Modifying the schema of Sun Directory Server and Active Directory

You must modify the schema of the Sun Directory Server and the Active Directory with necessary configuration before you install the LDAP Password Store.

Procedure

1. Modify the LDAP schema of the Sun Directory Server. Run the following command as one line:

   ldapmodify -c -h LDAP Hostname -D admin DN -w admin PW-f 
   TDI_install_dir/pwd_plugins/etc/ibm-diPersonForSunDS.ldif

2. Modify the LDAP schema of the Active Directory:
   1. Enable the Active Directory schema modification by editing the Windows registry key:

      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

      Add a REG_DWORD value named Schema Update Allowed with a value of 1 or any value greater than 0.
   2. Run the following command to update the LDAP schema:

      ldifde -i -f TDI_install_dir/pwd_plugins/etc/ibm-diPersonSchemaForAD.ldif

   3. Open the Microsoft Management Console.
   4. Create a new Organizational Unit to store the changed passwords.
   5. Get the Distinguished Name of the Organizational Unit by using one of the following tools: ldifde.exe, csvde.exe, or dsquery.exe. The names are used when you configure the suffix of the LDAP Password Store in the pwsync.props file.

Parent topic:

LDAP Password Store