Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 78

Active Directory: cn=Administrator,cn=users,dc=domeh,dc=test,dc=com
or cn=john smith,cn=users,dc=domeh,dc=test,dc=com
Sun ONE: cn=admin,cn=users,dc=novell,dc=com
Admin Password and Confirm Password: Specify the password for the admin user and
confirm it.
Directory Type: The type of LDAP directory. You can select eDirectory, Active Directory, or
Sun ONE. If you have installed an LDAP server plug-in, you can select the custom type that
you have configured it to use. For more information, see
developer.novell.com/documentation/nacm31/nacm_enu/data/bfg38fg.html).
If eDirectory
like Active Directory*. When you configure such a directory to be a user store, its Directory
Type must be set to Active Directory for proper operation.
Install NMAS SAML method: (eDirectory only) Extends the schema on the eDirectory
server and installs an NMAS
a form understood by eDirectory. This method is required if you have installed Novell
SecretStore
Manager secrets. If you select this option, make sure the admin you have configured for the
user store has sufficient rights to extend the schema and add objects to the tree.
Enable Secret Store lock checking: (eDirectory only) Enables Access Manager to prompt
users for a passphrase when secrets are locked.
If Access Manager is sharing secrets with other applications and these applications are
using the security flag that locks secrets when a user's password is reset, you need to
enable this option.
If Access Manager is not sharing secrets with other applications, the secrets it is using are
never locked, and you do not need enable this option.
4 Under LDAP timeout settings, specify the following:
LDAP Operation: Specify how long in seconds a transaction can take before timing out.
Idle Connection: Specify how long in seconds before connections begin closing. If a
connection has been idle for this amount of time, the system creates another connection.
5 To specify a server replica, click New, then fill in the following fields:
For an eDirectory server, you should use a replica of the partition where the users reside.
Ensure that each LDAP server in the cluster has a valid read/write replica. One option is to
create a users partition (a partition that points to the OU containing the user accounts) and
reference this server replica.
Name: The display name for the LDAP directory server. If your LDAP directory is replicated
on multiple servers, use this name to identify a specific replica.
IP Address: The IP address of the LDAP directory server.
Port: The port of the LDAP directory server.
Use secure LDAP connections: Specifies that the LDAP directory server requires secure
(SSL) connections with the Identity Server.
This is the only configuration we recommend for the connection between the Identity Server
and the LDAP server in a production environment. If you use port 389, usernames and
passwords are sent in clear text on the wire.
78 Novell Access Manager 3.1 SP1 Identity Server Guide
has been configured to use Domain Services for Windows, eDirectory behaves
TM
method. This method converts the Identity Server credentials to
TM
®
on the eDirectory server and you are going to use that SecretStore for Access
LDAP Server Plug-In (http://
®