The Corporate Redirection policy distributes SecureLogin settings of a specified object, which can be a container or an organizational unit, to another directory. When this policy is enabled, the recipient directory ignores the SecureLogin settings of its parent directory and inherits the SecureLogin settings of the specified object. The inherited SecureLogin configurations can include enabled applications, password rules, or any other settings.
The Corporate Redirection functionality bypasses the Microsoft Active Directory, NetIQ eDirectory™ inheritance by specifying the source object from which the current object inherits its single sign-on configuration. Although inheritance is redirected to a specific object, such as a container or organizational unit, local user object settings continue to override the inherited settings.
Before you set corporate redirection, the Administrative Management utility must be active.
Corporate redirection cannot be applied to a group object because they are not part of the hierarchy but linked to it.
Consider the following example:
Create two directory containers (OU's) under O=novell:
ou_apps
ou_users
Create a user (user1) in ou_users (user1.ou_user.novell).
Create SecureLogin applications and, or define settings on the ou_apps.novell container.
Set corporate redirection on ou_users.novell to point to ou_apps.novell. The following is seen:
user1 has applications and settings defined at ou_apps.novell.
user1 also has its own applications and settings.
You can configure the Corporate redirection preference only to be redirected to a specific organizational unit or container.
When set to a user, the user does not inherit any SecureLogin preferences from their nominal hierarchy but from the other organizational unit or container.
When applied to an organizational unit or container, any user in that object does not inherit SecureLogin preferences from its container settings. It inherits from the other organizational unit or container.
To get the correct inheritance, users must be granted the correct rights to inherit from other object. The inheritance process stops at the redirected container. There is no inheritance from the redirected object’s hierarchy.
In the following example, the Finance organizational unit is redirected to inherit the SecureLogin configuration from the Development organizational unit.
Launch the Administrative Management utility (SLManager or MMC snap-ins).
Click Advanced Settings.
Specify the full distinguished name of the object in Corporate redirection.
NOTE:The full distinguished name is required to uniquely identify the container or organizational unit.
In this example, the Development organizational unit (ou=development,dc=training7,dc=com)
Click Apply.
Click OK.
Click Applications to view the application definitions inherited from the object. Click Preferences to view the inherited preferences. In this example, the preferences inherited from the Development ou.
Ensure that you do not overwrite administrator settings when distributing SecureLogin configuration environments. For example, if you set the preference Allow users to view and change settings to No and then copy this to the container or organizational unit as part of a SecureLogin environment, including the Administrator user object, the administrator cannot view or change SecureLogin settings because they reside in that organizational unit. To prevent this from happening, all administrator user objects should be located in a separate organizational unit, and administrator preferences should be manually configured.