Configure the ISAM schema

Security Verify Access defines its own set of LDAP entry types and attributes that it uses to track user, group, and policy information. Add the ISAM schema extensions so that Active Directory Lightweight Directory Service support is enabled.

Before we add Security Verify Access schema extensions, ensure that we defined inetOrgPerson and user schema definitions included with AD LDS. If the inetOrgPerson and user schema extensions are not added yet, they can also be added using the ldifde.exe command-line tool and must be done before we add the ISAM schema.

These extensions to the basic LDAP server schema must be added to Active Directory Lightweight Directory Service (AD LDS) before we configure IBM Security Verify Access.

After we install AD LDS and configure the AD LDS instance using the Active Directory Lightweight Directory Service Setup Wizard, the ISAM schema extensions can be added to AD LDS using the ldifde.exe command-line tool included with AD LDS.

To add inetOrgPerson and user schema extensions, use the following procedure. After you run these commands, the AD LDS schema includes the AD LDS, inetOrgPerson, and user objectclasses and attribute definitions. If these schema extensions are already added, we can skip this procedure.

Steps

  1. Apply the tam-adamschema.ldf schema file on the AD LDS server. The file is in the downloads section of the appliance. In the local management interface, navigate to System > Secure Settings > File Downloads > ISAM.

  2. Click Start > All Programs > Accessories.
  3. Right-click Command Prompt.
  4. Change to the directory that houses the ldf files for AD LDS. The path is similar to the following line: 

      C:\Windows\winsxs\amd64_microsoft-windows-d..services-adam-setup
_31bf3856ad364e35_6.1.7600.16385_none_981a296d97d2c90a

  5. Click Run as administrator.
  6. At the command prompt, type the following command and then press Enter: 
    ldifde -i -f ms-inetorgperson.ldf -s servername:portnumber -k -j . -c 
	“CN=Schema,CN=Configuration,DC=X” #schemaNamingContext

    where servername represents the workstation name and portnumber is the LDAP connection port of your AD LDS instance. If AD LDS is running on your local workstation, we can also use localhost as the workstation name.

  7. Type the following command, and then press Enter: 

      ldifde -i -f ms-user.ldf -s servername:portnumber -k -j . -c 
	“CN=Schema,CN=Configuration,DC=X” #schemaNamingContext
      where servername represents the workstation name and portnumber is the LDAP connection port of your AD LDS instance. If AD LDS is running on your local workstation, we can also use localhost as the workstation name.
    • After you ensured the AD LDS schema includes the inetOrgPerson and user definitions, add the ISAM schema extensions:

      1. Click Start > All Programs > Accessories.
      2. Right-click Command Prompt.

      3. Click Run as administrator.
      4. Change to the directory containing the tam-adamschema.ldf file.
      5. At the command prompt, type the following command and then press Enter: 
        ldifde -i -e -f tam-adamschema.ldf -s servername:portnumber -k -j . -c 
	“CN=Schema,CN=Configuration” #schemaNamingContext

    where servername represents the workstation name and portnumber is the LDAP connection port of your AD LDS instance. If AD LDS is running on your local workstation, we can also use localhost as the workstation name. The tam-adamschema.ldf file is included in the File Downloads area of the ISAM appliance.

Parent topic: Microsoft Active Directory Lightweight Directory Service (AD LDS) installation