Chat now with support
Chat mit Support

Safeguard Authentication Services 5.1.1 - Upgrade Guide

Privileged Access Suite for Unix Introducing One Identity Safeguard Authentication Services Upgrade Windows components Configure Active Directory Configure Unix agent components Upgrade client components manually Getting started with Safeguard Authentication Services Troubleshooting

Schema Attributes

From the Control Center, select Preferences then Schema Attributes to view and update schema configurations. These attribute mappings can be customized:

Unix Attributes

The Unix schema attributes are fully customizable in Safeguard Authentication Services. The Unix Attributes section allows you to see which LDAP attributes are mapped to Unix attributes. You can modify this mapping to enable Safeguard Authentication Services to work with any schema configuration. To customize the mapping, you select a schema template or specify your own custom attributes. A schema template is a pre-defined set of common mappings which adhere to common schema extensions for storing Unix data in Active Directory.

From the Control Center, select Preferences | Schema Attributes. Click the Unix Attributes link in the upper right to display the Customize Schema Attributes dialog.

Safeguard Authentication Services supports the following schema templates if the required schema is installed:

Table 19: Unix schema attributes
Schema Template Description

Schemaless

A template that encodes Unix attribute data in an existing multi-valued attribute.

Windows R2

A template that uses attributes from the Windows 2003 R2 schema extension.

Services for Unix 2.0

A template that uses attributes from the SFU 2.0 schema extension.

Services for Unix 3.0

A template that uses attributes from the SFU 3.0 schema extension.

BEST PRACTICE: Use a schema designed for storing Unix data in Active Directory whenever possible. Schemas designed for storing Unix data in Active Directory include: Windows 2003 R2, SFU 2, and SFU 3. Only use "schemaless" or custom mappings if it is impossible to make schema extensions in your environment.

NOTE: If you are running Safeguard Authentication Services without an application configuration in your forest and your domain supports Windows R2, you can enable Safeguard Authentication Services to use the Windows R2 schema. However, note that some functionality provided by the Safeguard Authentication Services application configuration will be unavailable.

Active Directory schema extensions

Safeguard Authentication Services stores Unix identity and login information in Active Directory. One Identity designed Safeguard Authentication Services to provide support for the following standard Active Directory schema extensions.

Table 20: Active Directory schema extensions
Schema extension Description
Windows 2003 R2 Schema This schema extension is provided by Microsoft and adds support for the PosixAccount auxiliary class, used to store Unix attributes on user and group objects.
Services for Unix 2.0 Microsoft provides this schema extension with the Services for Unix 2.0 set of tools. It adds custom attributes to user and group objects, used to store Unix account information.
Services for Unix 3.0 Microsoft provides this schema extension with the Services for Unix 3.0 set of tools. It adds custom attributes to user and group objects, used to store Unix account information.

It is possible to customize the schema setup to work with any schema configuration with Safeguard Authentication Services. No schema extensions are necessary with the new "schemaless" storage feature. When you configure Safeguard Authentication Services for the first time, Safeguard Authentication Services attempts to auto-detect the best schema configuration for your environment. The schema configuration is a global application setting that applies to all Safeguard Authentication Services management tools and Unix agents. You can change the detected settings at any time using Control Center.

Configuring a custom schema mapping

If you do not have a schema that supports Unix data storage in Active Directory, you can configure Safeguard Authentication Services to use existing, unused attributes of users and groups to store Unix information in Active Directory.

To configure a custom schema mapping

  1. Open the Control Center and click Preferences then Schema Attributes on the left navigation pane.
  2. Click the Unix Attributes link in the upper right to display the Customize Schema Attributes dialog.
  3. Type the LDAP display names of the attributes that you want to use for Unix data. All attributes must be string-type attributes except User ID Number, User Primary Group ID, and Group ID Number, which may be integers. If an attribute does not exist or is of the wrong type, the border will turn red indicating that the LDAP attribute is invalid.

    NOTE: When customizing the schema mapping, ensure that the attributes used for User ID Number and Group ID Number are indexed and replicated to the global catalog.

  4. Click OK to validate and save the specified mappings in Active Directory.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen