In an eDirectory environment, the SecureLogin tool ldapschema.exe must be run against every server in the tree for the SecureLogin iManager plug-in to work reliably.


The SecureLogin iManager plug-in uses LDAP to manage the SecureLogin attributes. But when the eDirectory schema is extended with the SecureLogin attributes, the names of the attributes are such that they can not be utilized by ldap.

So even though the eDirectory schema is extended successfully, iManager can not read the needed attributes. To resolve this condition you must run the SecureLogin tool ldapschema.exe. When you run this tool against an eDirectory server this tool will modify the LDAP_Group object and setup schema mapping between the LDAP and eDirectory schema names.

Because we don’t always know what replica iManager is communicating with, it is recommended that the ldapschema tool be run against every server in your tree. The schema is only extended once. but the mapping on the ldap_group object are server specific need to be in place on each server.

Below is a list of the Schema mapping ldapschema will setup when run against an eDirectory server.

eDirectory attribute ldap attribute
Prot:SSO Auth protocom-SSO-Auth-Data
Prot:SSO Entry protocom-SSO-Entries
Prot:SSO Entry Checksum protocom-SSO-Entries-Checksum
Prot:SSO Profile protocom-SSO-Profile
Prot:SSO Security Prefs protocom-SSO-Security-Prefs
Prot:SSO Security Prefs Checksum protocom-SSO-Security-Prefs-Checksum
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Sep 23, 2010
10:53 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow