10.3 Logging in to LDAP Directory

  1. Log in to the LDAP directory using your user account or administrator account credentials.

  2. Provide your username and password, and click OK.

If you cannot view the full LDAP login dialog, click Advanced to expand the dialog box. If this information is blank, then populate as needed.

As an administrator, you might need to include a system registry update as part of the Novell SecureLogin deployment strategy. See Section 10.3.1, Updating the System Registry.

10.3.1 Updating the System Registry

Configure the operation of SecureLogin by setting registry key values on users’ machines. The keys are located in the local machine hive of the registry. The values that populate the Advanced tab of the SecureLogin dialog box are located at:

HKLM\Software\Novell\Login\LDAP

Configuration Settings

  • Server History List (3.51.100 or later)

    HKEY_LOCAL_MACHINE\Software\Novell\Login\LDAP\Servers\server#
    

    Replace the # by using a numeric value. In SP1, each server item should be a multistring value (REG_MULTI_SZ), and can be either an IP address, or DNS name of the server. These values can be set from the installation dialogs or by an installation script. The port value can also be specified along with the server in a new line. By default, port 636 will be used.

  • Context Based Search (3.51.109 or later)

    HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\LDAP\LDAPSearch\ContextBasedSearch 
    

    DWORD value, set to ' 1' for context-based search. Also, specify the set of contexts to search, such as Context1, Context2 or Context3 of type REG_SZ, each specifying the exact context to search.

    No explicit context validation is done except that LDAP search returns an appropriate error in case an invalid context is specified

  • Search Attributes (3.51.109 or later)

    HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\LDAP\LDAPSearch\SearchAttributes
    

    REG_MULTI_SZ value, set to list of search attributes to be used in LDAP search. Any publicly readable attribute can be specified, for example fullName, givenName, sn, cn, uid and in AD environment you can specify samAccountName.

  • CertFilePath (3.51.200 or later)

    HKEY_LOCAL_MACHINE\Software\Novell\Login\LDAP\CertFilePath
    

    REG_SZ value lets the user to specify a valid certificate file path for non-eDirectory servers. This requires the user to create another registry entry NonEdirLdap of type REG_DOWORD. CertFilePath is considered only if NonEdirLdap is present and set to 1.

For more information on Configuration Settings see Registry Settings for SecureLogin in LDAP mode