When SecureLogin is deployed on eDirectory servers, a tool called ndsschema.exe is utilized to extend the eDirectory schema with a set of SecureLogin attributes that are used to store encrypted credentials, policies, etc. on Users and container objects. These attributes are:
Prot:SSO Auth
Prot:SSO Entry
Prot:SSO Entry Checksum
Prot:SSO Profile
Prot:SSO Security Prefs
Prot:SSO Security Prefs Checksum
These attributes are specific to eDirectory and are required in order for the SecureLogin product to function. The provisioning API provided in Identity Manager utilizes the LDAP namespace to perform its functions so that it can work with any SecureLogin credential store.
In order to provide LDAP mappings to the attributes listed above, a second tool provided with the SecureLogin product must be utilized. The tool name is ldapschema.exe, and it is used in eDirectory environments to provide the LDAP namespace mapping to the eDirectory attributes.
If these two tools have not been run, see Installing
in the NetIQ SecureLogin 6.1 Installation Guide.
After running ldapschema.exe, verify the mappings by checking the LDAP Group attribute map in iManager.
In iManager, click LDAP > LDAP Options.
Select the LDAP Group associated with your eDirectory servers that host SecureLogin.
From the LDAP Group properties page, select the Attribute Map option and verify that the eDirectory attributes are correctly mapped:
eDirectory Attributes |
LDAP Attributes |
---|---|
Prot:SSO Auth |
protocom-SSO-Auth-Data |
Prot:SSO Entry |
protocom-SSO-Entries |
Prot:SSO Entry Checksum |
protocom-SSO-Entries-Checksum |
Prot:SSO Profile |
protocom-SSO-Profile |
Prot:SSO Security Prefs |
protocom-SSO-Security-Prefs |
Prot:SSO Security Prefs Checksum |
protocom-SSO-Security-Prefs-Checksum |
After the schema is extended, proceed to Determining Deployment Configuration Parameters for NetIQ SecureLogin.