At the \securelogin\tools directory, run ndsschema.exe.
The extension might take some time to filter throughout your network, depending on the size of your network and the speed of the links.
When the NDS® or eDirectory schema is extended, the following attributes are added:
- Prot:SSO Auth
- Prot:SSO Entry
- Prot:SSO Entry Checksum
- Prot:SSO Profile
- Prot:SSO Security Prefs
- Prot:SSO Security Prefs Checksum
For information on these attributes, see Extending the Active Directory Schema.
Specify an eDirectory context so that SecureLogin can assign rights to User objects.
You will be prompted to define a context where you want the User objects' rights to be updated, allowing users access to their own single sign-on credentials. The following figure illustrates this prompt:
If you don't specify a context, rights begin at the root of the eDirectory tree.
Rights on Container objects are inherited. These rights flow to subdirectories, so that users can read attributes. User rights aren't inherited.
If the installation program displays a message similar to -601 No Such Attribute, you have probably entered an incorrect context or included a leading dot in the context.
(Conditional) Grant rights to local cache directories.
Users on Windows NT, Windows 2000, and Windows XP must have workstation rights to their local cache directory locations. To grant rights, do one of the following:
- Grant rights to the user's cache directory (for example, c:\program files\novell\securelogin\cache\v2slc\username)
The default location is the user's profile directory. By default, the user already has rights to this directory. However, if the user specified an alternative path during the installation, you might need to grant rights to the cache directory.
- During the installation, specify a path to a location that the user has rights to (for example, the user's documents folder).