Installing Novell SecureLogin on the server requires extending the LDAP schema and assigning user rights to record data against these attributes.
Extending the directory schema adds the following six Novell SecureLogin attributes:
Table 9-1 Attributes
|
Attribute To Be Mapped |
LDAP Mapping |
|---|---|
|
Prot:SSO Auth |
|
|
Prot:SSO Entry |
protocom-SSO-Entries |
|
Prot:SSO Entry Checksum |
protocom-SSO-Entries-Checksum |
|
Prot:SSO Profile |
protocom-SSO-Profile |
|
Prot:SSO Security Prefs |
protocom-SSO-Security-Prefs |
|
Prot:SSO Security Prefs Checksum |
protocom-SSO-Security-Prefs-Checksum |
NOTE:These mappings are case-sensitive. Extend the LDAP schema on all servers if you want them to act as failover servers.
If you have Novell SecureLogin versions 3.5 installed, you do not need to extend the Directory schemas, because the attributes are the same. However, for any new Directory objects, such as organizational units, you still need to assign rights.
If you intend to use Microsoft Group Policy (GPO) support, Novell recommends that you re-extend the SecureLogin directory schema extensions to include the new schema extensions for GPO support.
If the LDAP-compliant directory extension is deployed using the ldapschema.exe file copied from rather run from the Novell SecureLogin installer package, then you need to copy the entire LDAP folder containing the LDAP schema files to your preferred location.
Log in to the server as administrator.
Run ldapschema.exe found in the \Securelogin\Tools\Schema\LDAP directory of the Novell SecureLogin 7.0 SP1Windows installer package. The Novell SecureLogin - Active Directory Schema dialog box is displayed.
or
Click and click .
In the LDAP Server field, provide the IP address or the name of the LDAP server.
In the Admin User field, provide the distinguished name (DN) for the server administrator. For example, CN=admin
Provide the password and select the relevant directory mode (in this example, eDirectory), then click . The certificate information is displayed.
Click .
When the Schema Extension dialog box is displayed, click .
NOTE:LDAP schema extension is replicated to all servers in the LDAP Group, and not to all servers in the tree. Schema extensions are LDAP group specific and must be repeated for each LDAP group. By default, each NetWare server is in its own LDAP group, which means that by default LDAPSchema.exe must be run on every LDAP server.
You must assign permissions to objects in the directory to store data against the new Novell SecureLogin attributes. Assign permissions to all objects that access Novell SecureLogin Assigned User Rights.
The application does not start if you have not set permission to access Novell SecureLogin schema attributes.
NOTE:LDAP implementations are varied. Therefore, Novell SecureLogin does not provide a specific tool for each variation for assigning permissions.
The following permissions are recommended for successful implementation:
Novell SecureLogin administrators are assigned read and write access to all Novell SecureLogin attributes on all objects.
Users are assigned read and write access to all Novell SecureLogin attributes on their user objects.
Users are assigned read access to the Novell SecureLogin attributes on organizational units from which they need to read organizational policies or corporate settings.