Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Installation Guide

1. Overview 2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory 2.2 Active Directory + ADAM or AD LDS 2.3 OpenLDAP 2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server 2.5 Novell eDirectory 2.6 IBM Tivoli Directory Server 2.7 Deploying a Workstation LDAP User Account
3 Installing Quest ESSO Controllers and Audit Databases 4 Installing and Configuring the Software Modules on the Workstations 5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication 7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO) 9 Installing Quest ESSO MSI Packages in Silent Mode Appendix A: Advanced Configuration: Audit Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

2.2.1 Extending the Schema of ADAM/AD LDS

In a command line console, change to the %WINDIR%\ADAM directory and type the following command for each of the provided .ldif files:
The provided .ldif file, which is located in the TOOLS\ESSODirectory\WGADAM directory.
ldifde is located in the %WINDIR%\ADAM directory.

2.2.2 Preparing the ADAM/AD LDS Instance Administrator Account

The Windows account you chose when setting the AD LDS instance to be the administrator of this instance (see the Before Starting of Section 2. Preparing the Storage of Security Data in the LDAP Directory) must have the SE_RESTORE_NAME privilege in the local computer policy. To do so, set this account in the Backup Operators local group of the local computer.

2.2.3 Setting ACLs on ADAM/AD LDS

1.
Edit the ACL-ADAM-EXTMGR.cmd file located in the TOOLS\ESSODirectory\WGADAM directory.
2.
In the ACL-ADAM-EXTMGR.cmd file, uncomment the following lines:
a)
set DSACLS=dsacls.exe or set DSACLS=%WINDIR%\ADAM\dsacls.exe, depending on your system:
If the Quest ESSO Controller is installed on Windows Server 2008, uncomment the following line:
set DSACLS=dsacls.exe
If the Quest ESSO Controller is not installed on Windows Server 2008, uncomment the following line:
set DSACLS=%WINDIR%\ADAM\dsacls.exe
b)
set HOSTNAME=myadamserver.domain.com:port
Replace myadamserver.domain.com with the fully qualified ADAM/AD LDS host name and TCP port.
3.
Copy the ACL-ADAM-EXTMGR.cmd file in the %WINDIR%\ADAM directory.
4.
In a command line console, change to the %WINDIR%\ADAM and run the ACL-ADAM-EXTMGR.cmd script.

2.2.4 Setting Indexes on ADAM/AD LDS Attributes

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating