Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Installation Guide

1. Overview 2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory 2.2 Active Directory + ADAM or AD LDS 2.3 OpenLDAP 2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server 2.5 Novell eDirectory 2.6 IBM Tivoli Directory Server 2.7 Deploying a Workstation LDAP User Account
3 Installing Quest ESSO Controllers and Audit Databases 4 Installing and Configuring the Software Modules on the Workstations 5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication 7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO) 9 Installing Quest ESSO MSI Packages in Silent Mode Appendix A: Advanced Configuration: Audit Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

2.1.3.1 Indexes on Standard Attributes

Since administrators can change the attributes used for this search by modifying the UserSearchFilter registry value, check if the attributes you choose are indexed.

2.1.3.2 Indexes on Quest ESSO Specific Attributes

If you want to use Web Access Manager with Quest ESSO, set the following attributes:

2.1.4 Configuring Secure Authentication and Data Securization

With Active Directory, Quest ESSO uses automatically the most secure available method. No configuration is needed.

2.2 Active Directory + ADAM or AD LDS

The use of ADAM/AD LDS with Quest ESSO allows you to store all Quest ESSO data (configuration objects, user security data, access information and so on) in the ADAM/AD LDS directory, while the users data remains in the enterprise Active Directory. In this case, no modification is made to the Active Directory (no schema extension, no ACL modification or object creation.)
The Audit Master Database, which contains the log entries of every individual Quest ESSO Controller. This concerns both user action log entries and administration action log entries. In this example, the local SQL Server databases of individual Quest ESSO Controllers are only used to store the audit events temporarily, before sending them to the Master base.
To set the Quest ESSO software architecture described above, do the following:
Quest ESSO Requirements
Choose Unique instance.
You must select an account in the Active Directory domain, not a local account.
In case of a multi domain architecture, you are advised to select an account with the Reset Password permission, to change the primary passwords of the Active Directory users. This permission is not mandatory if you do not need to use Quest ESSO Console to change user passwords (case of a Quest ESSO installation in session authentication mode for example).
This account must have the SE_RESTORE_NAME privilege. To be sure about it, add the user in the local Backup Operators group.
Import all LDIF files. The MS-User.LDF file is mandatory.
Quest ESSO uses the Kerberos protocol for authenticating to LDAP with ADAM/AD LDS servers. To avoid Kerberos-related problems, read carefully the following:
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating