Quick Guide to Installing and Configuring Novell iChain 1.5 Community Services
Articles and Tips: article
Consultant I
Novell Consulting
scott@digitalempires.com
01 Jul 2001
Stefan Evans Server AnalystGulfstream Aerospace Corporation
This AppNote takes you step-by-step through the process of installing iChain 1.5 Community Services. It covers how to install a community server on NetWare 5.1, how to configure the Web Server, and several optional considerations. For additional information on other aspects of iChain 1.5, see "Quick Guide to Installing and Configuring Novell ICS and iChain 1.5" in the May 2001 issue and "Quick Guide to Installing and Configuring Novell iChain 1.5 Authorization Services" in the June 2001 issue of Novell AppNotes.
- Introduction
- Installing iChain Community Services
- Configuring the Web Server
- Optional Considerations
- Conclusion
Introduction
Novell iChain is a set of components for building an electronic business infrastructure. iChain is comprised of the iChain Internet Caching System, iChain Authorization Server, iChain Community Services (running on NetWare Enterprise Web Server), NDS eDirectory 8.5, Public Key Infrastructure Services, the iChain ICS Browser-Based Administration Utility, and iChain Snap-Ins for ConsoleOne.
A digital community is a group of users whose membership is defined by rules. Rights and content are customized for each specific community, creating a unique experience for the user who belongs to the community. An example would be a community called "Shareholders." Members of this community would be granted access to documents, charts, and other materials that are of interest to a company's shareholders. Members of the "Customers" community would see a product catalog, whereas members of the "Preferred Customers" community would see special offers not available to members of any other community.The possible uses of digital communities are endless. Community membership can be the foundation of a customized Internet portal that sends users to information of particular interest to them, whether that user is a customer looking for a certain range of products, or an employee who only wants applications and files relevant to his or her job duties. A commercial community can be used to group similar products and services from various vendors on the same Web page. In this case, the community would consist of companies instead of individual users. This page could be further specialized by limiting access to this page to only members of particular community, such as those users who have paid a membership fee. Communities can even be used to control access to electronic bulletin boards and threaded discussion forums, ensuring that only the authorized can see those boards or forums.
The purpose of this document is to demonstrate the installation and configuration needed to deploy iChain community services, along with the Web Server configuration and optional considerations.
Installing iChain Community Services
This section explains how to install iChain services software as a community server on NetWare 5.1. The prerequisites are:
NDS eDirectory 8.5, which requires an Intel Pentium PC or UNIX workstation with 32MB RAM (64MB recommended). The system requirements for NDS eDirectory 8.5 will depend on the design and size of your directory tree. For example, if you were to create one million objects in a directory you would need 1GB of hard-drive space.
To proceed with the installation, complete the following steps:
-
At the NetWare 5.1 server's console, type "NSWEBDN <Enter>" to unload the NetWare Enterprise Web Server.
-
Type "JAVA -EXIT <Enter>" to unload and clean up any Java resources used by the server.
-
At a client workstation, map a drive to the SYS volume of the NetWare 5.1 Web server that will run iChain community services.
-
Run the START.EXE program that comes with the iChain community services software. START.EXE is on the iChain CD.
-
From the iChain 1.5 startup screen, click on "Install iChain on NetWare" (see Figure 1).
The Novell iChain startup screen.
-
You will see a pop-up window that welcomes you to the iChain Setup program. Click Next after reading the welcome message and warning.
-
The next screen provides you with pre-iChain installation information (see Figure 2). After reading this information, click Next to continue.
The Novell iChain Services pre-installation screen.
-
The Setup program then displays the License Agreement. After reading this information, click Yes to accept the licensing terms and continue.
-
The next screen prompts you to select the destination directory for the iChain Community Services (see Figure 3). Click the Browse button to locate the drive you previously mapped to the SYS volume of the NetWare 5.1 Web Server on which you will be installing the community services. When you have defined the destination, click Next to continue.
The iChain Setup: Select Install Type screen.
-
The next screen, shown in Figure 4, prompts you to configure the iChain Service Object (ISO) that needs to be assigned to the accelerator.
The iChain Setup: Configure iChain Service Object screen.
In the Tree Name field, enter the name of the NDS tree.
In the ISO Object field, click the Search button to search for the ISO Object that was previously created when installing the iChain Authorization Server component.
Once you have defined the Tree Name and the ISO Object, click Next to continue.
-
The next screen prompts you to identify the background iChain administrator that is required for iChain authentication and community services to work properly (see Figure 5).
The Identify iChain Administrator screen.
In the User Name field, click the Select User button to browse for the iChain authentication users that was created when installing the iChain Authorization Server component.
Note: Remember, this user only has Browse and inheritable object rights, as well as Compare, Read, and inheritable property rights at the root of your tree.
Once you have entered the User Name and Password, click Next to continue.
-
The next screen presents you with a review of the information you have designated thus far. Read over the information in the Current Settings window, and if you are ready to begin copying the program files, click Next.
-
You will see a pop-up information window informing you that the original index.html files will be overwritten. Click OK to continue the installation.
-
Once the files are copied, you will see the screen shown in Figure 6, informing you that the installation was successful. Click the Finish button to complete the installation.
The Identify iChain Administrator screen.
This completes the Community Services installation. You are now ready to configure the Web Server.
Configuring the Web Server
To configure the Community Server for iChain services on NetWare 5.1, complete the following steps.
-
To get to the NetWare Web Manager, open a Web browser and go to https://IP_address_of_your_web_server:2200, as shown in Figure 7.
Entering the NetWare Web Manager.
-
You will be prompted to accept a new site certificate. Figure 8 shows the New Site Certificate screen as it appears in Netscape.
Accepting the new site certificate in Netscape.
Note: The process of accepting a new site certificate will look different depending on what browser you are using. Follow the onscreen prompts to accept the certificate.
-
Once you accept the certificate, you are prompted for an administrator's username and password (see Figure 9). Enter the administrator's distinguished name and password, and then click OK.
Entering the administrator's user name and password.
-
After you are authenticated to the NetWare Web Manager, you will see the General Administration screen shown in Figure 10.
The NetWare Web Manager's General Administration screen.
-
In the NetWare Enterprise Web Server section of the screen, click on the button named after the server you are administering. In this example, the server is named "community".
You will see a pop-up JavaScript Application warning telling you that manual edits are not loaded. This is an expected warning that appears because the iChain community services were installed as an add-on product in previous steps. Simply click OK to continue.
-
In the Server Preferences screen, click the "Apply" link located at the upper central area of the page, as shown in Figure 11. This will take you to the appropriate screen to apply the manual edits.
The NetWare Web Manager's Server Preferences screen.
-
In the Apply Changes screen, click on the Load Configuration Files button (see Figure 12). This will refresh the Web server with the manual edits.
The NetWare Web Manager's Apply Changes screen.
-
You will see a pop-up JavaScript Application window informing you that the most recent configuration files have been loaded. Click OK to close this window.
You can now restart the server so that these recent changes will take effect.
Optional Considerations
This section describes some optional considerations you can make for your iChain Community Services implementation.
Encrypting Traffic Between the Proxy and Community Servers
To encrypt the traffic between the Proxy server and the Web server, complete the following steps.
-
On the Web Server Manager's Server Preferences page, click the Encryption On/Off selection located at the bottom left-hand corner of the page. You will see the screen shown in Figure 13.
The Encryption On/Off screen.
-
On the Encryption On/Off page, ensure that the following settings are made:
Encryption is On.
Server Certificates is set to SSL CertificateIP. (This is done because the iChain 1.5/Proxy accelerates back-end Web servers' content based on their IP addresses.)
Once this is complete, click OK.
-
You will see a pop-up JavaScript Application window informing you that you need to shut down the HTTP server and restart it in order for your changes to take effect. It also informs you that the server's URL will change from http://your_server.com to https://ypur_server.com. Click OK to close this window.
-
You will next see a page to save and apply the changes you have made. As shown in Figure 14, the screen contains a list of what is about to be changed.
The Encryption On/Off screen.
Click the Save and Apply button to apply your recent changes.
-
You will see a pop-up JavaScript Application window informing you that your changes have been saved and applied. Click OK to close this window.
You can now restart the server so that these recent changes will take effect.
Custom Login Page
To change the login page (see Figure 15) to match the look-and-feel of your company's intranet or extranet, perform the following steps.
The Login startup screen.
-
Log in to the already-configured iChain/ICS appliance. You should have drive F mapped to the SYS volume.
-
Go to F:\etc\proxy\data, which contains three generic BorderManager login screens for the various authentication methods that are available for users.
If your users are authenticating via an LDAP Authentication Profile with the login format of the user's Distinguished Name, edit the calogldp.htm file.
If a different login format is being used for LDAP authentication, other HTML files exist in this folder for that purpose.
Note: Any customized images for these HTML pages must have the same filename and format as those used by the generic login HTML page.
-
Once the changes are complete, restart the iChain 1.5/ICS Proxy so that the changes will take effect.
Accepting Only HTTP Requests from the iChain 1.5/ICS Proxy
Locking down the Community Services Web Server to accept only HTTP requests from the iChain/ICS Proxy prevents users from accessing this server's Web content without being required to log in to your iChain security infrastructure. Here's how this is done.
-
Using Netscape 4.75 or later, go to the NetWare Web Manager at https://IP_address_of_your_web_server:2200.
-
You will be prompted to enter a username and password. Enter the full, period-delimited context and password of the administrator and click OK to continue.
-
You will see a pop-up security information window similar to the one shown in Figure 16. (This is because you are going from a non-SSL to an SSL connection.) After reading the information, click Continue.
The Security Information window.
-
You will next see the default NetWare Web Manager General Administration screen, as shown in Figure 17. Click on the Global Settings link.
The NetWare Web Manager General Administration screen.
-
You will see the Global Settings screen shown in Figure 18, where you must set the LDAP Directory Server Configuration.
The NetWare Web Manager Global Settings screen.
In the Host Name field, enter the IP address of the LDAP provider.
In the Port field, leave the default of 389.
In the Base DN field, enter the Organization level of your tree.
You have two options for the Bind DN and Bind Password fields:
You can leave these fields blank, which will allow anonymous search access. (In all probability, this security is based on what has been given to the [Public] key of NDS.)
Create a special user that has only Browse and Inheritable Object rights, along with Read, Compare, and Inheritable Property rights to the entire tree.
When this has been completed, click OK to save the information.
-
Click the Server Preferences link at the top right of the screen, which will take you back to the default NetWare Web Manager screen.
-
In the NetWare Enterprise Web Server section of the screen, click on the button named for the server ("community" in our example). You will see the Server Preferences screen shown in Figure 19.
The NetWare Web Manager Server Preferences screen.
-
Click on the Restrict Access link in the left pane, which will take you to the Access Control List Management screen shown in Figure 20.
The NetWare Web Manager Access Control List Management screen.
-
Under "A. Pick a resource", click the Edit button, which takes you to the Access Control Rules screen shown in Figure 21.
The NetWare Web Manager Access Control Rules screen.
-
In this screen, delete any of the default ACL Rules by clicking the Trash Can icon to the right of each rule.
-
Click the New Line button to add a new resource, which will add a new line with the default settings of Deny, anyone, anyplace, all, and x.
-
Configure the new rule by first clicking the Deny link, which brings up the "Allow/Deny" window shown in Figure 22.
The "Allow/Deny" configuration window.
Select Allow and click the Update button.
-
Click the anyplace link, which brings up the "From Host" window shown in Figure 23.
The "From Host" configuration window.
Select the "Only from" option and insert your Proxy information in the Host Names and IP Addresses fields.
-
Repeat steps x to y for each additional IP address that needs access to the server.
Note: If the iChain 1.5/ICS Proxy and the Community Services Web Server are separated by a firewall, you will need to enter the IP address of the firewall instead of the Proxy. The firewall acts as a proxy to the iChain 1.5/ICS Proxy, and as a result all communication appears to be coming from the firewall.
-
Click the Apply link at the top of the screen to submit the changes. This will reboot the Web Server.
Conclusion
By following the steps outlined in this AppNote, you will have successfully installed and configured Novell iChain 1.5 Community Services. You have implemented another important step in extending the resources in your iChain environment to your employees, customers, and partners on the Net.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.