Installing the LDAP Schema for Microsoft Active Directory

If your LDAP server is Microsoft Active Directory, you must use Release 1.2 or later of the Integration Technologies Administrator, and you must install the LDAP schema for the Active Directory. The schema uses a different format for the relative distinguished name (RDN) that the Active Directory can recognize. The procedures in this section assume you have already installed the Active Directory on a Windows 2000 Domain Controller (DC).

To install the schema, follow these steps:

1. Enable schema updates. To be able to modify the schema, you must modify the registry key located at

   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

   Insert Schema Update Allowed as a REG_DWORD value into the registry, and set the value to 1 (or any other value greater than 0).

2. Edit the msadClassesAttrs.ldif file, provided with Integration Technologies. In the file, replace the string $SAS_CONTEXT$ with your active directory domain suffix. An example suffix is dc=mydomain,dc=mycompany,dc=com.

3. Import the classes and attributes. To perform the import and to create the log file in the current directory, run the following command on the Windows 2000 server from the MS-DOS command prompt:

   ldifde -i -f msadClassesAttrs.ldif

4. Determine where in the directory hierarchy you want to put the SAS entries. The SAS containers create a top level container named SAS. If you do not have a container for applications, then create a container (typically named Applications, although you can use any name) at the root level of the active directory. The top-level SAS container is installed in this container.

5. Edit the containers.ldif file. In the file, replace the string $SAS_CONTEXT$ with the container into which you want the SAS containers installed. Using the example values from Step 2, an example container name is cn=Applications, dc=mydomain,dc=mycompany,dc=com.

6. Create the containers. To create the SAS containers, run the following command on the Windows 2000 server:

   ldifde -i -f containers.ldif

7. Disable schema updates. Modify the registry key located at

   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters

   (the same key modified in Step 1). Set the value for Schema Update Allowed to 0.

After you install the schema updates, you must always provide the relative distinguished name when logging into the server through the Integration Technologies Administrator. In the User field of the Administrator's Login window, you must specify the distinguished name relative to the user base name that you specified when you installed the Administrator. Example logins include cn=username and c=us, cn=users, dn=mydomain. If you did not specify a user base name, you must specify the entire distinguished name, for example cn=username,cn=users,dc=mydomain,dc=mycompany,dc=com.