1. Overview
1.1 The Quest ESSO Software Suite
1.2 Quest ESSO Architecture
1.3 Quest ESSO and Your Corporate LDAP Directory Infrastructure
2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory
3 Installing Quest ESSO Controllers and Audit Databases
2.1.1 Global Installation Process within an Active Directory Infrastructure
2.1.2 Extending the Schema and Setting ACLs
2.1.3 Setting Indexes on Active Directory Attributes (Optional)
2.1.4 Configuring Secure Authentication and Data Securization
2.2 Active Directory + ADAM or AD LDS
2.2.1 Extending the Schema of ADAM/AD LDS
2.2.2 Preparing the ADAM/AD LDS Instance Administrator Account
2.2.3 Setting ACLs on ADAM/AD LDS
2.2.4 Setting Indexes on ADAM/AD LDS Attributes
2.3 OpenLDAP
2.2.4.1 Setting Indexes on Standard Attributes
2.2.4.2 Setting Indexes on Quest ESSO Specific Attributes
2.2.5 Configuring Secure Authentication and Data Securization
2.3.1 Extending the Schema of an OpenLDAP Directory
2.3.2 Setting ACLs on an OpenLDAP Directory
2.3.3 Setting Indexes on OpenLDAP Attributes
2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server
2.3.3.1 Setting Indexes on Standard Attributes
2.3.3.2 Setting Indexes on Quest ESSO Specific Attributes
2.3.4 Integrating SAMBA
2.3.5 Configuring Secure Authentication
2.3.6 Configuring Data Securization
2.4.1. Extending the Schema of a Netscape iPlanet /Sun Java System /Red Hat / Fedora Directory Server
2.4.2 Setting ACLs on a Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server
2.4.3 Setting Indexes on Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server Attributes
2.5 Novell eDirectory
2.4.3.1 Setting Indexes on Standard Attributes
2.4.3.2 Setting Indexes on Quest ESSO Specific Attributes
2.4.4 Configuring Secure Authentication
2.4.5 Configuring Data Securization
2.5.1 Extending the Schema of a Novell eDirectory
2.5.2 Setting ACLs for Delegation (Optional)
2.5.3 Setting Indexes on Novell eDirectory Attributes
2.6 IBM Tivoli Directory Server
2.5.3.1 Setting Indexes on Standard Attributes
2.5.3.2 Setting Indexes on Quest ESSO Specific Attributes
2.5.4 Configuring Secure Authentication (Optional)
2.5.5 Configuring Data Securization
2.6.1 Extending the Schema of an IBM Tivoli Directory Server
2.6.2 Setting ACLs on an IBM Tivoli Directory Server
2.6.3 Setting Indexes on IBM Tivoli Directory Server Attributes
2.6.4 Configuring Secure Authentication
2.6.5 Configuring Data Securization
2.7 Deploying a Workstation LDAP User Account
3.1 Starting the Administration Tools window
3.2 Running the Default Objects Creation Tool
3.3 Initializing the Primary Controller
3.4 Initializing an Associated Controller
3.5 Publishing a New Token Data File
3.6 Defining Administrative Tokens for Self Service Password Request
3.7 Importing an External Key
3.8 Importing/Exporting the Controller Key
3.9 Installing and Configuring the Local Audit Database
4 Installing and Configuring the Software Modules on the Workstations
3.9.1 Installing the Provided Audit V2 MySQL Database Server
3.9.2 Creating Audit V2 Tables in an Existing Database
3.9.3 Setting up the Connection to the Local Audit Database
3.9.4 Updating the Audit Translation Data
3.10 Declaring the Technical Accounts Used by the Quest ESSO Controllers
3.11 Defining a Master Audit Database
3.12 Installing a Quest ESSO Controller
4.1 Configuring Workstations
5 Enabling the Self Service Password Request (SSPR) Capability
6. Enabling OTP Authentication
7 Enabling the Group Membership Modification Feature
8 Centralizing Parameters Using Group Policy Objects (GPO)
4.1.1 Quest ESSO Configuration with Active Directory
4.1.2 Quest ESSO Configuration with a User Database or Directory other than Microsoft Active Directory
4.2 Installing Microsoft Redistributables
4.3 Installing a Quest ESSO Client
4.4 Installing French Healthcare Smart Cards (CPS)
4.5 Installing Finger Vein Biometric Drivers
4.6 Modifying the Possible Domains List
8.1 Creating and Configuring Group Policy Objects Using an ADM File
8.2 Creating and Configuring Group Policy Objects Using ADMX Files (optional)
8.3 Description of the User Access Administrative Template (optional)
9 Installing Quest ESSO MSI Packages in Silent Mode
9.1 Installing Microsoft Redistributables in Silent Mode
9.2 Installing Quest ESSO Controller in Silent Mode
9.3 Installing Quest ESSO Client in Silent Mode
9.4 Installing Quest ESSO Web Server in Silent Mode
Appendix A: Advanced Configuration: Audit
A1 Audit Extension DLL Development Guide
Appendix B: Activating Traces
Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge
A.1.1 Structure of Audit Event: _WG_AUDITEVENT
A.1.2 Structure of Audit Configuration: _WG_AUDITCONFIG
A.1.3 Prototypes of Functions to Export
A.2 Audited Events
2.4.4 Configuring Secure Authentication
With Netscape iPlanet/Sun Java System/Red Hat/Fedora Directory Server, Quest ESSO supports DIGEST-MD5 SASL mechanisms. This section explains how to configure Quest ESSO for DIGEST-MD5 with Netscape iPlanet/Sun Java System/Red Hat/Fedora Directory Server.
 |
Depending on your directory version, to secure authentication in Quest ESSO it may be necessary to modify the password encryption method, so that the user password can be stored in clear text in your directory.
2.4.5 Configuring Data Securization
This section describes how to configure your LDAP directory to secure authentication information and other sensitive Quest ESSO data transmitted on the network.
Quest ESSO supports TLS and SSL, but it is strongly recommended to configure your LDAP directory to support TLS.
|
• |
TLS: TLS activation. The following values are available: |
|
• |
0: TLS is not activated to secure Quest ESSO communications. |
|
|
It is strongly recommended to set the TLS value to 2. |
|
• |
TLSDemand: configures the behavior in case of TLS failure when it is activated: |
|
• |
TLSVerifyServerCertificate: checks the server certificate. |
|
• |
TLSCACertificateFile: enter the path to the CA certificate file. |
|
• |
TLSCACertificatePassword: enter the password used if needed to open the CA certificate file. |
 |
2.5 Novell eDirectory
2.5.1 Extending the Schema of a Novell eDirectory
To extend the schema of a Novell eDirectory, the file wiseguard-schema.ldif is provided in the directory TOOLS\ESSODirectory\WGeDirectory of the Quest ESSO installation package. This contains the definition of the Quest ESSO objects.
|
• |
<host> is replaced by your LDAP server hostname. |
|
• |
<port> is replaced by the port number of your LDAP server. |
|
• |
<super-user DN> is replaced by the distinguished name of your directory super-user. |
|
• |
<super-user password> is replaced by the password of the super-user. |