To access eDirectory from the EBA plug-in of iManager, the EBA CA certificate must reside in the EBA trusted certificate store of iManager. To download the EBA CA certificate on the computer running iManager, run the ebaclientinit utility from the iManager installation package. For more information, see Running the ebaclientinit Utility.
To open the EBA CA management page, log in to iManager and click Roles and Tasks icon on the top bar to ensure that you are in the Roles and Tasks view, then select Enhanced Background Authentication in the navigation panel on the left. Click EBA CA Management to open the EBA CA management page.
The EBA CA management page includes the following tabs to manage different aspects of EBA CA:
General: Displays the IP address of EBA CA and its certificate.
Certificates Issued: Displays the NCP CA certificates along with their IP address and port.
To revoke a certificate, select the certificate and click Revoke. Use this option only in extreme situations, because the server owning the NCP CA certificate will become non-functional when you revoke its certificate. Usually, revoking the certificate becomes necessary when a server is compromised.
CSR: Lists the pending certificate signing requests for administrator approval. To approve a certificate signing request, select the certificate from the list and click Approve.
To download the EBA CA certificate on the computer running iManager, run ebaclientinit. The following table lists the command line options available with the ebaclientinit utility:
|
Command Line Options |
Description |
|---|---|
|
--user-dn |
DN of the user in dot format. |
|
--password |
Password of the EBA-enabled user. |
|
--address |
Address of an NCP server in the tree. The syntax is <IP address>:<port>. |
For example, ebaclientinit --mechanism ebatls --user-dn john.foo.org --password p@$$w0rd --address 111.111.11.1:524
Depending on your platform, run ebaclientinit by using one of the following methods:
Linux: iManager runs as a novlwww user on Linux. Therefore, run ebaclientinit as a novlwww user by using this command:
sudo -u novlwww -H LD_LIBRARY_PATH=/var/opt/novell/iManager/nps/WEB-INF/bin/linux/var/opt/novell/iManager/nps/WEB-INF/bin/linux/ebaclientinit --mechanism ebatls
Windows: Perform the following actions:
Log in to the server where iManager is installed.
Run ebaclientinit from C:\Program Files\Novell\Tomcat\webapps\nps\WEBINF\bin\windows\ebaclientinit.exe --mechanism ebatls.
This will place the .eba.p12 file in the user's home directory.
Copy the .eba.p12 file to C:\Users\novlwww.
NOTE:If you are using iManager 3.0 SP1 or earlier, copy the .eba.p12 file to C:\Windows\System32\config\systemprofile. You need to perform this because Tomcat runs as a System user in Windows.
NOTE:If iManager does not find the EBA CA certificate for the tree in the .eba.p12 file or if .eba.p12 file is not present, the EBA plug-in of iManager prompts you for the sadmin credentials of the server acting as EBA CA. However, NetIQ does not recommend to use sadmin credentials.