Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
Summary:
In an eDirectory environment, the SecureLogin tool ldapschema.exe must be run against every server in the tree for the SecureLogin iManager plug-in to work reliably.
Explanation:
The SecureLogin iManager plug-in uses LDAP to manage the SecureLogin attributes. But when the eDirectory schema is extended with the SecureLogin attributes, the names of the attributes are such that they can not be utilized by ldap.
So even though the eDirectory schema is extended successfully, iManager can not read the needed attributes. To resolve this condition you must run the SecureLogin tool ldapschema.exe. When you run this tool against an eDirectory server this tool will modify the LDAP_Group object and setup schema mapping between the LDAP and eDirectory schema names.
Because we don't always know what replica iManager is communicating with, it is recommended that the ldapschema tool be run against every server in your tree. The schema is only extended once. but the mapping on the ldap_group object are server specific need to be in place on each server.
Below is a list of the Schema mapping ldapschema will setup when run against an eDirectory server.
eDirectory attribute |
ldap attribute |
Prot:SSO Auth |
protocom-SSO-Auth-Data |
Prot:SSO Entry |
protocom-SSO-Entries |
Prot:SSO Entry Checksum |
protocom-SSO-Entries-Checksum |
Prot:SSO Profile |
protocom-SSO-Profile |
Prot:SSO Security Prefs |
protocom-SSO-Security-Prefs |
Prot:SSO Security Prefs Checksum |
protocom-SSO-Security-Prefs-Checksum |