Chat now with support
Chat with Support

Enterprise Single Sign-On 8.0.6 - Installation Guide

1. Overview 2. Preparing the Storage of Security Data in the LDAP Directory
2.1 Active Directory 2.2 Active Directory + ADAM or AD LDS 2.3 OpenLDAP 2.4 Netscape iPlanet / Sun Java System / Red Hat / Fedora Directory Server 2.5 Novell eDirectory 2.6 IBM Tivoli Directory Server 2.7 Deploying a Workstation LDAP User Account
3 Installing Quest ESSO Controllers and Audit Databases 4 Installing and Configuring the Software Modules on the Workstations 5 Enabling the Self Service Password Request (SSPR) Capability 6. Enabling OTP Authentication 7 Enabling the Group Membership Modification Feature 8 Centralizing Parameters Using Group Policy Objects (GPO) 9 Installing Quest ESSO MSI Packages in Silent Mode Appendix A: Advanced Configuration: Audit Appendix B: Activating Traces Appendix C: Retrieving the Serial Number on a MiFARE RFID Badge

2.3.3.2 Setting Indexes on Quest ESSO Specific Attributes

To set the indexes definitions for Quest ESSO specific attribute types, open the wiseguard-extmgr.indexes file. This file is located in TOOLS\ESSODirectory\WGOpenLdapSetup (in the Quest ESSO installation package). Just include it in your slapd.conf configuration file.
If you have several slapd.conf files, check that you specify the right one.

2.3.4 Integrating SAMBA

You can combine Quest ESSO with a SAMBA domain controller storing its data in an OpenLDAP server.
We provide slapd-samba-extmgr-sample.conf, a sample OpenLDAP configuration file showing how to integrate Quest ESSO ACLs and SAMBA ACLs. This file is located in TOOLS\ESSODirectory\WGOpenLdapSetup (in the Quest ESSO installation package).
SAMBA uses non-standard LDAP group entries, using the posixGroup objectClass, which is not handled by Quest ESSO in the default configuration. In order that Quest ESSO uses the SAMBA group objects, you must enable integration of SAMBA group objects in Quest ESSO. See 4.1.2, "Quest ESSO Configuration with a User Database or Directory other than Microsoft Active Directory" in Section 4.1, "Configuring Workstations".
If passwords are synchronized from the SAMBA controller to the OpenLDAP server (and not from OpenLDAP to SAMBA), you must enable password synchronization from the SAMBA controller to the OpenLDAP server in Quest ESSO. Thus, when a user changes his password, the password change operation will then use Microsoft APIs calls to the SAMBA controller, and not LDAP request to the OpenLDAP server, which would have caused a password desynchronization between SAMBA and OpenLDAP. See 4.1.2, "Quest ESSO Configuration with a User Database or Directory other than Microsoft Active Directory" in Section 4.1, "Configuring Workstations".

2.3.5 Configuring Secure Authentication

With OpenLDAP, Quest ESSO supports DIGEST-MD5 SASL mechanisms. This section explains how to configure Quest ESSO for DIGEST-MD5 with OpenLDAP.

2.3.6 Configuring Data Securization

Quest ESSO supports TLS and SSL, but it is strongly recommended to configure your LDAP directory to support TLS.
TLS: TLS activation. The following values are available:
0: TLS is not activated to secure Quest ESSO communications.
TLSDemand: configures the behavior in case of TLS failure when it is activated:
TLSVerifyServerCertificate: checks the server certificate.
TLSCACertificateFile: enter the path to the CA certificate file.
TLSCACertificatePassword: enter the password used if needed to open the CA certificate file.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating