Novell ACCESS MANAGER 3.1 SP2 - IDENTITY SERVER GUIDE 2010 Manual page 107

Directory Type: The type of LDAP directory. You can select eDirectory, Active Directory, or
Sun ONE. If you have installed an LDAP server plug-in, you can select the custom type that
you have configured it to use. For more information, see
developer.novell.com/documentation/nacm31/nacm_enu/data/bfg38fg.html).
If eDirectory has been configured to use Domain Services for Windows, eDirectory behaves
like Active Directory. When you configure such a directory to be a user store, its Directory
Type must be set to Active Directory for proper operation.
Install NMAS SAML method: (eDirectory only) Extends the schema on the eDirectory
server and installs an NMAS method. This method converts the Identity Server credentials to a
form understood by eDirectory. This method is required if you have installed Novell
SecretStore on the eDirectory server and you are going to use that SecretStore for Access
Manager secrets. If you select this option, make sure the admin you have configured for the
user store has sufficient rights to extend the schema and add objects to the tree.
For additional configuration steps required to use secrets, see
User Store for Secrets," on page
Enable Secret Store lock checking: (eDirectory only) Enables Access Manager to prompt
users for a passphrase when secrets are locked.
If Access Manager is sharing secrets with other applications and these applications are

using the security flag that locks secrets when a user's password is reset, you need to
enable this option.
If Access Manager is not sharing secrets with other applications, the secrets it is using are

never locked, and you do not need enable this option.
4 Under LDAP timeout settings, specify the following:
LDAP Operation: Specify how long in seconds a transaction can take before timing out.
Idle Connection: Specify how long in seconds before connections begin closing. If a
connection has been idle for this amount of time, the system creates another connection.
5 To specify a server replica, click New, then fill in the following fields:
For an eDirectory server, you should use a replica of the partition where the users reside.
Ensure that each LDAP server in the cluster has a valid read/write replica. One option is to
create a users partition (a partition that points to the OU containing the user accounts) and
reference this server replica.
Name: The display name for the LDAP directory server. If your LDAP directory is replicated
on multiple servers, use this name to identify a specific replica.
IP Address: The IP address of the LDAP directory server.
Port: The port of the LDAP directory server. Specify 389 for the clear text port, and 636 for the
encrypted port.
Use secure LDAP connections: Specifies that the LDAP directory server requires secure
(SSL) connections with the Identity Server.
This is the only configuration we recommend for the connection between the Identity Server
and the LDAP server in a production environment. If you use port 389, usernames and
passwords are sent in clear text on the wire.
This option must be enabled if you use this user store as a Novell SecretStore User Store
Reference in the Credential Profile details. (See
Security and Display Settings," on page
SecretStore User Store Reference, this option is enabled but not editable.
LDAP Server Plug-In (http://
109.
Section 13.3, "Configuring Credential Profile
300.) If you have specified that this user store is a
Section 3.1.4, "Configuring a
Configuring Local Authentication 107