Configure the Novell eDirectory for ISAM

If we are installing a new Security Verify Access secure domain, the ISAM schema is installed on the Novell eDirectory Server (NSD) automatically when the ISAM policy server is configured. However, before we configure the policy server, we must make several modifications to Novell eDirectory server.

The default Novell eDirectory schema assumes the directory does not use the X.500 object classes of inetOrgPerson or groupOfNames. By default, these classes are mapped into the eDirectory classes of User and Group. Because ISAM uses the inetOrgPerson and groupOfNames object classes for creating its own users and groups, modifications to the default eDirectory schema are required. We can configure the Novell eDirectory for ISAM by using either of the following tools:

• Novell eDirectory ConsoleOne directory management utility
• Novell iManager web-based administration console

To configure Novell eDirectory for ISAM by using the Novell eDirectory ConsoleOne directory management utility, complete the following steps: Procedure

1. Start the Novell ConsoleOne directory management utility.

2. Select the organization object within the Novell eDirectory tree. A list of objects is displayed on the right side of the ConsoleOne window.
3. Right-click the LDAP group object (not LDAP server), and click Properties from the menu.

4. Click the Class Map tab and the table of LDAP class names. The Novell eDirectory class names are displayed.

5. Delete the entries with LDAP classes of inetOrgPerson and groupOfNames.

6. Click Apply.

7. Click Close.

8. Click the Attribute Map tab and the table of LDAP attribute names. The Novell eDirectory attribute names are displayed.
9. Scroll through the table and find the Novell eDirectory attribute member. Check the value of the corresponding LDAP attribute. If the LDAP attribute value is member, then no change is needed. If the attribute is showing the default value of uniqueMember, we need to modify it as follows.

   • Click Modify. The Attribute Mapping window is displayed.
   • Change the Primary LDAP Attribute field from uniqueMember to member.
   • Change the Secondary LDAP attribute field from member to uniqueMember.

   • In the Attribute window, click OK to accept the changes.

10. If we are using Solaris, proceed to the next step. If we are using Windows NT, we might add another mapping for the LDAP attribute ndsHomeDirectory as follows:

    • On the right side of the Attribute Mappings window, click Add. The Attribute Mapping window repaints and is displayed again.

    • From the Novell eDirectory NSD Attribute field menu, click Home Directory.

    • In the Primary LDAP Attribute field, click ndsHomeDirectory.

    • In the Attribute Mapping window, click OK to accept the changes.

11. In the Properties window, click OK.

To configure Novell eDirectory for ISAM by using the Novell iManager web-based administration console, complete the following steps:

Procedure

1. Launch the iManager web page and log in as the administrator for the Novell eDirectory tree to be updated.

2. Click the Roles and Tasks icon at the top of the iManager window to open the Roles and Tasks view.

3. In the Roles and Tasks navigation frame, expand the LDAP category.

4. In the expanded list, click the LDAP Options task.

5. On the LDAP Options page, click the LDAP Group that is listed. If the LDAP group object is missing, make sure the plug-ins for eDirectory were installed when eDirectory was installed. We can download the eDir_88_iMan27_Plugins.npm from the Novell Download Site at http://download.novell.com.

6. Click Class Map to display the Novell eDirectory class to LDAP class mappings.
7. Remove mappings to inetOrgPerson and groupOfNames.
   • Scroll through the list and look for mappings of eDirectory classes to the LDAP class inetOrgPerson.

   • If a mapping exists, select the row and click the Remove Mapping icon to remove the mapping.

   • Click OK in the pop-up window to confirm the removal of the mapping.

   • Click Apply to apply the changes.
   • Repeat this step to remove a mapping for the LDAP class groupOfNames.

8. Click OK, to accept the changes that you made.

9. In the Roles and Tasks navigation frame, expand the LDAP category.

10. In the expanded list, click the LDAP Options task.

11. On the LDAP Options page, click the LDAP Group that is listed.

12. Click Attribute Map to access the Novell eDirectory attribute to LDAP attribute mappings.
13. Scroll through the table and find the Novell eDirectory attribute member. Check the value of the corresponding LDAP attribute. If the LDAP attribute value is member, no change is needed. If the attribute is showing the default value of uniqueMember, we need to modify it as follows:

    • Select the row and click the View/Edit Mapping icon.
    • Change the Primary LDAP Attribute field from uniqueMember to member.
    • Change the Secondary LDAP attribute field from member to uniqueMember.

    • Click OK in the pop-up window to confirm the change.

    • Click Apply to apply the changes.

14. Enable LDAP clear-text passwords.

    Follow steps 1 - 10 of the Enable LDAP Clear-Text Passwords procedure from the Novell Access Manager 3.1 Documentation section in 6.4.4 Configuring an Identity Injection Policy for Basic Authentication.

15. If we are using Solaris, proceed to the next step. If we are using Windows, we might need to add another mapping for the LDAP attribute ndsHomeDirectory. To add another mapping for the LDAP attribute ndsHomeDirectory:

    • Click the Add Mapping icon in the right side of the window. A pop-up window to define the mapping is displayed.

    • In the eDirectory Attribute field, select Home Directory.

    • In the Primary LDAP Attribute field, type ndsHomeDirectory.

    • Click OK to confirm the mapping and close the pop-up window.

16. Click OK in the Attribute Map window to accept the changes.

After we set up Novell eDirectory for use with ISAM, the next step is to set up the policy server.

Parent topic: Novell eDirectory installation