When you install Novell SecureLogin (NSL) on an existing DSfW partition, it functions as expected. However, if DSfW is deployed on a tree that has SecureLogin already installed, then the existing NSL-LDAP mappings will need to be explicitly mapped in this new DSfW server. Otherwise, the NSL attributes will be auto-mapped to LDAP names (e.g. NDS Name Prot:SSO Auth mapped to LDAP name ProtSSOAuth), which is undesirable.
This difference in attribute mapping is because DSfW associates it's LDAP server to a new LDAP group object and does not associate to an existing LDAP group object which contains the NSL mapping.