When SecureLogin is deployed on eDirectory servers, a tool called ndsschema.exe is utilized to extend the eDirectory schema with a set of SecureLogin attributes that are used to store encrypted credentials, policies, etc. on Users and container objects. These attributes are:
Prot:SSO Auth
Prot:SSO Entry
Prot:SSO Entry Checksum
Prot:SSO Profile
Prot:SSO Security Prefs
Prot:SSO Security Prefs Checksum
These attributes are specific to eDirectory and are required in order for the SecureLogin product to function. The provisioning API provided in Identity Manager 3.0 Support Pack 1 utilizes the LDAP namespace to perform its functions so that it can work with any SecureLogin credential store.
In order to provide LDAP mappings to the attributes listed above, a second tool provided with the SecureLogin product must be utilized. The tool name is ldapschema.exe, and it is used in eDirectory environments to provide the LDAP namespace mapping to the eDirectory attributes.
See Preparing for an LDAP Directory in the Novell SecureLogin 6.0 Installation Guide.
After running ldapschema.exe, verify the mappings by checking the LDAP Group attribute map in iManager.
In iManager, click
.Select the LDAP Group associated with your eDirectory servers that host SecureLogin.
From the LDAP Group properties page, select the
option and verify that the eDirectory attributes are correctly mapped:After the schema is extended, proceed to Section 3.3, Determining Deployment Configuration Parameters for Novell SecureLogin.