3.2 Extending the LDAP Schema for Novell SecureLogin

When SecureLogin is deployed on eDirectory servers, a tool called ndsschema.exe is utilized to extend the eDirectory schema with a set of SecureLogin attributes that are used to store encrypted credentials, policies, etc. on Users and container objects. These attributes are:

These attributes are specific to eDirectory and are required in order for the SecureLogin product to function. The provisioning API provided in Identity Manager 3.0 Support Pack 1 utilizes the LDAP namespace to perform its functions so that it can work with any SecureLogin credential store.

In order to provide LDAP mappings to the attributes listed above, a second tool provided with the SecureLogin product must be utilized. The tool name is ldapschema.exe, and it is used in eDirectory environments to provide the LDAP namespace mapping to the eDirectory attributes.

See Preparing for an LDAP Directory in the Novell SecureLogin 6.0 Installation Guide.

After running ldapschema.exe, verify the mappings by checking the LDAP Group attribute map in iManager.

  1. In iManager, click LDAP > LDAP Options.

  2. Select the LDAP Group associated with your eDirectory servers that host SecureLogin.

  3. From the LDAP Group properties page, select the Attribute Map option and verify that the eDirectory attributes are correctly mapped:

    eDirectory Attributes

    LDAP Attributes

    Prot:SSO Auth


    Prot:SSO Entry


    Prot:SSO Entry Checksum


    Prot:SSO Profile


    Prot:SSO Security Prefs


    Prot:SSO Security Prefs Checksum


  4. After the schema is extended, proceed to Section 3.3, Determining Deployment Configuration Parameters for Novell SecureLogin.