This section contains information on the following:
The ADAM setup files are provided in the Tools folder of the SecureLogin Distribution CD.
To create an ADAM instance for SecureLogin 6.0 SP1:
Double-click the adamsetup.exe file. The Active Directory Application Mode Setup Wizard is displayed.
Click the
button. The License Agreement dialog box is displayed.Accept the license agreement, then click
.The Installation Options dialog box is displayed.
Select the
option.Click
.The Setup Options dialog box is displayed.Select the
option.Click
. The Instance Name page is displayed.Specify a name for the ADAM instance in the
field.Click
. The Ports page is displayed.Enter the ADAM instance port number in the LDAP port number field and enter the ADAM instance SSL port number in the SSL port number field. The default LDAP port number is 50000 and the SSL port number 500001. If Active Directory is not installed on the computer, the default will be LDAP port number 389 and SSL port number 636. The default values are recommended, however if required, the port numbers can be manually configured.
NOTE:Make a note of the LDAP port number and SSL port number as this information is required for SecureLogin ADAM configuration.
Click
. The Application Directory Partition page is displayed.Select
.Click
. The File Locations page is displayed.Specify alternative locations for ADAM files in the
and fields or accept default values.Click
. The Service Account Selection page is displayed.Select the
option or the Select the option and type the credentials for the selected service account.NOTE:The service account selected must have permissions to register a Service Connection Point (SCP) and permission to install and execute SecureLogin. Selecting the Network service account option is recommended; however, an account with a static password can also be specified.
Click
. The ADAM Administrators page is displayed.Select the
option or select and specify the account or group name in the field, if required.NOTE:The account selected needs administrator level permissions for the ADAM instance. In this example, the default is selected as the current user, the Administrator will administer this ADAM instance.
If an alternative account or group is preferred, select This Account and enter the account or group name and credentials.
Click the
button. The Importing LDIF Files page is displayed.Select the
option is selected.Click
. The Ready to Install page is displayed.Review the setup options in the Selections window to confirm the required options are selected.
Click
to continue or to change selected options.Click
when ADAM instance creation settings are confirmed.Click
to create the ADAM instance. Review the Windows Event log to ensure the ADAM instance is created without errors.From the Windows Start menu select,
> > . The Windows Event Viewer displays with the ADAM (Instance#) displayed in the Event Viewer hierarchy.Double-click
to view the Event log.If an error icon is displayed double-click to view the error details.
When the ADAM instance is successfully created execute the SecureLogin ADAM Configuration wizard to automatically extend the ADAM instance schema and assign Read and Write Rights to directory user objects.
Before executing the SecureLogin ADAM Configuration wizard:
Navigate to the Tools folder on the CD
Copy the ADAMconfig folder to your local drive
The SecureLogin ADAM Configuration wizard extends the ADAM Directory Schema with SecureLogin Single Sign-On attributes, creates ADAM partitions and assigns selected directory objects Read and Write permissions to the SecureLogin attributes. The Wizard creates corresponding user Proxy objects for users objects in Active Directory, including the directory hierarchy to the ADAM instance and can be used to synchronize user object structure after initial SecureLogin Configuration.
To run the SecureLogin ADAM Configuration wizard:
Log on to the ADAM instance/server (or administration workstation if separate) as Administrator (or a user with Administrator level access).
Double-click the
file.The Welcome to the SecureLogin ADAM Configuration wizard page is displayed. Ensure you have all the required Active Directory and ADAM Administrator account details selected during ADAM instance creation.
Click
NOTE:The ADAM schema can be extended manually at the command line using the MS-UserProxy.LDF and sso-adam-schema.LDF files. These files are located in the Tools folder of the SecureLogin distribution CD. We recommend that this procedure is only performed with the assistance of our consultants.
Select the Configure ADAM instance for SecureLogin option on first execution of the SecureLogin ADAM Configuration wizard.
Although configuration is required only once, selection of this option on subsequent executions has no adverse affects.
The SecureLogin ADAM Configuration wizard copies across selected Active Directory user data to the ADAM instance, including the directory hierarchy.
NOTE:Directory synchronization of a large number of users may adversely affect network performance. The SecureLogin ADAM Configuration wizard can be executed and directory synchronization delayed to a convenient time.
The SecureLogin ADAM Configuration wizard can be executed at any time to synchronize updated Active Directory user data. A command file, SyncAdam.cmd is located in the AdamConfig folder copied to the local drive. The SyncAdam.cmd cannot be executed prior to running the AdamConfig wizard.
Select the
option.Check the
check box if required.NOTE:Each time a new organizational unit is created in Active Directory the SecureLogin ADAM Configuration wizard, or the SyncAdam.cmd command file, must be executed to synchronize with the ADAM Instance and assign Read and Write permissions. For more information refer to section Section 5.5.4, Synchronize Data from Active Directory to an ADAM Instance.
Click
. The Microsoft Active Directory user account page is displayed.The account selected in this page is used to access and copy the Active Directory object data for synchronization with the ADAM instance, so it must have Read permission. This account much not have Write permission.
Select
or select the option and enter the account details in the , and and clickThe ADAM Administrator user account page is displayed.
The account selected in this dialog box is used to manage SecureLogin in this ADAM instance and therefore requires Administrator level access. By default the current account (the one you have logged on with) is selected. However, any user account that has Administrator level access to the ADAM instance is valid.
Select the
option or the option and enter the account details in the , and fields and click the button. The ADAM instance location page is displayed.The default server value is localhost. Choose an alternative server if you are hosting your ADAM instance on another computer.
The default port is 50000. Enter an alternative port number if this is not the ADAM instance server port.
Accept the default values or specify the alternative Server and Port values as required and click
. The Microsoft Active Directory containers/organizational units dialog box is displayed.All containers and organizational units that include SecureLogin users are specified in this dialog box, to assign SecureLogin rights and select for Microsoft Active Directory synchronization.
Click the
Button.The Domain, Container or Organizational unit dialog box is displayed.Specify the full distinguished name in the
, field.Click
. The ADAM Configuration error message box will be displayed if the distinguished name of the domain, container or organizational unit specified is invalid.If this occurs, click the
button. Re-enter the correct name in the Enter distinguished name of domain, container or organizational unit field and click .Click
when all required objects are added to the list.The Configuration summary dialog box is displayed
Click
to change details or to execute.The SecureLogin ADAM Configuration - Termination dialog box is displayed if the configuration was not able to complete successfully.
If this occurs, review the text box to investigate cause of termination. If a solution to the problem is determined, click
and repeat execution of the SecureLogin ADAM Configuration wizard.The SecureLogin ADAM configuration - Finished dialog box is displayed.
Click
.The ADSI Edit tool is a MMC snap-in used to view all objects in the directory (including schema and configuration information), modify objects and set access control lists on objects.
To check and review SecureLogin ADAM configuration start the ADSI Edit tool:
Select from the
> > > A . The ADAM ADSI Edit tool is displayed.Select A
in the hierarchy pane, to view the ADAM Instance details.Select
from the Action menu. The Connection Settings dialog box is displayed.Specify a name for the connection in the
field.Specify the ADAM instance server name in the
field.Specify the ADAM instance port name in the
field.Select the
option.Specify the
field.Select a
, account option to connect to the ADAM instance.option is selected in this example.
Click
. The ADSI Edit tool displays the selected ADAM instance.Right-click on the Users container to display the context menu.
Select the
option. The CN=Users Properties dialog box is displayed.To confirm the schema attributes have been added successfully, scroll down the Attributes table window to display the six SSO attributes.
Repeat for each container and/or organizational unit containing SecureLogin users to ensure rights have been successfully assigned.
If the SecureLogin attributes do not display, execute the ADAM Configuration wizard and ensure you have specified the required container, organizational unit and/or user object.
Contact Novell Technical Support for assistance if required.
Active Directory to ADAM Synchronizer is a command-line tool that synchronizes data from an Active Directory forest to a configuration set of an ADAM instance. This is used to ensure that new users added to Active Directory have objects representing their SecureLogin data created in the ADAM instance.
To synchronize data from Active Directory to an ADAM instance, open the folder where you copied the ADAM files to and double-click the syncadam.cmd file.
It is advisable to run the synchronization method on a regular basis, or when Active Directory users are changed. A way to manage this would be to add the process to the Windows Scheduled Tasks.
Once the synchronization is complete, check the log file, SyncAdam.log to make sure that the process was successful.
The following processes are automatically synchronized:
A new container or organizational unit in Active Directory will be created as a corresponding container in ADAM.
A new user in Active Directory will be created as ADAM user proxy.
a renamed user object in Active Directory will cause corresponding user proxy to be renamed in ADAM.
A moved user object in Active Directory will cause corresponding user proxy to be moved in ADAM. This requires both user object source container and destination container in synchronization scope.
The following processes are not automatically synchronized:
Deleted user objects in Active Directory are not deleted in ADAM by default. This is due to safety reasons. You can override this by manually editing SyncAdam.config. However this is not recommended unless there is a good reason to as the user name may conflict with ‘zombie’ user or performance issues.
Deleted, moved or renamed containers and organizational units in Active Directory will not be reflected to ADAM. Changes to existing container or OU objects in Active Directory must be manually reflected to ADAM using the ADSI Edit tool or any other directory editor. For example, if an OU is renamed in Active Directory, it must be renamed in ADAM. Due to safety reasons, synchronization will not run if existing containers and OU’s do not match with Active Directory and ADAM.