In an eDirectory environment, the SecureLogin tool ldapschema.exe must be run against every server in the tree for the SecureLogin iManager plug-in to work reliably.
The SecureLogin iManager plug-in uses LDAP to manage the SecureLogin attributes. But when the eDirectory schema is extended with the SecureLogin attributes, the names of the attributes are such that they can not be utilized by ldap.
So even though the eDirectory schema is extended successfully, iManager can not read the needed attributes. To resolve this condition you must run the SecureLogin tool ldapschema.exe. When you run this tool against an eDirectory server this tool will modify the LDAP_Group object and setup schema mapping between the LDAP and eDirectory schema names.
Because we don't always know what replica iManager is communicating with, it is recommended that the ldapschema tool be run against every server in your tree. The schema is only extended once. but the mapping on the ldap_group object are server specific need to be in place on each server.
Below is a list of the Schema mapping ldapschema will setup when run against an eDirectory server.
|Prot:SSO Entry Checksum
|Prot:SSO Security Prefs
|Prot:SSO Security Prefs Checksum
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.