Management domain location

Security Verify Access permits us to specify a management domain location that maintains Security Verify Access metadata unless We use the default management domain location.

Create this location in the Novell eDirectory server before configuring the ISAM policy server.

Security Verify Access extends the Novell eDirectory schema to add Security Verify Access metadata objectclasses and attributes. The secAuthorityInfo objectclass, an ISAM-defined objectclass, is explicitly defined to be contained under the following common objectclasses:

• treeRoot
• container
• organization
• organizationalUnit
• domain
• country

The Novell eDirectory strictly enforces the containment rule. If we specify a management domain location with an objectclass other than the common objectclasses listed here, we must manually modify the schema file novschema.def to include the objectclass. We must modify the schema file before configuring the ISAM.

The complete Security Verify Access Novell eDirectory schema file path is [Security Verify Access installation directory]/etc/novschema.def. The following example illustrates how to modify the schema file.

1. Open the schema file.
2. Replace this portion:

   dn: cn=schema
   changetype: modify
   delete: objectclasses
   objectClasses: (
   1.3.6.1.4.1.4228.1.8
   NAME 'secAuthorityInfo'
   DESC 'Security Authority Information'
   SUP 'eApplicationSystem'
   STRUCTURAL
   MUST ( secAuthority $ version )
   X-NDS_NAMING 'secAuthority'
   X-NDS_CONTAINMENT ( 'treeRoot' )
    )
   -
   add: objectclasses
   objectClasses: (
   1.3.6.1.4.1.4228.1.8
   NAME 'secAuthorityInfo'
   DESC 'Security Authority Information'
   SUP 'eApplicationSystem'
   STRUCTURAL
   MUST ( secAuthority $ version )
   X-NDS_NAMING 'secAuthority'
   X-NDS_CONTAINMENT ( 'treeRoot' 'container' 'organization'
    'organizationalUnit' 'domain' 'country')
    )

   with

   dn: cn=schema
   changetype: modify
   delete: objectclasses
   objectClasses: (
   1.3.6.1.4.1.4228.1.8
   NAME 'secAuthorityInfo'
   DESC 'Security Authority Information'
   SUP 'eApplicationSystem'
   STRUCTURAL
   MUST ( secAuthority $ version )
   X-NDS_NAMING 'secAuthority'
   X-NDS_CONTAINMENT ( 'treeRoot' )
    )
   -
   add: objectclasses
   objectClasses: (
   1.3.6.1.4.1.4228.1.8
   NAME 'secAuthorityInfo'
   DESC 'Security Authority Information'
   SUP 'eApplicationSystem'
   STRUCTURAL
   MUST ( secAuthority $ version )
   X-NDS_NAMING 'secAuthority'
   X-NDS_CONTAINMENT ( 'treeRoot' 'container' 'organization' 
   'organizationalUnit' 'domain' 'country'
    'your_object_class_goes_here')
    )

For information about management domains and creating a location for the metadata, see Security Verify Access management domains and Management domain location example.

Parent topic: Novell eDirectory installation