You can use a Novell eDirectory LDAP user directory as a user store. The following process lists the steps for creating the user store connection to the Policy Server:
or
Create access for a specific CA SiteMinder® Administrator:
The goal of the configuration described in this section is to allow the Policy Server to log into the Novell eDirectory, view the contents of the directory, and retrieve directory attributes. For some advanced features of CA SiteMinder®, you may also need to configure the Novell eDirectory to allow the Policy Server write-access to the directory.
If you installed LDAP as part of your Novell eDirectory installation, you should have a server in Novell eDirectory called LDAP Server and an LDAP group named LDAP Group. LDAP Server should be a member of the LDAP Group.
To create the LDAP Server and LDAP Group in Novell eDirectory
Note: If you are using the Netware ConsoleOne tool instead of the NW Admin tool to modify your Novell eDirectory, you must complete the same tasks using the tools available in ConsoleOne. The interface for the two tools is similar. See your Novell documentation for more information.
In order for the Policy Server to interact with an Novell eDirectory, you must create an account with enough administrative privileges to allow access to the directory.
The easiest configuration is to generate an anonymous user on the LDAP server and make this the proxy user. The user should be assigned enough power to perform all functions necessary for CA SiteMinder® on the LDAP server.
The instructions below assign administrator privileges to an anonymous user, although you can configure the user with more limited privileges. The effect of this is that any anonymous access to the LDAP directory will gain the same privileges you give to CA SiteMinder®.
To configure anonymous LDAP access
The following procedure is an example which may differ based on your version of Novell products.
The following procedure is an example which may differ based on your version of Novell products.
To continue configuring your Novell eDirectory for use with the Policy Server, see Configure a Novell eDirectory LDAP Connection in Policy Server User Interface.
The alternate instructions below allow special access only to the Policy Servers and may be more appropriate in some environments.
You can give the CA SiteMinder® Administration a user account using the NW Admin tool.
To create a Novell eDirectory user account for CA SiteMinder® administration
By default, set the access level to Read, which is sufficient for CA SiteMinder®’s basic functions. Customers whose use active APIs or some of CA SiteMinder®’s advanced features (for example, Password Services, User Disablement, Registration Services) may require Write access.
Pinging the user store system verifies that a network connection exists between the Policy Server and the user directory or database.
Note: Some user store systems may require the Policy Server to present credentials.
You can configure a user directory connection that lets the Policy Server communicate with a Novell eDirectory user store.
Follow these steps:
Objects related to user directories appear on the left.
The User Directories screen appears.
The Create User Directory screen appears and displays the required settings to configure an LDAP connection.
Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.
Note: If the Policy Server is operating in FIPS mode and the directory connection is to use a secure SSL connection when communicating with the Policy Server, the certificates used by the Policy Server and the directory store must be FIPS compliant.
Note: If the user directory contains multiple organizations, you can leave the Root field blank. This lets the Policy Server search for users in multiple organizations.
The user directory connection is created.
Copyright © 2013 CA.
All rights reserved.
|
|