iManager message: "No roles or tasks have been assigned to this user."
(Last modified: 13Sep2005)
This document (10068247) is provided subject to the disclaimer at the end of this document.
fact
Novell NetWare 6
RedHat Linux 7.3
Microsoft Windows NT 4.0
Microsoft Windows 2000 Server
Solaris 8
Novell iManager 1.0
Novell iManager 1.1
Novell iManager 1.2.1
Novell iManager 1.2.2
Novell iManager 1.5
symptom
iManager message: "No roles or tasks have been assigned to this user."
"Please contact your system administrator"
No roles or tasks show up when logging in as the admin of the tree or any other user.
cause
No owners have been assigned to the Role Based Service object (rbsCollection object) in the tree
User logging into iManager is not assigned any tasks
The Role Based Service object (rbsCollection object) has been deleted or was never created.
note
NOTE: The term rbsCollection and Role Based Service are used interchangeably in this document. rbsCollection is the "type" of object (object class) and "Role Based Service" is the default name of the rbsCollection object. This document assumes that the rbsCollection object is named "Role Based Service".
fix
There are four cases to check when dealing with role and task problems in iManager:
Case 1) The user who is logging into iManager is not a member of any roles
Case 2) There are no owners assigned to the Role Based Service object.
Case 3) The Role Based Service object was deleted from NDS, is corrupt or no longer exists.
Case 4) iManager was not able to resolve a group membership attribute on the user
NOTE on Case 4: iManager is very group membership aware. When a user tries to authenticate to iManager, iManager looks at all of the group membership values for the given user object and tries to resolve each group whether it is related to Role Based Services or not. If it fails trying to resolve any of the group memberships, iManager will still authenticate you as a valid user, but you will not see any of your roles or tasks listed. The collection owner should still be able to go into the configuration section of iManager and make changes. A good way to test whether you are having group membership resolve problems is to create a brand new user that is not a member of any groups at all. Assign the new user to any of the roles and see if that user can log in and see the correct roles. If so, then it is most likely a group membership resolve problem.
A good way to verify what iManager is trying to resolve is to use the SET DSTRACE = +RN flag. This "Resolve Name" flag will show you errors on the Directory Services screen if you are having problems resolving a group membership attribute.
There are some slight differences between iManager 1.5 and versions prior to 1.5. Make sure that you follow the steps under the section that pertains to the version of iManager you are running.
Versions prior to iManager 1.5 (1.0, 1.1, 1.2.1, 1.2.2)
To verify who the owner of the Role Based Service object is, do the following:
1. Log into iManager
2. Click the Configure button (man behind the desk)
3. Expand the "Collection Management" section on the left
4. Click "Modify Owners"
5. Click the Search button to search for the rbsCollection object (Role Based Service is the default name of the object)
6. In the eDirectory Object Selector window that pops up, make sure you are on the SEARCH tab and then click the Search button on the lower left and then select the Role Based Service object under the Results window. NOTE: if no rbsCollection object is found, see the section below to recreate the rbsCollection object.
7. Click OK
The owners will be listed. The first user object in the list will be the one that originally installed iManager. Log out of iManager and log back in as the owner and all tasks and roles should be available. Only the owner of the collection object can modify the member list and task list for each role.
Use the "Modify Role" task under the "Role Management" section to modify roles and add additional users to the desired roles. For more information on basic role management and on how to add/delete/modify members and tasks, see the iManager documentation found at http://www.novell.com/documentation. If there are no owners assigned, no user will be able to administer roles and tasks. You will need to have rights to the Role Based Service object in order to add additional owners. To add an owner to the collection:
1) Follow the steps above to bring up the owner's list
2) Click Add and browse to the user object you want to add.
3) Click OK. That user is now able to administer the roles and tasks
Once an owner is assigned, make sure you are logged into iManager as the owner and then use tasks under Role Management to add the new owner to the appropriate roles. See the documentation link for more information on how to do this.
If there are no Role Based Service objects in the tree, one will need to be created. Generally there should only be one Role Based Service object in the tree. Do the following to recreate the Role Based Service object and modules:
1. Log into iManager
2. Click the Configure button (man behind the desk)
3. Expand the "Role Based Services Setup" section on the left
4. If the schema hasn't been extended, click the "Extend Schema" link.
5. Next click the "Create rbsCollection" link
6. You can assign whatever name you want. The default is Role Based Service
7. Browse to the container where the object will reside by clicking the Search button
8. Click OK
9. You should get a message that the object was created successfully. Click OK.
Next you will need to install all the plugins. There are 3-4 default plugins that are preconfigured with iManager 1.0: eDir, dnsdhcp, iPrint, and nls. In some versions, you may not see the eDir Plugin. To install all the plugins, do the following:
1. Log into iManager
2. Click the Configure button (man behind the desk)
3. Expand the "Role Based Services Setup" section on the left
4. Click "Install Plugin"
5. Highlight the plugins you want to install (you can select multiple plugins simultaneously)
6. Search for the rbsCollection object by clicking the Search icon
7. In the eDirectory Object Selector window that pops up, make sure you are on the SEARCH tab and then click the Search button on the lower left and then click on the Role Based Service object under the Results window.
8. Click OK.
9. Click OK again.
Once the plugins have been installed, refer to the iManager documentation to add the collection OWNER as a member of all the roles.
Versions of iManager 1.5 and later
To verify who the owner of the Role Based Service object is, do the following:
1. Log into iManager
2. Click the Configure button (man behind the desk)
3. Expand the "Collection Configuration" section on the left
4. Click "Modify Owners"
5. Click the Search button to search for the rbsCollection object
6. In the eDirectory Object Selector window that pops up, make sure you are on the SEARCH tab and then click the Search button on the lower left and then select the Role Based Service object under the Results window. NOTE: if no rbsCollection object is found, see the section below to recreate the rbsCollection object.
7. Click OK
The owners will be listed. The first user object in the list will be the one that originally configured iManager. Log out of iManager and log back in as the owner and all tasks and roles should be available. Only the owner of the collection object can modify the member list and task list for each role.
Use the "Modify Member Association" task under the "Role Configuration" section to browse to a user object and add the user to the roles needed. You can add a user to multiple roles at the same time. For more information on basic role management and on how to add/delete/modify members and tasks, see the iManager documentation found at http://www.novell.com/documentation. If there are no owners assigned, no user will be able to administer roles and tasks. You will need to have rights to the Role Based Service object in order to add additional owners to the rbsCollection. To add an owner to the collection:
1) Follow the steps above to bring up the owner's list
2) Click Add and browse to the user object you want to add.
3) Click OK. That user is now able to administer the roles and tasks
Once an owner is assigned, make sure you are logged into iManager as the owner and then use the "Modify iManager Roles" task under "Role Configuration" to add the new owner to the appropriate roles. See the documentation link for more information on how to do this.
If there are no rbsCollection objects in the tree, one will need to be created. Generally there should only be one rbsCollection object in the tree. Do the following to recreate the Role Based Service object and modules:
1. Log into iManager
2. Click the Configure button (man behind the desk)
3. Expand the "Plug-in Setup and Install" section on the left
4. If the schema hasn't been extended, click the "Extend Schema" link.
5. Next click the "Create Collection" link
6. You can assign whatever name you want. The default is Role Based Service
7. Browse to the container where the object will reside by clicking the Search button
8. Click OK
9. You should get a message that the object was created successfully. Click OK.
Next you will need to install all the plugins. There are 17 default plugins that are preconfigured with iManager 1.5: To install all the plugins, do the following:
1. Log into iManager
2. Click the Configure button (man behind the desk)
3. Expand the "Plug-in Setup and Install" section on the left
4. Click "Install Plugin"
5. Highlight the plugins you want to install (you can select multiple plugins simultaneously)
6. Search for the rbsCollection Container object by clicking the Search icon
7. In the eDirectory Object Selector window that pops up, make sure you are on the SEARCH tab and then click the Search button on the lower left and then click on the Role Based Service object under the Results window.
8. Click OK.
9. Click OK again.
Once the plugins have been installed, refer to the section above or to the iManager documentation for more information on adding the collection OWNER as a member of all the roles.
For additional information on NetWare 6, please see the following solution. TID #10064501 - NetWare 6 Readme Addendum
For additional information on eDirectory 8.7, please see the following solution. NOVL81742 - eDirectory 8.7 Readme Addendum
document
Document Title: | iManager message: "No roles or tasks have been assigned to this user." |
Document ID: | 10068247 |
Solution ID: | NOVL71664 |
Creation Date: | 11Feb2002 |
Modified Date: | 13Sep2005 |
Novell Product Class: | Beta NetWare Novell eDirectory Web Services |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.