s printer.
Login Script To define a script that executes when a user logs in.
Click OK.
See your Novell systems administrator or Novell documentation for more information.