User Account Lookup is only available if NESCM is installed with the Novell Client.
Users are typically required to enter their username and password in order to authenticate. NESCM provides the functionality to look up the user account in eDirectory that is associated with the smart card, eliminating the requirement for users to enter their login names.
NESCM looks up the user account in eDirectory that is associated with the smart card by running the account lookup functionality before the login. It performs an LDAP search by using the certificate information and an anonymous clear-text connection.
In order to successfully perform the LDAP search, the User Account Lookup settings must be properly configured. See (Conditional: LDAP Search Options - Page 1) Identity Plug-in Configuration for a list of settings and how to configure them.
Searching large directories spread across numerous servers can take a long time. To optimize search results, create servers that host read-only replicas of all partitions in a sub-tree. You can also configure groups of clients to use these lookup servers.
You should create indexes to optimize search performance. When you search by , the sasAllowableSubjectNames attribute should be indexed. When you search by , the userCertificate attribute should be indexed. See (Conditional: LDAP Search Options - Page 2) Identity Plug-in Configuration for information on how to choose search performance options.