User Account Lookup is available if NESCM is installed with Novell Client.
Users are typically required to enter their username and password to authenticate. NESCM provides the functionality to look up the user account in eDirectory that is associated with the smart card, eliminating the requirement for users to enter their login names.
NESCM looks up the user account in eDirectory that is associated with the smart card by running the account lookup functionality before login. It performs an LDAP search by using the certificate information and an anonymous clear-text connection.
To successfully perform the LDAP search, the User Account Lookup settings must be properly configured. For a list of settings and how to configure them, see (Conditional: LDAP Search Options - Page 1) Identity Plugin Configuration.
Searching large directories spread across numerous servers can take a long time. To optimize search results, create servers that host read-only replicas of all partitions in a sub-tree. You can also configure groups of clients to use these lookup servers.
Create indexes to optimize search performance. When you search by Certificate Subject Name, the sasAllowableSubjectNames attribute must be indexed. When you search by Certificate, the userCertificate attribute must be indexed. For information about how to choose search performance options, See (Conditional: LDAP Search Options - Page 2) Identity Plugin Configuration.