Directory Configuration Guide
|
|
- Kelley Smith
- 8 years ago
- Views:
Transcription
1 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0 Date of Issue: June 2006
2 Copyright 2006 Entrust. All rights reserved. Entrust is a trademark or a registered trademark of Entrust, Inc. in certain countries. All Entrust product names and logos are trademarks or registered trademarks of Entrust, Inc. in certain countries. All other company and product names and logos are trademarks or registered trademarks of their respective owners in certain countries. This information is subject to change as Entrust reserves the right to, without notice, make changes to its products as progress in engineering or manufacturing methods or circumstances may warrant. Export and/or import of cryptographic products may be restricted by various regulations in various countries. Export and/or import permits may be required. 2 Entrust IdentityGuard 8.1 Directory Configuration Guide
3 Table of contents About this guide About Entrust IdentityGuard Repository considerations Estimating repository size LDAP attributes and classes Gathering your configuration data Documentation conventions Note and Attention text Related documentation Obtaining documentation Documentation feedback Obtaining technical assistance Technical support Professional Services CHAPTER 1 Configuring Active Directory and Active Directory Application Mode Preparing Active Directory Choosing your configuration method Setting users and privileges Configuring Active Directory with LDIF files Configuring Active Directory manually Configuring the index attributes Creating a custom administrator Creating a user to store policies
4 CHAPTER 2 Configuring Critical Path Directory Preparing the Critical Path Directory Choosing your configuration method Configuring the Critical Path Directory with LDIF files Configuring the Critical Path Directory manually Synchronizing the indexes after an upgrade Creating a user to store policies Configure the directory size limit CHAPTER 3 Configuring IBM Tivoli Directory Server Preparing the Tivoli Directory Choosing your configuration method Configuring the Tivoli Directory with LDIF files Configuring the Tivoli Directory manually Creating a user to store policies CHAPTER 4 Configuring Novell edirectory Preparing the Novell edirectory Choosing your configuration method Configuring the Novell edirectory with LDIF files Configuring the Novell edirectory manually Creating a user to store policies CHAPTER 5 Configuring Sun ONE Directory Preparing the Sun ONE Directory Choosing your configuration method Configuring the Sun ONE Directory with LDIF files Configuring the Sun ONE Directory manually Creating a user to store policies Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
5 Index
6 6 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
7 About this guide This guide provides instructions on how to configure Entrust IdentityGuard 8.1 to operate with Active Directory, Active Directory Application Mode (ADAM), Critical Path Directory, IBM Tivoli Directory Server, Novell edirectory, and Sun ONE Directory. This chapter includes the following sections: About Entrust IdentityGuard on page 8 Repository considerations on page 9 Gathering your configuration data on page 18 Documentation conventions on page 20 Related documentation on page 21 Obtaining documentation on page 22 Obtaining technical assistance on page 23 7
8 About Entrust IdentityGuard Installing Entrust IdentityGuard 8.1 allows you to add the benefits of multifactor authentication to your primary authentication method. Entrust IdentityGuard 8.1 provides multifactor authentication to help organizations counter identity theft by making it more difficult for attackers to steal users online identities. It addresses the real-world demands for strong authentication, making it easier to use while helping to reduce deployment and management costs. Note: You must follow and complete the instructions in this configuration guide dedicated to your specific directory before you install Entrust IdentityGuard. For information about installing and configuring Entrust IdentityGuard 8.1, refer to the refer to the Entrust IdentityGuard Installation Guide. 8 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
9 Repository considerations This section provides information that applies to all repositories supported by Entrust IdentityGuard. Entrust IdentityGuard uses data stored in your LDAP directory. Each time an Entrust IdentityGuard operation requires a user s information, Entrust IdentityGuard searches the LDAP directory. The directory must exist and you should populate it with users before you install Entrust IdentityGuard, though you can add users later. (Entrust IdentityGuard does not create directory entries for users.) Ensure your users exist under a single base DN in the directory tree, unless you plan to take advantage of the multiple search bases feature in Entrust IdentityGuard. Ensure the LDAP User DN used by Entrust IdentityGuard to connect to the repository has sufficient privileges to make changes to the user objects. Before you install Entrust IdentityGuard, you must prepare the LDAP directory. Each chapter in this guide gives details specific to a directory type. Attention: Back up your repository before you load or update the Entrust IdentityGuard schema. Restoring your directory from backup files enables you to undo changes made by any errors, as well as recover from system failures. Estimating repository size No two repositories will be the same. The number of policies, groups, administrators and users will vary as will the attributes assigned to each and the authentication methods used. You can calculate the approximate disk space requirements using the statistics below. Note: Information for all policies, groups, grouplists, and roles is stored in a single entry in the LDAP repository. In contrast, each user and administrator has a separate entry in the LDAP repository. Table 1: LDAP repository size Information type Attribute names Data requirement Global policy entrustigglobalpolicy 0.5 KB. About this guide 9
10 Table 1: LDAP repository size Information type Policy Attribute names entrustigpolicylist, entrustigpasswordpolicy, entrustigtemppinspec, entrustigcardspec, entrustiguserspec Data requirement 2.5 KB per policy spread across the attributes. Roles entrustigroledata 1.5 KB per role. Groups entrustiggroupdata 0.5 KB per group. Group List entrustiggrouplistdata 0.5 KB per group list. User Administrator entrustigcontents, entrustigtemporarypin, entrustiguserinfomac, entrustigauthsecrets, entrustigcreatedate, entrustigexpirydate, entrustiggroup, entrustigserialnumber, entrustigstate, entrustigusernumber, entrustiglockoutcount, entrustiglockoutexpirydate, entrustigaliases, entrustigchallenge, entrustigchallengecount, entrustigleastusedcellusagecount, entrustigcardusagethresholdindicator entrustigtokenserialnumber entrustigtokens entrustigtokenstate entrustigtokenloaddate entrustigtokenlastuseddate entrustigadmindata, entrustiggroup, entrustiggrouplist, entrustigrole 1.5 KB minimum per user with one card, one temporary PIN and one alias. Most data is in the first four attributes listed. Others contain values used for searching. 0.5 KB per user for each additional 5 by 10 card. 0.5 KB per user for each token the user has. More space is needed for comment attributes, extra aliases, card usage tracking (when enabled), and knowledge-based authentication. Up to 1 MB per user (controlled by policy) when authentication secrets are included. 0.5 KB per administrator. Most data is in the entrustigadmindata attribute. Others contain values used for searching. 10 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
11 For information on creating policies, groups, administrators and users, refer to the Entrust IdentityGuard Administration Guide. LDAP attributes and classes Entrust IdentityGuard uses specific directory attributes to store information in LDAP repositories. They are identified by their OID, as listed in Table 2. The Entrust IdentityGuard OID is (represented by IG, below). To determine an attribute s full OID, use the Entrust IdentityGuard OID plus the attribute number given in the table. For example, for entrustigcontents (IG.2.2), the full OID of the attribute is: When run, the LDIF files create the following attributes. If you do not use an LDIF file, you must create and configure them manually. Table 2: LDAP directory attributes Attribute Syntax OID Description entrustigserialnumber Multivalued IA5 string IG.2.1 Serial numbers of all cards belonging to the user. entrustigcontents Multivalued octet string IG.2.2 List of encrypted cards. entrustigstate Single-valued octet string IG.2.3 State of all cards belonging to the user. Multivalued IA5 string for IBM Tivoli entrustigcreatedate Multivalued generalized time IG.2.4 Creation dates of all cards belonging to the user. entrustigexpirydate Multivalued generalized time IG.2.5 Expiry dates of all cards belonging to the user. entrustigtemporarypin Single-valued octet string IG.2.6 Temporary PIN assigned to the user. entrustigusernumber Single-valued integer IG.2.7 Number assigned to the user by the Entrust IdentityGuard system. About this guide 11
12 Table 2: LDAP directory attributes Attribute Syntax OID Description entrustiguserinfomac Single-valued octet string IG.2.8 Information about the user required by the Entrust IdentityGuard system. entrustigchallenge Single-valued octet string IG.2.9 Challenge currently assigned to the user. entrustigcardspec Single-valued octet string IG.2.10 Entrust IdentityGuard system card specification. entrustigtemppinspec Single-valued octet string IG.2.11 Entrust IdentityGuard system temporary PIN specification. entrustigpasswordpolicy Single-valued octet string IG.2.12 Entrust IdentityGuard system password policy. entrustigadmindata Single-valued octet string IG.2.13 Information about an Entrust IdentityGuard administrator. entrustiglockoutcount Single-valued integer IG.2.14 Current lockout count for the user. entrustiglockoutexpirydata Single-valued generalized time IG.2.15 Date at which the user's lockout expires. entrustigglobalpolicy Single-valued octet string IG.2.16 Global policy information. entrustigpolicylist Single-valued octet string IG.2.17 Definition of all system policies. entrustiguserspec Single-valued octet string IG.2.18 User specification policy objects. entrustigrole Single-valued integer IG.2.19 Role of the administrator. entrustigroledata Single-valued octet string IG.2.20 Definition of all roles. 12 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
13 Table 2: LDAP directory attributes Attribute Syntax OID Description entrustiggroup Single-valued integer IG.2.21 Identifier of the group to which a user or administrator is assigned. entrustiggroupdata Single-valued octet string IG.2.22 Definition of all groups. entrustiggrouplist Single-valued integer IG.2.23 Identifier of the group list assigned to an administrator. entrustiggrouplistdata Single-valued octet string IG.2.24 Definition of all group lists. entrustigaliases Multivalued string IG.2.25 Aliases identified with the user. entrustigchallengecount Single-valued integer IG.2.26 Number of challenges presented to the user during authentication. entrustigleastusedcellusageco unt Single-valued integer IG.2.27 Count of how often each card cell is used. entrustigcardusagethresholdin dicator Multivalued IA5 string IG.2.28 Number of times the user can use the card before Entrust IdentityGuard recommends a replacement. entrustigauthsecrets Single-valued octet string IG.2.29 Authentication secrets. entrustigtokenserialnumber Multivalued IA5 string IG.2.30 Token serial numbers. entrustigtokens Single-valued octet string IG.2.31 Encrypted token data with MAC checksum applied. entrustigtokenstate Multivalued IA5 string IG.2.32 Token state. About this guide 13
14 Table 2: LDAP directory attributes Attribute Syntax OID Description entrustigtokenloaddate Multivalued generalized time IG.2.33 Token load date. entrustigtokenlastuseddate Multivalued generalized time IG.2.34 Token last-used date. When run, the LDIF files create the following objects and attributes. If you do not use an LDIF file, you must create and configure them manually. By default, Entrust IdentityGuard adds these three object classes to directory entries as needed. To change the way Entrust IdentityGuard adds object classes, refer to the topic Configuring LDAP properties in the Entrust IdentityGuard Installation Guide. Table 3: LDAP object classes and attributes Name Attribute OID Description entrustiguser entrustigchallenge entrustigcontents entrustigcreatedate entrustigexpirydate entrustiggroup entrustigserialnumber entrustigstate entrustigtemporarypin entrustiguserinfomac entrustigusernumber entrustiglockoutcount entrustiglockoutexpirydate entrustigaliases entrustigchallengecount entrustigleastusedcellusagecount entrustigcardusagethresholdindicator entrustigauthsecrets entrustigtokenserialnumber entrustigtokens entrustigtokenstate entrustigtokenloaddate entrustigtokenlastuseddate IG.1.1 Object class added to an end user's LDAP directory entry to allow addition of the common Entrust IdentityGuard attributes. Entrust IdentityGuard adds these to all user entries in the LDAP directory. 14 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
15 Table 3: LDAP object classes and attributes Name Attribute OID Description entrustigpolicy entrustigcardspec, entrustigglobalpolicy, entrustiggroupdata, entrustiggrouplistdata, entrustigpasswordpolicy, entrustigpolicylist, entrustigroledata, entrustigtemppinspec, entrustiguserspec IG.1.2 Object class that allows the addition of the Entrust IdentityGuard policy to an LDAP directory entry. There is only one such entry. entrustigadmin entrustigadmindata, entrustiggroup, entrustiggrouplist, entrustigrole IG.1.3 Object class that identifies an Entrust IdentityGuard administrator within the system. The following attributes have special requirements for determining their ordering and matching. When run, the LDIF files set the correct ordering. If you do not use an LDIF file, you must create and configure them manually. This does not apply to Active Directory and ADAM. Table 4: LDAP matching and ordering Attribute entrustigserialnumber entrustigcontents entrustigstate entrustigcreatedate entrustigexpirydate Matching and ordering rules Configure for case-ignored IA5 string and substring matching. Configure for octet string matching. Configure for octet string matching for most directories. For IBM Tivoli Directory only, configure for case-ignored IA5 string and substring matching. Configure for generalized time matching and ordering. Configure for generalized time matching and ordering. About this guide 15
16 Table 4: LDAP matching and ordering Attribute entrustigtemporarypin entrustigusernumber entrustiguserinfomac entrustigchallenge entrustigcardspec entrustigtemppinspec entrustigpasswordpolicy entrustigadmindata entrustiglockoutcount entrustiglockoutexpirydate entrustigglobalpolicy entrustigpolicylist entrustiguserspec entrustigrole entrustigroledata entrustiggroup entrustiggroupdata entrustiggrouplist entrustiggrouplistdata entrustigaliases entrustigchallengecount Matching and ordering rules Configure for octet string matching. Configure for integer matching and ordering. Not supported for indexing on IBM Tivoli Directory. Configure for octet string matching. Configure for octet string matching. Configure for octet string matching. Configure for octet string matching. Configure for octet string matching. Configure for octet string matching. Configure for integer matching. Configure for generalized time matching and ordering. Configure for octet string matching. Configure for octet string matching. Configure for octet string matching. Configure for integer matching. Configure for octet string matching. Configure for integer matching. Configure for octet string matching. Configure for integer matching. Configure for octet string matching. Configure for case-ignored string and substring matching. Configure for integer matching and integer ordering 16 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
17 Table 4: LDAP matching and ordering Attribute entrustigleastusedcellusagecount entrustigcardusagethresholdindicator entrustigauthsecrets entrustigtokenserialnumber entrustigtokens entrustigtokenstate entrustigtokenloaddate entrustigtokenlastuseddate Matching and ordering rules Configure for integer matching and integer ordering. Configure for case-ignored IA5 string and substring matching. Configure for octet string matching. Configure for case-ignored IA5 string and substring matching. Not used in ordering and matching Configure for case-ignored IA5 string and substring matching. Configure for generalized time matching and ordering. Configure for generalized time matching and ordering. About this guide 17
18 Gathering your configuration data This section describes how to prepare for installation of Entrust IdentityGuard once you have completed the configuration steps documented in the following chapters. The Entrust IdentityGuard Server installer will ask configuration questions or present options that have a direct relationship to the configuration settings you make. As you go through the configuration steps, gather the data needed to answer those installation questions as listed in the following table. Table 5: Entrust IdentityGuard configuration data Configuration data Will you be using SSL to connect to the LDAP server? LDAP host LDAP port number LDAP base DN LDAP user DN LDAP password LDAP policy RDN Description If you answer yes to this question, you will need to provide information on the SSL certificate (file name, owner, issuer, serial number, valid-from date, and certificate fingerprints). For more information on securing LDAP connections with SSL, refer to the Entrust IdentityGuard Installation Guide. Provide the name of the computer where your LDAP repository resides. Provide the port used by your LDAP repository. The default port is 389 for a non-ssl connection and 636 for an SSL connection Provide the DN under which the Entrust IdentityGuard policy entry is found. Provide the DN or ID of the user that Entrust IdentityGuard will use to connect to the LDAP repository. The DN must have administrator privileges. For most LDAP repositories, enter the DN in the format: cn=directory Manager For Active Directory, enter the user DN in the format: AdminUser@domain.com Provide the password of the user that Entrust IdentityGuard will use to connect to the LDAP repository. Specify the user entry in the LDAP repository used to store Entrust IdentityGuard policy information. See the section entitled Creating a user to store policies in the chapter specific to your directory for more details. 18 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
19 Table 5: Entrust IdentityGuard configuration data Configuration data Generalized Time format LDAP user name attribute Description Does your LDAP repository support subseconds as part of generalized time data? Once you install Entrust IdentityGuard, ensure that you correctly set the identityguard.ldap.generalizedtimewithsubsecs property in the identitygaurd.properties file. For a Novell edirectory repository, set this to false. Set it to true for other repositories. Each user entry in the directory must have an existing attribute that Entrust IdentityGuard can use as a unique user name. Specify the LDAP attribute that identifies Entrust IdentityGuard users. For the primary search base, or in the case of a single search base, the attribute is usually: samaccountname for Active Directory CN (common name) or uid for ADAM and all other supported repositories For additional search bases, use a different attribute that provide a unique ID. Also see Configuring additional search bases in the Entrust IdentityGuard Installation Guide. The Entrust IdentityGuard Server installer will also ask for the type of repository to use. Select Active Directory for an Active Directory or ADAM repository. Select LDAP all other supported repositories. About this guide 19
20 Documentation conventions Following are typographic conventions which appear in this guide: Table 6: Typographic conventions Convention Purpose Example Bold text (other than headings) Italicized text Blue text Underlined blue text Courier type Angle brackets < > Square brackets [courier type] Indicates graphical user interface elements and wizards. Used for book or document titles. Used for hyperlinks to other sections in the document. Used for Web links. Indicates installation paths, file names, Windows registry keys, commands, and text you must enter. Indicates variables (text you must replace with your organization s correct values). Indicates optional parameters. Click Next. Entrust TruePass 7.0 Deployment Guide Entrust TruePass supports the use of many types of digital ID. For more information, visit our Web site at Use the entrust-configuration.xml file to change certain options for Verification Server. By default, the entrust.ini file is located in <install_path>/conf/security/entrust. ini. dsa passwd [-ldap] Note and Attention text Throughout this guide, there are paragraphs set off by ruled lines above and below the text. These paragraphs provide key information with two levels of importance, as shown below. Note: Information to help you maximize the benefits of your Entrust product. Attention: Issues that, if ignored, may seriously affect performance, security, or the operation of your Entrust product. 20 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
21 Related documentation Entrust IdentityGuard is supported by a complete documentation suite: For instructions on installing and configuring Entrust IdentityGuard Server, see the Entrust IdentityGuard Installation Guide. For instructions on administering Entrust IdentityGuard users and groups, see the Entrust IdentityGuard Administration Guide. For information on deploying Entrust IdentityGuard, refer to the Entrust IdentityGuard Deployment Guide. For information on configuring Entrust IdentityGuard to work with a supported LDAP repository Active Directory, Active Directory Application Mode, Critical Path InJoin Directory, IBM Tivoli Directory, Novell edirectory, or Sun ONE Directory see the Entrust IdentityGuard Directory Configuration Guide. For information on configuring Entrust IdentityGuard to work with a supported database IBM DB2 Universal Database, Microsoft SQL Server, or Oracle Database see the Entrust IdentityGuard Database Configuration Guide. For information on Entrust IdentityGuard error messages, see the Entrust IdentityGuard Error Messages. For information on new features, limitations and known issues in the latest release, see the Entrust IdentityGuard Release Notes. For information on integrating the authentication and administration processes of your applications with Entrust IdentityGuard, see the Entrust IdentityGuard Programming Guide that applies to your development platform (either Java Platform or C#). For Entrust IdentityGuard product information and a data sheet, go to For information on identity theft protection seminars, go to About this guide 21
22 Obtaining documentation Entrust product documentation, white papers, technical notes, and a comprehensive Knowledge Base are available through Entrust TrustedCare Online. If you are registered for our support programs, you can use our Web-based Entrust TrustedCare Online support services at: Documentation feedback You can rate and provide feedback about Entrust product documentation by completing the online feedback form. You can access this form by clicking the link located in the footer of Entrust s PDF documents (see bottom of this page). following this link: Feedback concerning documentation can also be directed to the Customer Support address: support@entrust.com 22 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
23 Obtaining technical assistance Entrust recognizes the importance of providing quick and easy access to our support resources. The following subsections provide details about the technical support and professional services available to you. Technical support Entrust offers a variety of technical support programs to help you keep Entrust products up and running. To learn more about the full range of Entrust technical support services, visit our Web site at: If you are registered for our support programs, you can use our Web-based support services. Entrust TrustedCare Online offers technical resources including Entrust product documentation, white papers and technical notes, and a comprehensive Knowledge Base at: If you contact Entrust Customer Support, please provide as much of the following information as possible: your contact information product name, version, and operating system information your deployment scenario description of the problem copy of log files containing error messages description of conditions under which the error occurred description of troubleshooting activities you have already performed Telephone numbers For support assistance by telephone call one of the numbers below: in North America outside North America address The address for Customer Support is: support@entrust.com About this guide 23
24 Professional Services The Entrust team assists e-businesses around the world to deploy and maintain secure transactions and communications with their partners, customers, suppliers and employees. We offer a full range of professional services to deploy our e-business solutions successfully for wired and wireless networks, including planning and design, installation, system integration, deployment support, and custom software development. Whether you choose to operate your Entrust solution in-house or subscribe to hosted services, Entrust Professional Services will design and implement the right solution for your e-business needs. For more information about Entrust Professional Services please visit our Web site at: 24 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
25 Chapter 1 Configuring Active Directory and Active Directory Application Mode This chapter provides instructions on how to configure Entrust IdentityGuard 8.1 to operate with Microsoft Active Directory and Active Directory Application Mode (ADAM). The Active Directory administrator must be involved in planning and carrying out specific tasks. 25
26 Preparing Active Directory This chapter includes the following sections: Choosing your configuration method on page 26 Setting users and privileges on page 26 Configuring Active Directory with LDIF files on page 27 Configuring Active Directory manually on page 30 Configuring the index attributes on page 31 Creating a custom administrator on page 31 Creating a user to store policies on page 32 Choosing your configuration method Before you install Entrust IdentityGuard, you must prepare your Active Directory or ADAM repository for use with Entrust IdentityGuard. Choose one of the following configuration methods: Use the LDIF files supplied with Entrust IdentityGuard to prepare the LDAP directory automatically. See Configuring Active Directory with LDIF files. Alternatively, you can prepare the LDAP directory manually. See Configuring Active Directory manually on page 30. Whatever configuration method you choose, some manual preparation is required for an upgrade. See Configuring the index attributes on page 31. For a new installation, also see Creating a user to store policies on page 32. Attention: Back up your repository before you load or update the Entrust IdentityGuard schema. Note: Complete the procedures in this guide before you install Entrust IdentityGuard. Setting users and privileges Ensure your users exist under a single base DN in the directory tree, unless you plan to take advantage of the multiple search bases feature. Entrust IdentityGuard will ask you for a base DN during installation. Entrust IdentityGuard requires directory credentials (a DN and password) to connect to the 26 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
27 directory. In the case of multiple search bases, enter the DN of the default search base. Configuring Active Directory or ADAM for use with Entrust IdentityGuard requires careful attention to the selection of the administrator user that Entrust IdentityGuard needs to connect to the repository. If you do not want to grant Entrust IdentityGuard the privileges associated with a standard administrator user, you can create one with lesser privileges. See Create a custom administrator later in this document. Also see Gathering your configuration data on page 18 for details about entering administrator information during configuration. Each user entry in the directory must have an existing attribute that Entrust IdentityGuard can use as a unique user identifier. (During installation, Entrust IdentityGuard will ask you for this attribute name.) For the primary search base, or in the case of a single search base, the attribute is typically samaccountname. For additional search bases, use a different attribute. Configuring Active Directory with LDIF files Entrust IdentityGuard uses several directory attributes to store information specific to Entrust IdentityGuard; so you need to modify your LDAP directory schema to define these attributes. The recommended method is to use one of the LDIF files included with the Entrust IdentityGuard installation package. The LDIF files set up the required attributes and auxiliary object classes automatically. To access LDIF files 1 Extract the applicable archive file for your operating system. Refer to the Entrust IdentityGuard Installation Guide for details. LDIF files for Active Directory and Active Directory Application Mode (ADAM) are available in the /IG_81/ldif directory included with the Entrust IdentityGuard installation package. You can access them without having to install Entrust IdentityGuard. If you are installing a new version of Entrust IdentityGuard, use the file activedirectory_v81_schema.ldif. If you are upgrading from version 8.0 of Entrust IdentityGuard, use the file activedirectory_v80_to_v81_upgrade.ldif. If you are upgrading from version 7.2 of Entrust IdentityGuard, use the file activedirectory_v7x_to_v81_upgrade.ldif. 2 Copy the applicable LDIF file to a folder named LDIF under the root folder on Windows, such as C:\LDIF. Configuring Active Directory and Active Directory Application Mode 27
28 Note: In Windows 2000, before you can modify the schema, you must set the following REG_DWORD key to a non-zero value: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Pa rameters\schema Update Allowed Create that registry key if it doesn t exist. In Windows 2003, don t set the key unless you encounter a problem with the schema. Refer to for further information. Loading the LDIF files To load the directory schema changes, log in with the correct privileges and run the Microsoft ldifde utility on the Active Directory server as described below. The procedures for Active Directory and ADAM are almost identical. To load the LDIF files 1 Log in to the Active Directory server as a member of the Schema Administrators group. (Typically the Enterprise Administrator is a member of this group.) 2 Locate and note the DN of the schema entry in your Active Directory. It will be something like this: CN=Schema,CN=Configuration,DC=<YourDomainName>,dc=com, where YourDomainName is the system reference to the schema. In the case of ADAM, the schema entry will be GUID number like this: 20154B22-09DE-41BC-8DEE-E12DFD7A66F3 For instructions on locating the correct DN, see Finding your DN on page For an ADAM installation, find and note the port number assigned to ADAM. It might not be the default Active Directory port 389. If ADAM is running on a domain controller, port 389 is probably assigned to Active Directory, not ADAM. 4 Open a command prompt. 5 Navigate to the correct installation folder. For an ADAM installation, change to the ADAM folder, as in: cd c:\windows\adam For an Active Directory installation, change to the system folder, as in: cd c:\windows\system32 6 Import the applicable LDIF file like this: ldifde -i -s <server> -c "DC=X" "DC=<YourDomainName>,dc=com" -f C:\LDIF\<ldif-file> -t 389 Where: 28 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
29 -i turns on import mode (the default is export). -s <server> names the domain controller used by the import operation. By default, ldifde uses the domain controller on which it is installed; so this option may not be needed. -c specifies the location of the directory schema. Change YourDomainName to the DN information you noted in Step 2. At run time, the DC=X value is replaced by the resolved value entered for YourDomainName. -f specifies the location and name of the new or upgrade LDIF file. -t specifies the LDAP port number. For an Active Directory installation, run the ldifde command without the -t option. For an ADAM installation, use the -t option to specify a port if ADAM is not running on port 389. The default port is 389 for a non-ssl connection and 636 for an SSL connection. If you get the error message 0x202b A referral was returned from the server," it indicates the value you set for YourDomainName on the -c option is not correct. Finding your DN The following section shows to ways to find the DN of the schema entry in your Active Directory. The first example uses the ldp.exe utility available on Windows 2000 and The second example uses the same utility you execute to install the LDIF files. To find a DN using ldp.exe 1 Run the ldp.exe file. 2 Select Connection > Connect. 3 Enter the name of your Active Directory server. 4 Verify that the port setting is correct. 5 Click OK. 6 Look for the line beginning with CN=Schema in the list of information the utility generates. This line gives the complete DN of your Active Directory. For more information on this utility, see the article Using Ldp.exe to Find Data in the Active Directory available at: To find a DN using ldifde 1 Enter the following command: ldifde -d "" -s localhost -p base -l schemanamingcontext -f output.txt Where: Configuring Active Directory and Active Directory Application Mode 29
30 -d is the search base to search. The empty string "" indicates the root entry. -s names the location where ldifde will search. -p base specifies the scope of the search. -l lists of attributes to return. In this case, just schemanamingcontext. 2 Open the output.txt file. It contains the value for schemanamingcontext, which is the DN you need. For more information on this utility, see: Once you successfully load the LDIF file for a new installation, follow the instructions under Creating a user to store policies on page 32. Configuring Active Directory manually The procedure below applies if you did not import an Entrust IdentityGuard LDIF file, as described above in Configuring Active Directory with LDIF files on page 27. Entrust IdentityGuard uses several directory attributes to store information. Modify your LDAP directory schema to define these attributes following the steps in this section. To configure the LDAP directory manually 1 Use your schema configuration tool to add attributes with the names and types listed in Table 2 on page 11. Note: There are five new attributes related to tokens numbers IG.2.30 to 34 in Table 2 on page 11. For an upgrade to 8.1, add these attributes. 2 Modify your LDAP schema so that the Entrust IdentityGuard attributes can be added to existing user entries. Typically, this is done by adding them as optional attributes of an existing object class. Since Active Directory does not allow the object class of user entries to be changed, you must update the Active Directory schema by adding the Entrust IdentityGuard specific object classes as auxiliary classes. When added as auxiliary classes, they are associated with the User class. This allows Entrust IdentityGuard to add the attributes in the Entrust IdentityGuard object classes to the users. Manually add the object classes and their attributes listed in Table 3 on page 14. Specify all attributes as optional (that is, use the MAY CONTAIN option). Note: There are five new attributes related to tokens numbers IG.2.30 to 34 in Table 2 on page 11. For an upgrade to 8.1, add these to the entrustiguser object as optional items. 30 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
31 3 Create an LDAP user DN that has read, write, and modify access to your directory entries using simple LDAP authentication. Entrust IdentityGuard uses this account to modify user information. (See Creating a custom administrator on page 31.) With an Active Directory domain, these changes will take effect when Active Directory updates its memory cache (within approximately five minutes). Optionally, you can use the Schema Management plug-in to force a reload of the cache or you can restart the server. The schema changes will replicate to other domains in the forest after a time that depends on your Active Directory configuration. Configuring the index attributes Indexes can improve search performance in a large repository. For a new installation or upgrade of Entrust IdentityGuard, configure the attributes entrustiggroup and entrustigaliases for indexing by setting their searchflags attribute to 1. For example, the entrustigaliases attribute configuration would look something like this: dn: CN=entrustIGAliases,CN=Schema,CN=Configuration,DC=X changetype: add objectclass: top objectclass: attributeschema ldapdisplayname: entrustigaliases issinglevalued: FALSE omsyntax: 64 attributeid: attributesyntax: searchflags: 1 Creating a custom administrator The administrator user that Entrust IdentityGuard uses to connect to the repository must have sufficient privileges to make changes to the user and policy objects. Applicable administrator user types are: account operators administrators domain administrators enterprise administrators Configuring Active Directory and Active Directory Application Mode 31
32 If you do not want to grant Entrust IdentityGuard the privileges associated with standard administrator user types, follow the steps below. (This procedure requires the dsacls utility. It is part of the Windows support tools installed from the Windows installation CD.) To create a custom user 1 Log in as domain administrator. 2 Create a user object in the directory. a In the Active Directory Users and Computers administration console, create an ordinary user (for example, igdiradmin). No special group membership is required. b Set the cn and samaccountname attribute to the new user (that is, igdiradmin). c Assign a password to this user. d Close the console. 3 Run the dsacls command: a Open a command prompt. b Navigate to the Windows support tools folder. c Enter the dsacls command using the following syntax: dsacls <search base> /I:T /G <UPN>:GA Where: search base is your primary search base where Entrust IdentityGuard data is stored. The entry should follow this format: ou=igexample,dc=ig4,dc=people,dc=entrust,dc=com. /I:T indicates that all existing and future subobjects will inherit this permission. UPN is the new user principal name that Entrust IdentityGuard will use to connect to the repository. The entry should follow this format: igdiradmin@ig4.people.entrust.com. GA sets the generic-all privilege. 4 Repeat the dsacls command for each search base (ou) or branch that is not inside the primary search base. Creating a user to store policies Once you complete the automatic or manual configuration for a new installation, you must create a directory user, which Entrust IdentityGuard will use to store policies. Create this entry under the same base DN as the default search base used by Entrust IdentityGuard. Give the user a recognizable name, such as IG Policy. 32 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
33 Create the user with the same kind of object class you used for existing users in the directory. A typical Active Directory object class in this case is organizationalperson; though any entry derived from the Person object class will do. Note: Later, during Entrust IdentityGuard installation, you will be asked to supply the LDAP policy RDN. This is the name of the user you just created, relative to the base DN. For example, if all the users exist under the base DN dc=remote,dc=companyone,dc=com and the DN of the policy user is cn=ig Policy,dc=Remote,dc=CompanyOne,dc=com, then provide cn=ig Policy as the LDAP policy RDN during installation. Your LDAP directory is now configured to work with Entrust IdentityGuard. Configuring Active Directory and Active Directory Application Mode 33
34 34 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
35 Chapter 2 Configuring Critical Path Directory This chapter provides instructions on how to configure Entrust IdentityGuard 8.1 to operate with Critical Path Directory. The Critical Path Directory administrator must be involved in planning and carrying out specific tasks. 35
36 Preparing the Critical Path Directory This chapter includes the following sections: Choosing your configuration method on page 36 Configuring the Critical Path Directory with LDIF files on page 36 Configuring the Critical Path Directory manually on page 38 Synchronizing the indexes after an upgrade on page 39 Creating a user to store policies on page 40 Configure the directory size limit on page 40 Choosing your configuration method Before you install Entrust IdentityGuard, you must prepare your LDAP directory for use with Entrust IdentityGuard. Choose one of the following configuration methods: Use the LDIF files supplied with Entrust IdentityGuard to prepare the LDAP directory automatically. See Configuring the Critical Path Directory with LDIF files on page 36. Alternatively, you can prepare the LDAP directory manually. See Configuring the Critical Path Directory manually on page 38. Whatever configuration method you choose, some manual preparation is required for an upgrade. See Synchronizing the indexes after an upgrade on page 39. For a new installation, also see Creating a user to store policies on page 40. Attention: Back up your repository before you load or update the Entrust IdentityGuard schema. Note: Complete the procedures in this guide before you install or upgrade Entrust IdentityGuard. Configuring the Critical Path Directory with LDIF files Entrust IdentityGuard uses several directory attributes to store information specific to Entrust IdentityGuard; so, you need to modify your LDAP directory schema to define these attributes. 36 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
37 The recommended method is to use one of the LDIF files included with the Entrust IdentityGuard installation package. The LDIF files set up the required attributes automatically. To access LDIF files 1 Extract the applicable archive file for your operating system. Refer to the Entrust IdentityGuard Installation Guide for details. LDIF files for Critical Path Directory are available under the /IG_81/ldif directory included with the Entrust IdentityGuard installation package. You can access them without having to install Entrust IdentityGuard. If you are installing a new version of Entrust IdentityGuard, use the file criticalpath_v81_schema.ldif. If you are upgrading from version 8.0 of Entrust IdentityGuard, use the file criticalpath_v80_to_v81_upgrade.ldif. Loading the LDIF files To load the directory schema changes, run ldapmodify on the Critical Path Directory server as described below. The ldapmodify command opens a connection to an LDAP server, and modifies or adds entries. Note: Before you run ldapmodify, ensure that the Critical Path Directory is running. If not, use the odsstart command to start it. To load the LDIF files 1 With the Critical Path Directory running, open a command window. 2 Navigate to the directory where the Critical Path ldapmodify tool is located. The location varies depending on the operating system. In Windows, look in the folder c:\program Files\CriticalPath\CPDS\bin. 3 Import the applicable LDIF file like this: ldapmodify -h cp42.entrust.com -p 389 -D "cn=directory Manager" -w ldappass -f <ldif-file> Where: -h specifies the LDAP host name. -p specifies the LDAP port number. The default port is 389 for a non-ssl connection and 636 for an SSL connection. -D specifies a directory administrator who has authority to update the schema. Configuring Critical Path Directory 37
38 -f specifies the name of the LDIF file. It can be a fully-qualified path name. -w specifies the password used for simple authentication. ldif-file is the name of the new or upgrade LDIF file. Configuring the Critical Path Directory manually All procedures in this section apply only if you did not import an Entrust IdentityGuard LDIF file, as described above in Configuring the Critical Path Directory with LDIF files on page 36. Entrust IdentityGuard uses several directory attributes to store information. If you do not use an LDIF file to modify your directory, you must manually modify your LDAP directory schema to define these attributes following the steps in this section. View the applicable LDIF to see how to set the attributes. If you are upgrading from an earlier version of Entrust IdentityGuard, review these steps and follow those that apply. To configure the LDAP directory manually 1 Use your schema configuration tool to add attributes with the names and types listed in Table 2 on page 11. Note: There are five new attributes related to tokens numbers IG.2.30 to 34 in Table 2 on page 11. For an upgrade to 8.1, add these attributes. 2 Configure those attributes for ordering and matching as shown in Table 4 on page The following attributes must be optimized for indexing so that Entrust IdentityGuard can look them up in the directory. Make sure you configure them as listed below. Table 7: LDAP indexing Attribute entrustigusernumber entrustiguserinfomac entrustigadmindata entrustiggroup entrustigaliases Indexing rules Match on ordering, invert on value. Invert on type. Invert on type. Invert on value. Invert on value. 38 Entrust IdentityGuard 8.1 Directory Configuration Guide Document issue: 1.0
39 4 Manually add the object classes and their attributes listed in Table 3 on page 14. Specify all attributes as optional (that is, use the MAY CONTAIN option). Note: There are five new attributes related to tokens numbers IG.2.30 to 34 in Table 2 on page 11. For an upgrade to 8.1, add these to the entrustiguser object as optional items. 5 Create an LDAP user DN that has read, write, and modify access to your directory entries using simple LDAP authentication. Entrust IdentityGuard uses this account to modify Entrust IdentityGuard user information. Synchronizing the indexes after an upgrade If you are upgrading from a previous version of Entrust IdentityGuard, complete the following procedure. This is required to synchronize and update the search indexes. It applies whether you prepare the LDAP directory manually or use an LDIF file. 1 From the Start menu, select Programs > Critical Path > CP Directory Server > CPDS Icon. 2 At the prompt, enter the icon manager name and password. The icon Session login screen appears. 3 Enter the directory administrator DN and password. Note: As noted in the icon documentation, many special characters are not allowed in passwords, including (but not limited to) quotes, numbers signs, forward and backward slashes, and common currency symbols. 4 On the left-hand menu, click schema. 5 On the upper menu bar, click attributes. 6 In the attribute search field, type entrustiggroup and click the Find attribute button. 7 In the attribute list returned, select the entrustiggroup entry. 8 Scroll down and ensure that the equality option in the inv column is selected. 9 Click the Change attribute button. 10 Repeat steps 5 through 9 for the entrustigaliases attribute. 11 On the upper menu bar, click attributes. 12 In the attribute search field, type entrustigchallengecount and click the Find attribute button. 13 In the attribute list returned, select the entrustigchallengecount entry. Configuring Critical Path Directory 39
Database Configuration Guide
Entrust IdentityGuard 8.1 Database Configuration Guide Document issue: 1.0 Date of Issue: June 2006 Copyright 2006 Entrust. All rights reserved. Entrust is a trademark or a registered trademark of Entrust,
More informationEntrust. Entrust IdentityGuard 8.1. Deployment Guide. Document issue: 2.0. Date of Issue: April 2007
Entrust Entrust IdentityGuard 8.1 Deployment Guide Document issue: 2.0 Date of Issue: April 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a trademark or a registered trademark of Entrust,
More informationUsing LDAP Authentication in a PowerCenter Domain
Using LDAP Authentication in a PowerCenter Domain 2008 Informatica Corporation Overview LDAP user accounts can access PowerCenter applications. To provide LDAP user accounts access to the PowerCenter applications,
More informationEntrust Certificate Services for Adobe CDS
Entrust Certificate Services Entrust Certificate Services for Adobe CDS Getting Started Guide Entrust SafeNet Authentication Client: 8.3 Date of issue: July 2015 Document issue: 3.0 Revisions Issue and
More informationTroubleshooting Active Directory Server
Proven Practice Troubleshooting Active Directory Server Product(s): IBM Cognos Series 7 Area of Interest: Security Troubleshooting Active Directory Server 2 Copyright Copyright 2008 Cognos ULC (formerly
More informationIdentityGuard 8.1 Programming Guide for the.net Framework
Entrust IdentityGuard 8.1 Programming Guide for the.net Framework Document issue: 2.0 Date of Issue: April 2007 2007 Entrust. All rights reserved. Entrust is a trademark or a registered trademark of Entrust,
More informationNovell Identity Manager
AUTHORIZED DOCUMENTATION Driver for LDAP Implementation Guide Novell Identity Manager 3.6.1 December 04, 2009 www.novell.com Legal Notices Novell, Inc. makes no representations or warranties with respect
More informationInstallation and Configuration Guide
Entrust Managed Services PKI Auto-enrollment Server 7.0 Installation and Configuration Guide Document issue: 1.0 Date of Issue: July 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark
More informationManaging users. Account sources. Chapter 1
Chapter 1 Managing users The Users page in Cloud Manager lists all of the user accounts in the Centrify identity platform. This includes all of the users you create in the Centrify for Mobile user service
More informationEntrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates
Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights
More informationCopyright 2012 Trend Micro Incorporated. All rights reserved.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationLifeSize Control Installation Guide
LifeSize Control Installation Guide April 2005 Part Number 132-00001-001, Version 1.0 Copyright Notice Copyright 2005 LifeSize Communications. All rights reserved. LifeSize Communications has made every
More informationIntegration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services
SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information
More informationConfiguring Microsoft Active Directory 2003 for Net Naming. An Oracle White Paper September 2008
Configuring Microsoft Active Directory 2003 for Net Naming An Oracle White Paper September 2008 NOTE: The following is intended to outline our general product direction. It is intended for information
More informationConfiguring Microsoft Active Directory for Oracle Net Naming. An Oracle White Paper April 2014
Configuring Microsoft Active Directory for Oracle Net Naming An Oracle White Paper April 2014 Configuring Microsoft Active Directory for Oracle Net Naming Introduction... 3 Steps to Configure Active Directory...
More informationServer Installation Guide ZENworks Patch Management 6.4 SP2
Server Installation Guide ZENworks Patch Management 6.4 SP2 02_016N 6.4SP2 Server Installation Guide - 2 - Notices Version Information ZENworks Patch Management Server Installation Guide - ZENworks Patch
More informationEntrust Managed Services PKI
Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.
More informationActive Directory Adapter with 64-bit Support Installation and Configuration Guide
IBM Security Identity Manager Version 6.0 Active Directory Adapter with 64-bit Support Installation and Configuration Guide SC27-4384-02 IBM Security Identity Manager Version 6.0 Active Directory Adapter
More informationBlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services
QUICKStart Guide Integrating Active Directory Lightweight Services 2010 CRYPTOCard Corp. All rights reserved. http://www.cryptocard.com Trademarks CRYPTOCard, CRYPTO Server, CRYPTO Web, CRYPTO Kit, CRYPTO
More informationMcAfee Endpoint Encryption for PC 7.0
Migration Guide McAfee Endpoint Encryption for PC 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,
More informationIntegrating WebSphere Portal V8.0 with Business Process Manager V8.0
2012 Integrating WebSphere Portal V8.0 with Business Process Manager V8.0 WebSphere Portal & BPM Services [Page 2 of 51] CONTENTS CONTENTS... 2 1. DOCUMENT INFORMATION... 4 1.1 1.2 2. INTRODUCTION... 5
More informationRSA Authentication Manager 7.1 Basic Exercises
RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo
More informationAttix5 Pro Plug-ins. V6.2 User Manual. Cover. for Microsoft Windows. Your guide to installing and using Attix5 Pro plug-ins. Last updated: 2011/10
Attix5 Pro Plug-ins V6.2 User Manual Cover for Microsoft Windows Your guide to installing and using Attix5 Pro plug-ins. Last updated: 2011/10 SERVER EDITION V6.0 for MICROSOFT WINDOWS Copyright Notice
More informationRSA Authentication Manager 7.1 Administrator s Guide
RSA Authentication Manager 7.1 Administrator s Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA
More informationInstallation and Configuration Guide
Installation and Configuration Guide BlackBerry Resource Kit for BlackBerry Enterprise Service 10 Version 10.2 Published: 2015-11-12 SWD-20151112124827386 Contents Overview: BlackBerry Enterprise Service
More informationStep- by- Step guide to extend Credential Sync between IBM WebSphere Portal 8.5 credential vault and Active Directory 2012 using Security Directory
Step- by- Step guide to extend Credential Sync between IBM WebSphere Portal 8.5 credential vault and Active Directory 2012 using Security Directory Integrator (ex TDI) on Red- Hat (part 3) Summary STEP-
More informationCertificate Management Service 9.7
Entrust Certificate Services Certificate Management Service 9.7 User Guide Document issue: 1.0 Date of issue: October 2010 Copyright 2008-2010 Entrust. All rights reserved. Entrust is a trademark or a
More informationProxySG TechBrief LDAP Authentication with the ProxySG
ProxySG TechBrief LDAP Authentication with the ProxySG What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned
More informationModifying the Active Directory Schema to Support Mac Systems
Modifying the Active Directory Schema to Support Mac Systems Strategies and Best Practices for Planning, Testing, and Deploying the Mac Successfully in Your Enterprise October 2009 2 Contents Page 3 Page
More informationDESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014
DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...
More informationSonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore
SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore Document Scope This solutions document describes how to configure and use the Microsoft Exchange User Mailbox Backup and Restore feature
More informationApplication Note. SA Server and ADAM
Application Note SA Server and ADAM Solution Overview All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and
More informationMGC WebCommander Web Server Manager
MGC WebCommander Web Server Manager Installation and Configuration Guide Version 8.0 Copyright 2006 Polycom, Inc. All Rights Reserved Catalog No. DOC2138B Version 8.0 Proprietary and Confidential The information
More informationUpgrade Guide BES12. Version 12.1
Upgrade Guide BES12 Version 12.1 Published: 2015-02-25 SWD-20150413111718083 Contents Supported upgrade environments...4 Upgrading from BES12 version 12.0 to BES12 version 12.1...5 Preupgrade tasks...5
More informationSpector 360 Deployment Guide. Version 7.3 January 3, 2012
Spector 360 Deployment Guide Version 7.3 January 3, 2012 Table of Contents Deploy to All Computers... 48 Step 1: Deploy the Servers... 5 Recorder Requirements... 52 Requirements... 5 Control Center Server
More informationSynchronization Agent Configuration Guide
SafeNet Authentication Service Synchronization Agent Configuration Guide 1 Document Information Document Part Number 007-012476-001, Revision A Release Date July 2014 Trademarks All intellectual property
More informationOracle Enterprise Single Sign-On Provisioning Gateway. Administrator's Guide Release 11.1.2 E27317-02
Oracle Enterprise Single Sign-On Provisioning Gateway Administrator's Guide Release 11.1.2 E27317-02 August 2012 Oracle Enterprise Single Sign-On Provisioning Gateway, Administrator's Guide, Release 11.1.2
More informationNovell ZENworks 10 Configuration Management SP3
AUTHORIZED DOCUMENTATION Software Distribution Reference Novell ZENworks 10 Configuration Management SP3 10.3 November 17, 2011 www.novell.com Legal Notices Novell, Inc., makes no representations or warranties
More informationsafend a w a v e s y s t e m s c o m p a n y
safend a w a v e s y s t e m s c o m p a n y SAFEND Data Protection Suite Installation Guide Version 3.4.5 Important Notice This guide is delivered subject to the following conditions and restrictions:
More informationTSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:
TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link: ftp://ftp.software.ibm.com/storage/tivoli-storagemanagement/maintenance/client/v6r2/windows/x32/v623/
More informationCentral Security Server
Central Security Server Installation and Administration Guide Release 12.3 Please direct questions about {Compuware Product} or comments on this document to: Customer Support https://community.compuwareapm.com/community/display/support
More informationHow To Take Advantage Of Active Directory Support In Groupwise 2014
White Paper Collaboration Taking Advantage of Active Directory Support in GroupWise 2014 Flexibility and interoperability have always been hallmarks for Novell. That s why it should be no surprise that
More informationInstalling and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management
IBM Tivoli Software Maximo Asset Management Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management Document version 1.0 Rick McGovern Staff Software Engineer IBM Maximo
More informationAudit Management Reference
www.novell.com/documentation Audit Management Reference ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of
More informationIntroduction... 1. Installing and Configuring the LDAP Server... 3. Configuring Yealink IP Phones... 30. Using LDAP Phonebook...
Introduction... 1 Installing and Configuring the LDAP Server... 3 OpenLDAP... 3 Installing the OpenLDAP Server... 3 Configuring the OpenLDAP Server... 4 Configuring the LDAPExploreTool2... 8 Microsoft
More informationUsing Entrust certificates with Microsoft Office and Windows
Entrust Managed Services PKI Using Entrust certificates with Microsoft Office and Windows Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark
More informationMcAfee One Time Password
McAfee One Time Password Integration Module Outlook Web App 2010 Module version: 1.3.1 Document revision: 1.3.1 Date: Feb 12, 2014 Table of Contents Integration Module Overview... 3 Prerequisites and System
More informationRSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide
RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationTivoli Access Manager Agent for Windows Installation Guide
IBM Tivoli Identity Manager Tivoli Access Manager Agent for Windows Installation Guide Version 4.5.0 SC32-1165-03 IBM Tivoli Identity Manager Tivoli Access Manager Agent for Windows Installation Guide
More informationVMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1
VMware vcenter Configuration Manager Backup and Disaster Recovery Guide vcenter Configuration Manager 5.4.1 This document supports the version of each product listed and supports all subsequent versions
More informationWebSphere Business Monitor V7.0: Clustering Single cluster deployment environment pattern
Copyright IBM Corporation 2010 All rights reserved WebSphere Business Monitor V7.0: Clustering Single cluster deployment environment pattern What this exercise is about... 2 Exercise requirements... 2
More informationWhatsUp Gold v16.3 Installation and Configuration Guide
WhatsUp Gold v16.3 Installation and Configuration Guide Contents Installing and Configuring WhatsUp Gold using WhatsUp Setup Installation Overview... 1 Overview... 1 Security considerations... 2 Standard
More informationUser Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream
User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner
More informationCopyright 2013 Trend Micro Incorporated. All rights reserved.
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,
More informationAddress Synchronization Tool Administrator Guide
Address Synchronization Tool Administrator Guide This guide is for systems administrators configuring the Address Synchronization Tool to update the information used by MessageLabs in the provision of
More informationEnterprise Vault Installing and Configuring
Enterprise Vault Installing and Configuring Enterprise Vault 6.0 Legal Notice Copyright 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, VERITAS, the VERITAS Logo, and Enterprise
More informationConfiguration Guide. BES12 Cloud
Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need
More informationTechnical Integration Guide for Entrust IdentityGuard 9.1 and Citrix Web Interface using RADIUS
Technical Integration Guide for Entrust IdentityGuard 9.1 and Citrix Web Interface using RADIUS Document issue: 2.0 August 2009 Entrust is a registered trademark of Entrust, Inc. in the United States and
More informationAuthentication in XenMobile 8.6 with a Focus on Client Certificate Authentication
Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication Authentication is about security and user experience and balancing the two goals. This document describes the authentication
More informationVERITAS Backup Exec TM 10.0 for Windows Servers
VERITAS Backup Exec TM 10.0 for Windows Servers Quick Installation Guide N134418 July 2004 Disclaimer The information contained in this publication is subject to change without notice. VERITAS Software
More informationPortions of this product were created using LEADTOOLS 1991-2009 LEAD Technologies, Inc. ALL RIGHTS RESERVED.
Installation Guide Lenel OnGuard 2009 Installation Guide, product version 6.3. This guide is item number DOC-110, revision 1.038, May 2009 Copyright 1992-2009 Lenel Systems International, Inc. Information
More informationThe following gives an overview of LDAP from a user's perspective.
LDAP stands for Lightweight Directory Access Protocol, which is a client-server protocol for accessing a directory service. LDAP is a directory service protocol that runs over TCP/IP. The nitty-gritty
More informationQUANTIFY INSTALLATION GUIDE
QUANTIFY INSTALLATION GUIDE Thank you for putting your trust in Avontus! This guide reviews the process of installing Quantify software. For Quantify system requirement information, please refer to the
More informationDigipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide
Digipass Plug-In for IAS IAS Plug-In IAS Microsoft's Internet Authentication Service Installation Guide Disclaimer of Warranties and Limitations of Liabilities Disclaimer of Warranties and Limitations
More informationSonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore
SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore Document Scope This solutions document describes how to configure and use the Microsoft Exchange InfoStore Backup and Restore feature in
More informationvcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3
vcenter Configuration Manager Backup and Disaster Recovery Guide VCM 5.3 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationRSA Authentication Manager 7.0 Administrator s Guide
RSA Authentication Manager 7.0 Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers. RSA Security Inc. www.rsa.com Trademarks
More informationEntrust Managed Services PKI Administrator Guide
Entrust Managed Services PKI Entrust Managed Services PKI Administrator Guide Document issue: 3.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered
More informationPrepared By Imanami Technical Communications Team
Installation Guide Published By Imanami Corporation 2301 Armstrong St. Suite 211 Livermore, CA 94551, United States Copyright 2010 by Imanami Corporation. All rights reserved. No part of this document
More informationSophos for Microsoft SharePoint startup guide
Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning
More informationSafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012
SafeGuard Enterprise Web Helpdesk Product version: 6 Document date: February 2012 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Helpdesk
More informationStep-by-Step Guide to Active Directory Bulk Import and Export
Page 1 of 12 TechNet Home > Windows Server TechCenter > Identity and Directory Services > Active Directory > Step By Step Step-by-Step Guide to Active Directory Bulk Import and Export Published: September
More informationDocuShare Installation Guide
DocuShare Installation Guide Publication date: February 2011 This document supports DocuShare Release 6.6.1 Prepared by: Xerox Corporation DocuShare Business Unit 3400 Hillview Avenue Palo Alto, California
More informationSynchronization Tool. Administrator Guide
Synchronization Tool Administrator Guide Synchronization Tool Administrator Guide Documentation version: 1.5 Legal Notice Legal Notice Copyright 2013 Symantec Corporation. All rights reserved. Symantec,
More informationBitrix Site Manager ASP.NET. Installation Guide
Bitrix Site Manager ASP.NET Installation Guide Contents Introduction... 4 Chapter 1. Checking for IIS Installation... 5 Chapter 2. Using An Archive File to Install Bitrix Site Manager ASP.NET... 7 Preliminary
More informationNovell Identity Manager
Driver for Active Directory* Implementation Guide AUTHORIZED DOCUMENTATION Novell Identity Manager 3.6.1 July 01, 2010 www.novell.com Identity Manager 3.6.1 Driver for Active Directory Implementation Guide
More informationECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7
ECAT SWE Exchange Customer Administration Tool SWE - Exchange Customer Administration Tool (ECAT) Table of Contents About this Guide... 3 Audience and Purpose... 3 What is in this Guide?... 3 CA.mail Website...
More informationhttp://docs.trendmicro.com/en-us/smb/hosted-email-security.aspx
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationSafeGuard Enterprise Administrator help
SafeGuard Enterprise Administrator help Product version: 5.60 Document date: April 2011 Contents 1 The SafeGuard Management Center...4 2 Log on to the SafeGuard Management Center...5 3 Operating steps
More informationSTATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER
Notes: STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER 1. These instructions focus on installation on Windows Terminal Server (WTS), but are applicable
More informationEmbarcadero Performance Center 2.7 Installation Guide
Embarcadero Performance Center 2.7 Installation Guide Copyright 1994-2009 Embarcadero Technologies, Inc. Embarcadero Technologies, Inc. 100 California Street, 12th Floor San Francisco, CA 94111 U.S.A.
More informationAvatier Identity Management Suite
Avatier Identity Management Suite Migrating AIMS Configuration and Audit Log Data To Microsoft SQL Server Version 9 2603 Camino Ramon Suite 110 San Ramon, CA 94583 Phone: 800-609-8610 925-217-5170 FAX:
More informationDIGIPASS CertiID. Getting Started 3.1.0
DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express
More informationSafeGuard Enterprise Web Helpdesk
SafeGuard Enterprise Web Helpdesk Product version: 5.60 Document date: April 2011 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Help Desk
More informationWebSpy Vantage Ultimate 2.2 Web Module Administrators Guide
WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide This document is intended to help you get started using WebSpy Vantage Ultimate and the Web Module. For more detailed information, please see
More informationConfiguring idrac6 for Directory Services
Configuring idrac6 for Directory Services Instructions for Setting Up idrac6 with Active Directory, Novell, Fedora, OpenDS and OpenLDAP Directory Services. A Dell Technical White Paper Dell Product Group
More informationHP D2D NAS Integration with HP Data Protector 6.11
HP D2D NAS Integration with HP Data Protector 6.11 Abstract This guide provides step by step instructions on how to configure and optimize HP Data Protector 6.11 in order to back up to HP D2D Backup Systems
More informationUser Source and Authentication Reference
User Source and Authentication Reference ZENworks 11 www.novell.com/documentation Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,
More informationPriveonLabs Research. Cisco Security Agent Protection Series:
Cisco Security Agent Protection Series: Enabling LDAP for CSA Management Center SSO Authentication For CSA 5.2 Versions 5.2.0.245 and up Fred Parks Systems Consultant 3/25/2008 2008 Priveon, Inc. www.priveonlabs.com
More informationAdministrator s Guide
Administrator s Guide Directory Synchronization Client Websense Cloud Products v1.2 1996 2015, Websense, Inc. All rights reserved. 10900 Stonelake Blvd, 3rd Floor, Austin, TX 78759, USA First published
More informationPOLICY PATROL MFT. Manual
POLICY PATROL MFT Manual MANUAL Policy Patrol MFT This manual, and the software described in this manual, are copyrighted. No part of this manual or the described software may be copied, reproduced, translated
More informationHow To Backup A Database In Navision
Making Database Backups in Microsoft Business Solutions Navision MAKING DATABASE BACKUPS IN MICROSOFT BUSINESS SOLUTIONS NAVISION DISCLAIMER This material is for informational purposes only. Microsoft
More informationDell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide
Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.
More informationOracle Enterprise Manager. Description. Versions Supported
Oracle Enterprise Manager System Monitoring Plug-in Installation Guide for Microsoft SQL Server Release 10 (4.0.3.1.0) E14811-03 June 2009 This document provides a brief description about the Oracle System
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationHow To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log
WatchGuard Certified Training Fireware XTM Advanced Active Directory Authentication Courseware: Fireware XTM and WatchGuard System Manager v11.7 Revised: January 2013 Updated for: Fireware XTM v11.7 Disclaimer
More informationReconfiguring VMware vsphere Update Manager
Reconfiguring VMware vsphere Update Manager vsphere Update Manager 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationInterworks. Interworks Cloud Platform Installation Guide
Interworks Interworks Cloud Platform Installation Guide Published: March, 2014 This document contains information proprietary to Interworks and its receipt or possession does not convey any rights to reproduce,
More informationTable of Contents. CHAPTER 1 About This Guide... 9. CHAPTER 2 Introduction... 11. CHAPTER 3 Database Backup and Restoration... 15
Table of Contents CHAPTER 1 About This Guide......................... 9 The Installation Guides....................................... 10 CHAPTER 2 Introduction............................ 11 Required
More informationCertificates for computers, Web servers, and Web browser users
Entrust Managed Services PKI Certificates for computers, Web servers, and Web browser users Document issue: 3.0 Date of issue: June 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark
More information