Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 82

DES: Data Encryption Standard (DES) is a widely used method of data encryption that
uses a private key. Like other private key cryptographic methods, both the sender and the
receiver must know and use the same private key.
Triple DES: A variant of DES in which data is encrypted three times with standard DES,
using two different keys.
Extended Schema User Store References: Do not specify a user store reference. When this
option contains no values, the configuration datastore is used to store the secrets.
4 Click OK.
5 On the Identity Servers page, update the Identity Server.
6 To use the secret store to store policy secrets, see
the Novell Access Manager 3.1 SP1 Policy Management
Configuring an LDAP Directory to Store the Secrets
When you use an LDAP directory to store the secrets, you need to enable the user store for the
secrets. You select the LDAP directory, then specify an attribute. The attribute you specify is used to
store an XML document that contains encrypted secret values. This attribute should be a single-
valued case ignore string that you have defined and assigned to the user object in the schema.
To use an LDAP directory to store secrets, your network environment must conform to the
following requirements:
The user class object must contain an attribute that can be used to store the secrets. This
attribute must be a string attribute that is single valued and case ignore.
The user store must be configured to use secure connections (click Devices > Identity Servers >
Edit > Local > User Stores > [User Store Name]. In the Server replicas section, ensure that the
Port is 636 and that Use SSL is enabled. If they aren't, click the name of the replica and
reconfigure it.
To configure the LDAP directory:
1 In the Administration Console, click Devices > Identity Servers > Servers > Edit > Liberty >
Web Service Providers.
2 Click Credential Profile.
82 Novell Access Manager 3.1 SP1 Identity Server Guide
"Creating and Managing Shared
Guide.
Secrets" in