Note the following issue before you begin configuring and administering NetIQ SecureLogin.
The applications and policies added at the group level through iManager are not reflected on the client.
Every time a new group is created, you must re-assign the rights. You must manually assign read permissions for the correct functioning of the configured group.
Do the following on iManager for the applications, preferences, policies, and others added at the level to be reflected on the client:
Log in to iManager.
Select Rights > Modify Trustees.
Specify the object name.
Click Add Trustee. Browse and locate more objects.
Selection of multiple trustees is allowed.
Select Assigned Rights > Add Properties. Add the following attributes:
Proto:SSO Entry
Proto:SSO Entry Checksum
Proto:SSO Security Prefs
Proto:SSO Security Prefs Checksum
Click OK.
Click Done to save the changes and exit.
Using the slMigrationHelper tool, if you attempt to modify the datastore from an existing one to LDAP, the datastore migration fails. This is because any LDAP or LDAPv3 mode requires NICI component to be installed.
Use the -u option to specify the path to SecureLogin installer. For example: slmigrationhelper.exe -u C:\NetIQSecureLogin.exe -t LDAP -q. This switches the datastore to LDAP and installs NICI in the quiet mode.