NetIQ Documentation: Novell SecureLogin Installation Guide - Contextless Login

10.4 Contextless Login

If you configure Novell SecureLogin to use LDAP mode, a login page is displayed when Novell SecureLogin is launched.

The login dialog box requires a user distinguished name (DN) and password. The LDAP Authentication client provides a contextless login. This feature allows you to type part of your fully distinguished name (DN) rather than the full string that some users might find confusing.

Table 10-2 Contextless Login

If	Then
More than one match is found.	A login dialog box is displayed that allows the user to select the login account.
Multiple IDs exist.	The client lists all user IDs that begin with (for example, Westbye Tim), then selects the Domain Name for his or her user ID and login. You can search using the user’s given name, surname and display name. Surname (sn) and given name (givenname) are the default values.

Then

More than one match is found.

A login dialog box is displayed that allows the user to select the login account.

Multiple IDs exist.

The client lists all user IDs that begin with (for example, Westbye Tim), then selects the Domain Name for his or her user ID and login.

You can search using the user’s given name, surname and display name.

Surname (sn) and given name (givenname) are the default values.

In previous releases of Novell SecureLogin, anonymous bind had to be enabled on the directory to perform search. With the release of Novell SecureLogin 7.0 SP2, LDAP Contextless Search feature has been enhanced to enable LDAPAuth component to perform search even when anonymous bind is disabled.

To enable LDAPAuth to perform search even when anonymous bind is disabled,ldapce.exe utilty is used. Using this utility, an administrator can create encrypted credentials for any user. The encrupted credentials must be stored in a specific registry. For detailed information on LDAPCE Utility, see Section 10.4.1, Using the LDAPCE Utility to Encrypt LDAP Credentials.

10.4.1 Using the LDAPCE Utility to Encrypt LDAP Credentials

The ldapce.exe is a command-line utility used to encrypt the credentials of an authorised user who has rights to browse the LDAP directory tree. The utility encrypts the authorized LDAP user’s distinguished name and password into a string which is then stored in the LDAPContextlessSearchBindCreds registry key file.

Location	Type	Name
HKEY_LOCAL_MACHINE/SOFTWARE/Protocom/ SecureLogin/LDAPSettings	DWORD	LDAPContextlessSearchBindcreds

NOTE:The ldapce.exe utility is unsupported and is only available on request. It is not distributed with Novell SecureLogin package.

The syntax is:

ldapce.exe <user DN> <password> [output file]

Where,

<user DN> is the the full distinguished name of the LDAP user.
<password> is the password of the LDAP user.
[output file] is the name of the output file to which the encrypted string is written. If this option is omitted, the string is displayed on the screen.