Anonymous_User Absent Member.
Absent Member.
378 views

Delegate Access to iMonitor


Is it possible to delegate view only access to iMonitor for a 'normal'
user? If so how ?

Thanks in advance!

Geoff


--
gpf03
------------------------------------------------------------------------
gpf03's Profile: https://forums.netiq.com/member.php?userid=2838
View this thread: https://forums.netiq.com/showthread.php?t=46126

Labels (1)
0 Likes
5 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Delegate Access to iMonitor

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There isn't a way. iMonitor is an administration/troubleshooting tool
and is not meant to be used by end users.

What are you wanting them to see? There may be a correct way to get
them that information safely without iMonitor.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQnV0vAAoJEF+XTK08PnB5sr4P/jPv5nJlHcqRR/TKrAZ9v+Jf
a/KG1T55Xywc+nm6EVsJ2ii+i/QfHrOb6mma+UJXNchpdT+RPhRQGc0zJxQYS/bH
Zszf/ktNCRn7cWm5b5lTUf9RXFKHNOLsrIg8vRZCnU7UydbI7La/gLycge4aX+vE
xVCdeZa10KU4AWSM/0kxijEWZPwTD2Wk0h9lWH5IADbjwEiCU7xNpqvIgV05w07I
ZxNAaaCbP+gh8qFzJLte/gnJeOP10IjY+AiEquyKkEe//Ci4L2WkXGNIhGvZ5+nC
WVt0Ln9AxOMCv6p+FLDa2LD9lRtM75YqaiRHirlbYhhnTOqmPMm9syCy1RFN6nqy
DT54XIUJWGCoLQ5XOPsOp8eLnm7aMpAShqN1ymYUBYbHCOmfU6IOzIW54DHvPevM
0KnCgzwfKvwXfbU8NGPpHvK4H6NpeDHsEsG3ELKCtnvd7B1ZNVEmnTlGYACDK1/6
o9dBNxvAHMrV5UUdM0IdUVbUOdm/6PAnVcCfVu+5Rw0FrVw1AKe8CURWpTVYwN40
wOaQIlo+0/I3kYOAzdEb0FiUhVKPWa4dWZkPDhaOL0aaZB+RhN7VxOXn4lfLlnB/
rdjRG0mfPccLhpWSRkLVC6v925meN3qLZ7vw/T0xhkzEdPJ0k7Y1MTN0hzxIUK0H
0l+R4PI0oHPr60edtMNH
=sIh5
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Delegate Access to iMonitor


Aww ...dang....

Our audit department is interested in the modification time and certain
attributes of select eDir objects. Rather than teach them how to use an
LDAP browser, or write a liitle application for them, I was hoping that
I could just share the iMon URL's.

Geoff


--
gpf03
------------------------------------------------------------------------
gpf03's Profile: https://forums.netiq.com/member.php?userid=2838
View this thread: https://forums.netiq.com/showthread.php?t=46126

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Delegate Access to iMonitor

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is why knowing the whole story helps. The best solution I can
think of so far is to enable auditing. Point the audited eDir instances
to something like Novell/NetIQ Log Manager (use the free version....
handles 25 eps indefinitely) and then they can search on whatever they
want using plain old strings in a little web interface. No cost to you,
plus you get auditing so if things ever go amiss you may have a trail to
cover yourself from being on the receiving end of pointed fingers.
Twenty-five EPS is enough for a couple of eDir boxes to audit to as long
as you don't send insane numbers of events.

You could also use the IDM User Application, or something like
phpLDAPAdmin to give them a quick view in via a web browser. I set it
up several years ago against eDirectory and it was mildly interesting...
a fun little side project to see if it worked.

Using an LDAP browser may be the easiest option. Again, going after the
business case, knowing WHY they want timestamps (presumably object, not
attribute, timestamps) and which attributes could help come up with a
better answer.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQnYuaAAoJEF+XTK08PnB59VcP/Ag2R9P23QpGz/bh2arY+jfm
267/5lapJRXzkfT5Gcwi/gw/sp1ofvkMa4k9STjUtmZ53ZtHJeCJQEoW1k8rcTR8
KEJUBqyiQj3f7daPf9Hs4lNyBF8fgYGs9yUClFvTcLOxyLNVOMDNG053kDvB0geP
0h8oB9svIDhjXusjSIXkLRygjfFfAxXkDPkJ6eh6UztNaeTL8+8X/J41pYoEJ95L
bI+I77y1WkJwkDVMEKdv/6iqsLWN2IBb/0Tr7sFo3ZlWPNgPAmriTj81AwpZBsxR
KTqFZOK2R0aEoPeWSYsSiFoYt41XlxTgp3Q9aCrde6XqTzPcf3VB9VH7kpimm78D
GiIIKWUzXjT1U56poa9KpatJvECSwx19MiwjQ8hEHCbZADMqTCJUUprUpf5wKdrC
s0tVRMEgpHQVL2PR6FTa+WH95rIXG2KELuI+frbcyFbWWSEPC2v8t6qWeiQ/A0Za
Xupjb0GillmmrCkjG1oarRZQYa4sv3TkKtY9W1Kuqy9J8YEWY5z2TQh7pLoH6DFu
Xc5RfRv9SJ2XO37cjDh9xNvdwGJqQCk/xgfSk1LizeMIJXKiofofwzrmqu7PwHve
bb6XmT87u+Gme+qCyDqHYj8+9nwjNOuJsSnFWyqLtTQSxhEn6xcQn04qimv2cA0J
zGGrRMr8eg+no17GO9kw
=yQuO
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Delegate Access to iMonitor


You could easily create a little batch file that runs a series of
ldapsearch queries and pipe the output to a file and all they need to do
is enter a password for the bind (you can pre-specify the bind DN but
let them enter the password) and then launch notepad or such against the
output file for them ... you can get object mod timestamp via ldap but
not attribute level.


--
peterkuo
------------------------------------------------------------------------
peterkuo's Profile: https://forums.netiq.com/member.php?userid=170
View this thread: https://forums.netiq.com/showthread.php?t=46126

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Delegate Access to iMonitor

On Fri, 09 Nov 2012 19:14:02 +0000, gpf03 wrote:

> Is it possible to delegate view only access to iMonitor for a 'normal'
> user?


Not as far as I know, no. iMonitor isn't a "normal user" tool.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.