4.4 Installing Administrative Tools for LDAP

In LDAP environments, Novell SecureLogin is managed using the Administrative Management utility. To access the Administrative Management utility, clicking the Windows Start > Programs > Administrative Tools.

You can also use slmanager.exe to manage LDAP. This utility is found in \securelogin\tools directory of the installer package.

The single sign-on plug-in to iManager enables you to define an LDAP password policy. However, you must extend the LDAP schema, because the plug-in does not enforce that policy unless the LDAP schema has been extended.

If the SecretStore client is installed on your workstation, install and use the SecretStore plug-in (secretstore.npm) to iManager to administer SecretStore in LDAP mode. This file is found in the \iManager\snapins directory of the installer package.

NOTE:Novell SecureLogin can be installed, configured, features added, and removed using Microsoft’s Windows Installer (msiexec.exe) command line options and parameters provided from the command line or supplied through a batch file.

To install Novell SecureLogin on the administration workstation:

  1. Log in to the workstation as an administrator.

  2. Run the Novell SecureLogin.msi available in the Client directory of the SecureLogin 6.1 installer package. The Welcome page is displayed.

  3. Click Next. The License agreement page is displayed.

  4. Read the license agreement. Select I accept the terms in the license agreement if you want to proceed with the execution of the license agreement. If you do not want to proceed with the execution of the license agreement, click Cancel to quit the setup.

  5. Click Next. The program location folder is displayed. The default location for Novell SecureLogin is, ..\Program Files\SecureLogin\. If you want to change the location, click Change and select an alternative location for Novell SecureLogin on the drive.

  6. Click Next. The installation environment page is displayed.

  7. Select LDAP directory.

  8. Select Enable Microsoft Active Directory Group Policies (reboot required).

    NOTE:Enabling this is optional in LDAP installation. This group policies option is used only where the LDAP directory is working along side Microsoft Active Directory, or of Microsoft Active Directory is utilized for Novell SecureLogin in LDAP mode.

  9. Click Next. The smart card support page is displayed.

    NOTE:The ActivClient card settings are used if detected.

  10. Select Use smart card or cryptographic token.

    NOTE:This option is based on the administrator’s preference to have Novell SecureLogin users utilize their smart card to store single sign-on data to encrypt the users’ directory data using Public Key Infrastructure (PKI) token.

  11. If you are not using ActivClient smart card option, or you want to change the smart card or cryptographic token, select Use ActivClient smart card settings option.This is the recommended.

  12. From the Cryptographic Service Provider (Microsoft Crypto API) drop-down list, select the appropriate cryptographic service provider.

  13. Browse to locate and select the appropriate Smart card (PKCS#11) library link (.dll) file.

    Configuring manually the third-party smart card PKCS#11 link library assumes a high level of understanding of the cryptographic service provider’s product. Hence, we recommend that you use the ActivClient smart card support.

  14. Click Open.

  15. Click Next. The installation features page is displayed.

  16. We recommend you to select the Start SecureLogin at Windows startup option. However, depending on your enterprises’s operating environment, you can opt to have Novell SecureLogin start at Windows start up or at user log in.

  17. Select Install Directory administration tools.

    The Directory administration tools are provided for corporate environments to manage users centrally at the directory. In the LDAP mode, Novell SecureLogin installs the Administrative Management utility.

  18. If applicable, select Install Citrix and Terminal Services support.

  19. If applicable, select Enable aggressive server memory timing management.

    This is highly recommended to enhance the performance of Novell SecureLogin in a citrix environment.

  20. Click Next. The cache location folder page is displayed.

    IMPORTANT:

    • User's application data folder is the Triple DES or optionally AES encrypted repository for all Novell SecureLogin user data, which includes credentials, preferences, password policies, pre-configured applications, and application definitions.

    • By default Novell SecureLogin data is stored in both your organization's corporate directory and in the SecureLogin offline cache on your workstation's hard drive. The data in the directory and the local cache are synchronized to ensure user data is always current.

    • Where the smart card is used to store application credentials, the credentials are stored on the smart card and directory only. The cache and directory contain the application definitions, policies, and settings for single sign-on.

    • If smart cards are not used in the LDAP implementation, you can turn off the cache using an administrative preference so that the users access their single sign-on data from the directory only. This option has an impact on system performance.

  21. If you want to change the location of the cache folder, select Custom Location > Browse and locate the an alternative folder.

  22. Click Next. The Ready to install the program page is displayed.

  23. Click Install. The installation process takes a few minutes. A confirmation message appears after the installation is complete.

  24. Click OK.

  25. Click Finish.

    NOTE:If the Microsoft Active Directory Group Policies option was selected, a full system reboot is required.

    Otherwise, save and close all open data before logging off and logging.

  26. If you are prompted for a restart, click Yes. The computer is automatically restarted.

On login or restart, the Novell SecureLogin launches automatically and the Novell SecureLogin icon is displayed in the Windows notification area.