Creating a User Store for the NESCM Method

Identity Server must be configured to use the eDirectory replica where you have installed the NESCM server method.

  • If you have already configured Identity Server to use this replica, skip this section and continue with Creating a Contract for the Smart Card.

  • If your Identity Server is using a different user store, you need to configure Identity Server.

To configure Identity Server for the eDirectory replica that has the NESCM method:

  1. On the Home page, click Identity Servers > [cluster name] > User Stores > Plus icon.

  2. Specify the following details:

    Field

    Description

    Name

    A display name for the eDirectory replica. For example, nescm_replica

    Administrator Name

    The distinguished name of the administrator user of the directory. Administrator-level rights are required for setting up a user store.

    Administrator Password and Confirm Password

    Specify the password for the administrator user and confirm it.

    NOTE:If the admin account's password needs to be changed in the LDAP directory due to some issue, then change the administrator password in the Create User Store page accordingly and apply the change. Else, this administrator account of the user store will get locked.

    Directory Type

    Select eDirectory.

  3. Specify a server replica.

    1. Under Server Replicas, specify the following details:

      Field

      Description

      Name

      The display name for the LDAP directory server. For example, nescm_server.

      Base URL

      The IP address of the LDAP directory server. The port is set automatically to the standard LDAP ports.

      Use Secure LDAP Connections

      You must enable SSL between the user store and Identity Server. The port changes to 636, which is the secure LDAP port.

      Connection Limit

      The maximum number of pooled simultaneous connections allowed to the replica. Valid values are between 5 and 50.

    2. Click Auto Import Trusted root.

    3. Click OK.

    4. Select one of the certificates in the list.

      To trust one certificate, choose Server Certificate. Choose Root CA Certificate to trust any certificate signed by that certificate authority.

    5. Specify an alias and click OK.

      An alias is a name you use to identify the certificate used by Access Manager.

    6. Click OK.

    7. Click the Validate this Replica icon to test the connection between Identity Server and replica.

  4. Set up a search context.

  5. Click Save.

  6. Continue with Creating a Contract for the Smart Card.