Configuration Setup
The configuration utility configures NAAS for one partition. NAAS assumes partition-based auditing, where the domain for auditing is a Novell eDirectoryTM partition. The process of default configuration will result in creation of NAAS Agent, NAAS Server and NAAS Database, and will configure the NAAS framework and the three Event policies (eDirectory Auditing, NWFS auditing, and NSS auditing) with Event policy template and an Auditor Query domain. The NAAS Agent will be created and configured during the installation of NAAS.
The configuration utility also configures a user as an Auditor by giving all the required rights. All the objects are created in the NAAS container under the selected partition.
The configuration utility configures NAAS for a basic setup.
The following figure depicts the configuration setup after NAAS has been configured for the partition P1 using the default configuration. If you have a complex setup, you should perform the default configuration and then, perform a few additional steps to bring up NAAS for Auditing.
Figure 2
Configuration Setup
In the diagram, the NAAS Agent, NAAS Server, Auditor Query domain, Auditor and the eDirectory server are in the same partition.
In the above setup, NAAS Agent will audit only those objects that are in the same partition as the eDirectory server hosting the NAAS Agent. Also, the NAAS Agent will read only those policies that are in the same partition. All policies outside the partition are ignored, even if they are associated with one of the objects within the partition. The same association rule holds true for the NAAS Server.
Also, for a partition to be audited, a NAAS Agent and a NAAS Server should be configured for the partition containing the eDirectory server hosting the NAAS Agent and the NAAS Server in the same partition. If the partition is a parent partition for one or more child partitions, all the child partitions will also be audited. However, if the NAAS Agent, NAAS Server, and eDirectory server are in the child partition the parent partition will not be audited.
By default, NAAS searches only up to three levels up the tree to find a policy of any type for an object. If a policy is not found in the three levels, that object is not audited. If the depth of the partition is greater than three, specific NAAS Search Criteria policies should be associated with the objects with the search level equal to the partition depth.
The configuration utility configures NAAS for a particular partition and configures an user as an Auditor. The configured user has to be present in the same partition to generate a report. By default, the NAAS Server generates reports only for the query domains in the same partition.