A.0 Extending the OpenLDAP Schema to Support SecureLogin

  1. Copy SecureLoginSSO.schema and SecureLoginSSO2.schema to the /etc/openldap/schema folder. The OpenLDAP schema files can be found on the SecureLogin CD in the path of <CD>/SecureLogin/Tools/Schema/OpenLDAP.

  2. Edit the slapd.conf file, and ensure that the following lines are included:

    #include    /etc/openldap/schema/core.schema
include /etc/openldap/schema/core.schema 
include /etc/openldap/schema/cosine.schema 
include /etc/openldap/schema/inetorgperson.schema 
include /etc/openldap/schema/misc.schema 
include /etc/openldap/schema/openldap.schema 
# NetIQ  ADDED THE FOLLOWING LINE
include /etc/openldap/schema/SecureLoginSSO.schema
include /etc/openldap/schema/SecureLoginSSO2.schema

  3. Edit the ldap.conf file and ensure that the following lines are included:

    #
# LDAP Defaults
# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE  dc=example, dc=com
#URI  ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT  12
#TIMELIMIT  15
#DEREF    never

HOST openldap.com 
PORT 636 
TLS_CACERT /ssl/certs/cacert.pem 
TLS_REQCERT demand

  4. Open the core.schema file and make the following changes:

    objectclass ( 2.5.6.4 NAME 'organization'
  DESC 'RFC2256: an organization'
  SUP top STRUCTURAL
  MUST o
  MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
    x121Address $ registeredAddress $ destinationIndicator $
    preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
    telephoneNumber $ internationaliSDNNumber $
    facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
    postalAddress $ physicalDeliveryOfficeName $ st $ l $ description $ protocom-SSO-Entries $ protocom-SSO-Auth-Data $ protocom-SSO-Security-Prefs $ protocom-SSO-Entries-Checksum $ protocom-SSO-Security-Prefs-Checksum $ protocom-SSO-Profile ) )
    objectclass ( 2.5.6.5 NAME 'organizationalUnit'
  DESC 'RFC2256: an organizational unit'
  SUP top STRUCTURAL
  MUST ou
  MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
    x121Address $ registeredAddress $ destinationIndicator $
    preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
    telephoneNumber $ internationaliSDNNumber $
    facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
    postalAddress $ physicalDeliveryOfficeName $ st $ l $ description $ protocom-SSO-Entries $ protocom-SSO-Auth-Data $ protocom-SSO-Security-Prefs $ protocom-SSO-Entries-Checksum $ protocom-SSO-Security-Prefs-Checksum $ protocom-SSO-Profile ) )
    objectclass ( 2.5.6.6 NAME 'person'
  DESC 'RFC2256: a person'
  SUP top STRUCTURAL
  MUST ( sn $ cn )
  MAY ( userPassword $ telephoneNumber $ seeAlso $ description $ protocom-SSO-Entries $ protocom-SSO-Auth-Data $ protocom-SSO-Security-Prefs $ protocom-SSO-Entries-Checksum $ protocom-SSO-Security-Prefs-Checksum $ protocom-SSO-Profile ) )