Home | Store | Shopping Cart | Download | Contact | Help       

Overview

Documentation

FAQ

Download

Licensing

Purchase

---

Internet User Administrator (IUAdmin™) Features

Overview

IUAdmin™ is a web-based utility for use by administrators, helpdesk personnel, and by end users. IUAdmin provides both management of and access to eDirectory as well as the NetWare file system.

A major feature of IUAdmin is its powerful and highly scalable end-user web browser access to the NetWare file system. IUAdmin auto discovers a user's home directory and collaborative storage locations based solely on the user's identity. Users can browse, upload and download files using a web browser. IUAdmin's auto discovery feature totally eliminates the need for users to know where their storage is located on the network, and the manual process of creating login scripts to their storage.

IUAdmin extends the functionality of eDirectory to provide end users with a self-service password reset system as well as eDirectory-based access to both intranet and internet resources (including the NetWare file system). It also includes a web-based E-Mail utility for sending mail to almost any eDirectory construct.

General

• Web-based access to NetWare File System with cross-server communication and long filename support all controlled with standard file system trustee assignments.
• Web-based access to eDirectory and eDirectory User and Group Administration.
• Associate resources on your network or anywhere on the Internet with users and groups in eDirectory and provide Web-based access to them though a universal portal.
• Web-based E-Mail system allows sending mail to individual users, groups, org roles, and containers.
• SSL connections for security.
• No schema extensions. However optional extensions are provided for increased functionality.
• Any version of NDS or eDirectory
• One NetWare 5.x or 6.x server required.
• No replica placement rules.

User Self-Service

• Let users change their password via web.
• Let users store private questions and answers that allow them to later reset their own password.
• Let users optionally fix their own problems such as grace logins.
• Users access their account directly by last name or common name.
• Optionally put additional constraints on user passwords. (Ex: check against built-in or site-specific dictionary).
• Optionally insert your own program to be called anytime a password changes.
• Optionally force users to use IUAdmin™ for all password changes.
• User health indicator quickly informs user of any problem with the account and optionally allows them to fix it themselves.
• Users can access and control rights to their own home directory as well as any directory on any server on the network.

Helpdesk

• User health indicator quickly informs helpdesk if there is any problem with an account and how to fix it.
• Easily set up user helpdesk administrators over all users.
• Easily set up user helpdesk administrators over all users in a common department, even if they are in different parts of the tree.
• Easily set up user helpdesk administrators over all users at a location, even if they are in different parts of the tree
• Define helpdesk rights once and have them apply to the tree regardless of organization, management, or modification.
• Access user accounts directly by last name or common name.
• Direct access to Group management from user object.
• Easily fix home directory access rights and help users share files on the network.

Network Administrators

• User Management and Password Reset via web.
• Group Management via web.
• Access user accounts directly by last name or common name.
• Direct access to Group management from user object.
• Direct access to User management from group object.
• Control File System security on any NetWare server.
• Resource management over any user, group, role, or container.

User Status

• User health indicator quickly confirms any problem with an account.
• When integrated with AuditLogin™, immediately determine if a user is authenticated to any servers and list the connections along with each network address and login time.

Screen Shot --Flyer

Schema Notes

IUAdmin extends the functionality of NDS with both the Password Self-Reset facility and the Resources Portal facility. IUAdmin gives you a choice of storing object information associated with these facilities in files in the file system or in NDS via extensions to the schema. IUAdmin will automatically detect if the schema has been extended and if so, will use NDS to store these items, otherwise it uses the file system.

File System Option

The file system option was devised as a way of letting customers test IUAdmin in a production tree without requiring any schema extensions. The data is securely stored in individual files in the \SELFRSET and \RESOURCE subdirectories under the \IUADMIN directory. There is one file per object that is storing either Self-Reset or Resource data. The filename is based on a one-way hash of the fully distinguished name of the object.

There are drawbacks to using the file system storage option in a production environment. As mentioned, the filename used to store information for an object is based on the fully distinguished name of the object. If the object is renamed or moved, there is no mechanism in place to change the file name accordingly so that it corresponds to the new fully distinguished name of the object. If the object is deleted, there is no mechanism to delete the associated file.

NDS eDirectory Option

If you are going to use IUAdmin in a production environment, we suggest that you put the schema extensions in place to ease administration.

The two extensions are:

1. The attribute cccPasswordSelfReset is created and added to the Person class. This allows storage of the IUAdmin Self-Service Password Reset credentials.
2. The attribute cccResource is created added to the Top class. This allows the storage of resources associated with the IUAdmin Resource Portal.

These attributes are added with associated ASN1 IDs that contain OIDs assigned to Condrey Corporation by Novell.

To add the schema extensions, you will need to run the IUASETUP.NLM from the \IUADMIN\SCHEMA\ directory once. It will ask you to authenticate as a user that has the authority to extend the schema. Then, after waiting an appropriate amount of time for the schema changes to be propagated on the network, reload IUADMIN.NLM.

Determining if the Schema Extensions are in Place

You can determine the storage option in use by IUAdmin by clicking "IUAdmin Administration" on the "Advanced" page. This page will show various aspects of the IUAdmin configuration, including the storage methods. An example appears below.

IUAdmin™ Program Version 1.30 Dec 10 2001 16:09:06 Last parameter change: Mon Dec 10 15:43:22 2001 Last user index:: Tue Dec 11 00:01:41 2001 Next user index:: Wed Dec 12 00:00:00 2001 IUAdmin Resource Data Storage: NDS IUAdmin Self-Reset Data Storage: NDS Select parameter to change.

The following are requirements to run IUAdmin:

• At least one NetWare 5.1, 6.0 or NetWare 6.5 server in your tree to run IUAdmin.
• The latest winsock patches must be applied to this server to avoid lost packet and packet streaming problems that may occur with larger data transfers such as file upload and downloads.
• No schema extensions are required to use IUAdmin. However, optional schema extensions can be installed for increased maintainability. See the SchemaNotes section for more information.
• There are no NDS or eDirectory version requirements.
• Replicas can be held on any server and any operating system that is supported by Novell. The server running IUAdmin does not need to hold any replicas.
• IUAdmin needs 1 megabyte of memory for general housekeeping plus roughly 1 megabyte of memory per 10,000 users in your tree. For example, a server running IUAdmin to service a tree of 50,000 users would need about 6 megabytes of memory.