Setting Up an LDAP Directory Server |
If your LDAP server is Microsoft Active Directory, you must use Release 1.2 or later of the Integration Technologies Administrator, and you must install the LDAP schema for the Active Directory. The schema uses a different format for the relative distinguished name (RDN) that the Active Directory can recognize. The procedures in this section assume you have already installed the Active Directory on a Windows 2000 Domain Controller (DC).
To install the schema, follow these steps:
Enable schema updates. To be able to modify the schema, you must modify the registry key located at
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
Insert Schema Update Allowed
as a REG_DWORD value into the registry, and set the value to 1
(or any other value greater than 0
).
Edit the msadClassesAttrs.ldif file, provided with Integration
Technologies. In the file, replace the string $SAS_CONTEXT$ with your active directory domain suffix. An example suffix is dc=mydomain,dc=mycompany,dc=com
.
Import the classes and attributes. To perform the import and to create the log file in the current directory, run the following command on the Windows 2000 server from the MS-DOS command prompt:
ldifde -i -f msadClassesAttrs.ldif
Determine where in the directory hierarchy you want to put the SAS entries. The SAS containers create a top level container named SAS. If you do not have a container for applications, then create a container (typically named Applications, although you can use any name) at the root level of the active directory. The top-level SAS container is installed in this container.
Edit the containers.ldif file. In the file, replace the string $SAS_CONTEXT$ with the container into which you want the SAS containers installed. Using the example values from Step 2, an example container name is cn=Applications, dc=mydomain,dc=mycompany,dc=com
.
Create the containers. To create the SAS containers, run the following command on the Windows 2000 server:
ldifde -i -f containers.ldif
Disable schema updates. Modify the registry key located at
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
(the same key modified in Step 1). Set the value forSchema Update Allowed
to 0
.
After you install the schema updates, you must always provide the
relative distinguished name when logging into the server through the
Integration Technologies Administrator.
In the User field of the Administrator's Login window, you must
specify the distinguished name relative to the user base name that you
specified when you installed
the Administrator. Example logins include cn=username
and c=us, cn=users, dn=mydomain
.
If you did not specify a user base name, you must specify the entire
distinguished name, for
example cn=username,cn=users,dc=mydomain,dc=mycompany,dc=com
.
Setting Up an LDAP Directory Server |