Configure eDirectory if you want the backend directory as eDirectory. If the backend directory to be configured is Active Directory, goto Section 4.2, Configuring Active Directory for SSPR.
SSPR uses eDirectory attributes to store the following data about the users:
The last time when the password was changed
The last time when SSPR sent an e-mail notice to the user about password expiry
Secret questions and answers
The SSPR package includes the edirectory-schema.ldif file in the supplemental directory. You use the file to extend the SSPR schema.
You can import the ldif file by using one of the following tools:
iManager
ICE command line
Standard ldapmodify tool
Example: Execute the following command in eDirectory using LDAP Modify tool:
ldapmodify -x -h <host ip address> -p 389 -D cn=admin,o=context -wpassword -f edirectory-schema.ldif
The following SSPR attributes are added to the Directory schema:
pwmEventLog
pwmResponseSet
pwmLastPwdUpdate
pwmGUID
SSPR requires permission to perform operations in eDirectory and uses two different eDirectory logins:
A generic proxy user that is used for certain operations such as pre-authenticaton.
After the user is authenticated, most of the operations are performed with the user's connection and permissions.
By default, the following rights are required for the proxy user to the user containers:
Browse rights to[Entry Rights].
Read and Compare rights to the pwmResponseSet and Configured Naming (CN) attribute.
Read, Compare, and Write rights to objectClass, passwordManagement, pwmEventLog, and pwmLastPwdUpdate.
By default, the following rights are required by each user for their own user entry:
Browse rights to [Entry Rights].
Read, Compare, and Write rights to pwmResponseSet.
After configuring eDirectory for SSPR, goto Section 4.3, Configuring SSPR.