User Sources
31
257
n
ov
do
cx (e
n)
16
Ap
ril 20
10
31
User Sources
Novell
®
ZENworks
®
10 Configuration Management lets you assign content to users as well as
devices. Device-assigned content is available whenever the device is running and connected to the
network; user-assigned content is available only when the user is logged in to the Management
Zone. For example, if you assign a bundle to a user, the bundle is available only after the user logs
in.
Unlike devices, users are not defined in your Management Zone. Instead, you connect to the LDAP
directory that you want to use as your authoritative user source. If necessary, you can connect to
multiple directories.
NOTE:
After you define a user source, the ZENworks Adaptive Agent automatically prompts
device users to log in to the ZENworks Management Zone. If you do not want users to receive this
prompt, you can uninstall or disable the User Management module at the ZENworks Adaptive
Agent level. For more information, see
Section 14, “Configuring Adaptive Agent Settings after
Deployment,” on page 145
.
The following sections provide instructions to define user sources:
Section 31.1, “Prerequisites,” on page 257
Section 31.2, “Managing User Sources,” on page 258
Section 31.3, “Managing User Source Connections,” on page 263
Section 31.4, “Managing Primary Server Connections for User Sources,” on page 266
Section 31.5, “Managing Authentication Server Connections for User Sources,” on page 267
Section 31.6, “Providing LDAP Load Balancing and Fault Tolerance,” on page 268
31.1 Prerequisites
Minimum directory version:
Novell eDirectory
TM
8.7.3 or Microsoft Active Directory on
Windows 2000 SP4.
Minimum LDAP version:
LDAPv3
Minimum user account rights:
Read rights.
For Active Directory, you can use a basic user account. This provides sufficient read access to
the directory.
For eDirectory, you need inheritable read rights to the following attributes: CN, O, OU, C, DC,
GUID, WM:NAME DNS, and Object Class. You can assign the rights at the directory’s root
context or at another context you designate as the ZENworks root context.
The username and password used to access the user source directory are stored in clear-text
format on the ZENworks Linux Primary servers in the
/etc/CASA/authtoken/svc/
iaRealms.xml
file. By default, the access to this file is limited because of security reasons.
DNS name resolution:
With Active Directory, your ZENworks Servers (in particular, the DNS
clients on the ZENworks Server) must be able to resolve the DNS name of each Active
Directory domain defined as a user source. Otherwise, users from the Active Directory domain
cannot log in to the ZENworks Management Zone.