OpenText product name changes coming to the community soon! Learn more.

Wikis - Page

Managing SecureLogin with iManager

0 Likes

Summary:



In an eDirectory environment, the SecureLogin tool ldapschema.exe must be run against every server in the tree for the SecureLogin iManager plug-in to work reliably.



Explanation:



The SecureLogin iManager plug-in uses LDAP to manage the SecureLogin attributes. But when the eDirectory schema is extended with the SecureLogin attributes, the names of the attributes are such that they can not be utilized by ldap.



So even though the eDirectory schema is extended successfully, iManager can not read the needed attributes. To resolve this condition you must run the SecureLogin tool ldapschema.exe. When you run this tool against an eDirectory server this tool will modify the LDAP_Group object and setup schema mapping between the LDAP and eDirectory schema names.



Because we don't always know what replica iManager is communicating with, it is recommended that the ldapschema tool be run against every server in your tree. The schema is only extended once. but the mapping on the ldap_group object are server specific need to be in place on each server.



Below is a list of the Schema mapping ldapschema will setup when run against an eDirectory server.







eDirectory attribute

ldap attribute



Prot:SSO Auth

protocom-SSO-Auth-Data



Prot:SSO Entry

protocom-SSO-Entries



Prot:SSO Entry Checksum

protocom-SSO-Entries-Checksum



Prot:SSO Profile

protocom-SSO-Profile



Prot:SSO Security Prefs

protocom-SSO-Security-Prefs



Prot:SSO Security Prefs Checksum

protocom-SSO-Security-Prefs-Checksum



Labels:

How To-Best Practice
Comment List
Related
Recommended