Personalizing Novell Access Manager Using Custom Headers and LDAP



When you log in to the user interface for Novell Access Manager, not only can you pull your LDAP credentials from eDirectory, but you can get most of the "editable" data about yourself as well.

Here is a way to configure both Novell Access Manager and your home page to display a personalized web site for your users.

We'll use the Digital Airlines example that comes with Novell Access Manager 3 for ease of use and to show what you can do with your information stored in eDirectory.


  • Novell Access Manager 3 - Installed and configured

  • PHP Mod for Apache installed on Web Host Server


Adding LDAP Attributes

First, we'll add the additional LDAP attributes to the Identity Server.

1. Log in to the Administration Console and select Identity Servers.

2. Click the Shared Settings tab.

Click to view.

Figure 1

Figure 1 - Shared settings for Identity Servers

In this example we're going to use the LDAP attributes:

  • givenName (First Name)

  • sn (Surname)

  • jpegPhoto

Givenname is missing from the default list in NAM, so we'll have to add it.

3. Click New.

4. Enter the name "givenname" and click OK.

Click to view.

Figure 2

Figure 2 - Setting the givenName

5. Click Apply, then click OK.

Creating a New Policy

Now let's add a new policy to send this data to the browser.

1. Click Policies. These are the existing policies you have created.

Click to view.

Figure 3

Figure 3 - List of created Policies

2. Click New.

Click to view.

Figure 4

Figure 4 - Creating a new Policy

3. Call this policy Identity and select Identity Injection for the Type.

4. Click OK.

On this screen, define the policy as follows:

Click to view.

Figure 5

Figure 5 - Defining the Policy

5. Enter a description for this Rule, if you want.

6. Click New and add the first Action:

Inject into Custom Header

Name the variable that will be passed to the browser: X-FName

Value: LDAP Attribute givenname

7. Click New for the next Action.

Inject into Custom Header

Name the variable that will be passed to the browser: X-LName

Value: LDAP Attribute sn

8. Click New for the next Action.

Inject into Custom Header

Name the variable that will be passed to the browser: X-Photo

Value: LDAP Attribute jpegPhoto

Note: Double-check your spelling of names before you click OK. Misspelled names will cause much heartache when you try to troubleshoot why the fields are blank on your home page later.

Assigning this Policy to the Reverse Proxy

1. Select Access Gateways > Edit.

2. Choose the Reverse Proxy that you wish to use.

3. Select the first Proxy Service in the list and click the Protected Resources tab.

4. Select the Protected Resource that will have this policy assigned.

Click to view.

Figure 6

Figure 6 - Enabling the Identity Injection policy

5. Place a check in the box and click Enable.

6. Click OK and Update your Access Gateway.

Modifying your Web Page

1. Open /srv/www/htdocs/index.php in your favorite editor.

2. Scroll down to the following section:

$headers = apache_request_headers();
foreach($headers as $header => $value)
$found = false;
if($header == "X-Name")
$found = true;
echo "Welcome: $value";

3. Remove everything shown above after "$found = false;" and insert the following code:

if($header == "X-FName")
$found = true;
$firstname = $value;
if($header == "X-LName")
$found = true;
$lastname = $value;

if($header == "X-Photo")
$found = true;
$myphoto = $value;
echo "<img src=\"".$myphoto."\" name=\"Image19\" width=\"75\" height=\"75\" border=\"0\">";
echo "<b>Welcome $firstname $lastname!</b>";

3. Save the file and exit.

4. Remember to log back in to the Administration Console and purge the cache on the Access Gateway.

Testing and Notes

Log in into the Access Gateway as normal.

Click to view.

Figure 7

Figure 7 - Access Manager login

Then you'll see your Default page. What a gorgeous mug!

Click to view.

Figure 8

Figure 8 - Customized default page

A couple of notes ...

First - if you don't any other data populated in your user objects other than the minimum, sn, then only your last name will be displayed.

Second - if you decide to display photos, limit the size to like, 75px X 75px. Otherwise, you'll lose some performance while the server sends you large jpegs.

Finally - to fix a broken graphic, put a statement testing whether X-Photo is empty and display a default image instead.


Using your imagination and LDAP, you can really make your users feel important when they log in. Just hope they remember at your next review!



How To-Best Practice
Comment List