6.4 Installation Overview

Before proceeding with installing Novell SecureLogin in ADAM mode, make sure that the following prerequisites are in place.

NOTE:Secure Workstation is not supported in ADAM installation of Novell SecureLogin.

If the ADAM instance is deployed by copying and running the adamconfig.exe file from another location, you need to copy the entire folder containing the ADAM schema and configuration files to the their preferred location. The ADAM Schema and configuration files must all be located in the same folder for the ADAM instance to successfully deploy.

The instructions in this section apply to the configuration of the ADAM instance stored and administered on a separate server than the Active Directory server domain controller. If your configuration does not separate the Active Directory server and the ADAM instance server, follow the instructions for both.

6.4.1 Creating a Network Service Account and Assigning Permissions to It

A service account is a user account that is created explicitly to provide a security context for services running on Microsoft Windows Server 2003. Application pools use service accounts to assign permissions to Web sites and applications running on Internet Information Services (IIS). Administrators can manage service accounts individually to determine the level of access for each application pool in a distributed environment.

Creating a Network Service account enables the ADAM instance. For information on creating the ADAM instance, see Section 6.5.1, Creating an ADAM Instance.

To create a Network Service account and assign permissions to it:

  1. Click Start > All Programs > Administrative Tools > Active Directory Users and Computers. The Active Directory Users and Computers page is displayed.

  2. Select View > Advanced Features. The Advanced Features option is enabled by default.

  3. Select the Domain Controllers folder and locate the Domain Controller of your single sign-on-enabled domain.

  4. Right-click the Domain Controller and select Properties. The [Domain] Properties page is displayed.

  5. Select the Security tab. If the Network Service account is not on the list of Group or user names, add it.

  6. Select the Network Service account.

  7. In the Permissions > for Administrators section, select Allow to Create All Child Objects.

  8. In the Permissions > for Administrators field, select Allow to Delete All Child Objects.

    NOTE:Selecting Delete All Child Objects has no effect for Novell SecureLogin, but allows the ADAM instance to be cleaned properly when it is uninstalled.

  9. Click OK to close the [Domain] Properties dialog box.

6.4.2 Configuring the ADAM Schema

Novell SecureLogin leverages the directory to store and manage Novell SecureLogin data. Six schema attributes are added to the directory schema. After the ADAM schema has been extended with these attributes the relevant containers, organizational units (ou) and user objects must be permitted to Read and Write Novell SecureLogin data. The Novell SecureLogin ADAM Configuration Wizard automatically extends the ADAM instance schema and assigns directory access permissions to selected objects.

There are the six Novell SecureLogin Single Sign-On attributes added to the directory schema:

  • Protocom-SSO-Auth-Data

  • Protocom-SSO-Entries

  • Protocom-SSO-SecurityPrefs

  • Protocom-SSO-Profile

  • Protocom-SSO-Entries-Checksum

  • Protocom-SSO-Security-Prefs-Checksum

For more information about the Novell SecureLogin schema attributes, see the Novell SecureLogin 6.1 SP1 Administration Guide.