Novell Doc: Novell SecureLogin 6.0 - Extending the Active Directory Schema

4.4 Extending the Active Directory Schema

SecureLogin leverages the directory to store and manage SecureLogin data. SecureLogin extends the directory schema to add six SecureLogin schema attributes where SecureLogin data is stored. For more information on these six schema attributes refer to Novell SecureLogin 6.0.SP1 Administration Guide.

After you extend the Directory schema, you must give permission to objects including group policy, organizational units, and containers that will implement SecureLogin, in order to access the SecureLogin attributes. Authorizing Read and Write access to SecureLogin Directory schema attributes is referred to as ‘Assigning user rights’.

Following are the six SecureLogin attributes added to the Directory schema:

Protocom-SSO-Auth-Data
Protocom-SSO-Entries
Protocom-SSO-Entries-Checksum
Protocom-SSO-Profile
Protocom-SSO-SecurityPrefs
Protocom-SSO-Security-Prefs-Checksum

The SecureLogin Microsoft Active Directory schema extension executable extends the schema on the server and enables you to assign user rights. You must determine which containers and organizational units need SecureLogin access and their distinguished name (DN) as you must assign rights to each container and organizational unit separately.

NOTE:You can also extend the Microsoft Active Directory schema to the root of the domain and assign rights to each container and organizational unit below.

IMPORTANT:

If SecureLogin version 3.5.x is installed, then you do not need to extend the directory schema since the attributes are the same. However, any new directory objects for example organizational units, still require you to assign rights. For more information see, Section 4.5, Assigning User Rights.
If you are using an earlier version of SecureLogin, see Section 7.0, Upgrading from Earlier Versions.
If the Microsoft Active Directory instance is deployed using the adsscheme.exe file that has been copied from rather than run from the SecureLogin 6.0 SP1 installation CD, then administrators must copy the entire folder containing the Microsoft Active Directory Schema and Configuration files to their preferred location. The Microsoft Active Directory Schema and configuration files must be located in the same folder in order for the Active Directory instance to successfully deploy.

The following instructions apply to the cofiguration of the Microsoft Active Directory instance stored and administered on a separate server from the Active Directory server domain controller.

Log on to the server as an administrator.
Click Schema Extension Tools > Active Directory Extension, or run adsschema.exe found in the Tools folder of the install CD. The SecureLogin – Active Directory Schema dialog box is displayed.
Select the Extend Active Directory Schema option.
Click OK. A confirmation message box is displayed.
Click OK to return to the Active Directory Schema dialog box. Now that Directory schema has been extended access rights need to be assigned to the relevant containers and organizational units.

NOTE: If the schema has previously been extended, a message box listing the existing schema attributes is displayed.
Ignore this message and click OK.