Updating the eDirectory schema with ConsoleOne

If we are installing a new Security Verify Access secure domain, the ISAM schema is installed automatically on the Novell eDirectory Server (NDS) when the ISAM policy server is configured.

Before we configure the policy server, modify Novell eDirectory with Novell’s ConsoleOne directory management utility or iManager web-based administration console. The default Novell eDirectory schema assumes the directory does not use the X.500 object classes of inetOrgPerson or groupOfNames. By default, these classes are mapped into the eDirectory classes of User and Group. Because ISAM uses the inetOrgPerson and groupOfNames object classes for creating its own users and groups, modifications to the default eDirectory schema are required.

To update the eDirectory schema with the Novell iManager web-based administration console, see Updating the eDirectory schema with Novell iManager.

Steps

  1. Start the Novell ConsoleOne directory management utility.

  2. Select the organization object within the Novell eDirectory tree. A list of objects is displayed on the right side of the ConsoleOne window.
  3. Right click the LDAP group object (not LDAP server), and click Properties from the menu.

  4. Click the Class Map tab and the table of LDAP class names. The Novell eDirectory class names are displayed.

  5. Delete the entries with LDAP classes of inetOrgPerson and groupOfNames.

  6. Click Apply and then click Close.

  7. Click the Attribute Map tab and the table of LDAP attribute names. The Novell eDirectory attribute names are displayed.
  8. Scroll through the table and find the Novell eDirectory attribute member. Check the value of the corresponding LDAP attribute. If the LDAP attribute value is member, then no change is needed. If the attribute is showing the default value of uniqueMember, we need to modify it as follows.

    • Click Modify. The Attribute Mapping window is displayed.
    • Change the Primary LDAP Attribute field from uniqueMember to member.
    • Change the Secondary LDAP attribute field from member to uniqueMember.

    • In the Attribute window, click OK to accept the changes.

  9. If we are using Solaris, proceed to the next step. If we are using Windows NT, we might have to add another mapping for the LDAP attribute ndsHomeDirectory as follows:

    • On the right hand side of the Attribute Mappings window, click Add. The Attribute Mapping window repaints and is displayed again.

    • From the Novell eDirectory NSD Attribute field menu, click Home Directory.

    • In the Primary LDAP Attribute field, click ndsHomeDirectory.

    • In the Attribute Mapping window, click OK to accept the changes.

  10. In the Properties window, click OK.

Parent topic: Novell-specific tasks