Novell SecureLogin leverages the directory to store and manage Novell SecureLogin data. Novell SecureLogin extends the directory schema to add six Novell SecureLogin schema attributes where Novell SecureLogin data is stored.
After you extend the directory schema, you must give permissions to access objects, including group policy, organizational units, and containers. Authorizing read or write rights to the Novell SecureLogin directory schema attributes is referred to as assigning user rights.
The Novell SecureLogin Microsoft Active Directory schema extension executable extends the schema on the server and enables you to assign user rights. You must determine which containers and organizational units need Novell SecureLogin access, and you must know their distinguished name (DN), because you must assign rights to each container and organizational unit separately.
You can also extend the Microsoft Active Directory schema to the root of the domain and assign rights to each container and organizational unit below the root.
IMPORTANT:Keep the following information in mind as you extend the schema:
If Novell SecureLogin version 3.5.x is installed, you do not need to extend the directory schema, because the attributes are the same. However, any new directory objects such as organizational units still require you to assign rights.
If the Microsoft Active Directory instance is deployed by copying and running the adsscheme.exe file from another location, you must copy the entire folder containing the Microsoft Active Directory schema and configuration files to the new preferred location. The Microsoft Active Directory schema and configuration files must be located in the same folder in order for the Active Directory instance to successfully deploy.
The following instructions apply to the configuration of the Microsoft Active Directory instance stored and administered on a separate server from the Active Directory server domain controller.
Log in to the server as an administrator.
Click
> .or
If you are installing from the Novell SecureLogin installer package, locate the Tools folder and double-click adsschema.exe.
The Novell SecureLogin Active Directory Schema dialog box is displayed.
Select
.Click
.The following Novell SecureLogin attributes are added to the Directory schema:
Protocom-SSO-Auth-Data
Protocom-SSO-Entries
Protocom-SSO-Entries-Checksum
Protocom-SSO-Profile
Protocom-SSO-SecurityPrefs
Protocom-SSO-Security-Prefs-Checksum
A confirmation message is displayed.
IMPORTANT:If the Microsoft Active Directory instance is deployed by copying and running the adsscheme.exe file from another location, you must copy the entire folder containing the Microsoft Active Directory Schema and configuration files to the new preferred location. The Microsoft Active Directory Schema and configuration files must be located in the same folder in order for the Active Directory instance to successfully deploy.
Click
to return to the Active Directory Schema dialog box.Now that directory schema is extended, you must assign access rights to the relevant containers and organizational units.
If you have previosuly extended the schema, a message listing the existing schema appears. Ignore this message.
Click
in the Active Directory Schema dialog box.Continue with Section 12.1.2, Assigning User Rights to assign user access rights to the relevant containers and organizational units.
You must assign permission to objects in the directory to store data against the new Novell SecureLogin schema attributes. You assign rights to all objects that access Novell SecureLogin, including user objects, containers, group policies, and organizational units.
When you assign rights to containers and organizational units, the rights filter down to all associated user objects, so unless you are required to do so, it is not necessary to assign rights at the individual user object level.
Run adsschema.exe, which is found in the Securelogin\Tools\Schema\ADS directory.
Select
, then click . The Assign Rights to This Object dialog box is displayed.For example, if you assign rights to Users container, the User container definition is:
cn=users, dc=www, dc=training, dc=com To assign rights to an organizational unit, such as Marketing, in the domain www.company.com, the definition is: ou=marketing, dc=www, dc=company, dc=com
Specify your container or organizational unit definition in the
field. The confirmation dialog box appears.Click
to return to the Active Directory Schema dialog box.Repeat Step 2 to Step 4 to assign rights to all required user objects, containers and organizational units.
If you see an error message indicating Error opening specified object: - 2147016661, it means that rights have already been assigned to the object.
If you see an error message indicating Error opening specified object: -214716656, it means that you have attempted to assign rights to an object that does not exist in the directory. Check your punctuation, syntax, and spelling, and repeat the procedure.
After all required rights are successfully assigned, click
to return to the Active Directory Schema dialog box.Click
NOTE: You can extend rights to objects at any time after the schema is extended. If you add organizational units, you need to rerun the adschema.exe tool and assign rights to the new object to permit Novell SecureLogin data to write to the directory.
Run the Microsoft Management Console (MMC) and display the Active Directory Schema plug-in.
Right-click
, then select .On the
menu, click to close the MMC.In a multiple-server environment, schema updates occur on server replication.