Looking up users in another directory service

You can store user account data in the same directory server (DSS) as all other SafeLinx Server resources, or you can choose to look up or manage user account data in a separate enterprise directory service. If you choose to look up data in an enterprise directory service, you must first create a directory server resource for each enterprise directory service you want to use.

About this task

Configure whether user account data is stored in a separate directory service server (DSS) than all other SafeLinx Server resources or whether it is a separate enterprise directory service.

Procedure

  1. Make sure that you are logged in using the admin admin ID
  2. Edit the properties of the access manager.
  3. Click the User DSS tab.
  4. If you want to store user account data in the same directory service as specified on the SafeLinx Server DSS tab of the Access Manager properties, click Use SafeLinx Server directory server.
    If you want to retrieve user account data from enterprise directory servers, click Use enterprise directory server.
    Note: If you want to store user account data in a separate directory tree that is in the same DSS as other SafeLinx Server resources, it is considered an enterprise directory server. Make sure that you are using a separate suffix from all other SafeLinx Server resources for the user account data.
  5. When you use a SafeLinx Server directory server, specify a space-delimited list of object classes that are mapped to users and whether these object classes are used during Find operations.
  6. When you use an enterprise directory server, specify which directory servers you want used.

    The directory servers are displayed in alphabetical order and are used to retrieve account data in the order they are listed. If there is a particular sequence with which you want the SafeLinx Server to attempt to retrieve the data, either make sure that you name the servers in alphabetical order or manually edit the wgated.conf file and place them in the order you would prefer to have them used. This file is in /opt/hcl/SafeLinxServer on Linux. On Windows, this file is in the installation directoryC:\Program Files\HCL\SafeLinx Server by default.

    You can also choose to Extend records to include the SafeLinx Server schema. When you select this check box, each transaction is retrieved from and stored to the enterprise User record that includes the wlUser object class and attributes.

    In this case, make sure that these files are added to the enterprise schema definition for your installed DSS implementation:
    IBM® Directory and IBM® Tivoli® Directory
    wluser.ldif
    Sun ONE Directory Server (formerly iPlanet)
    iplanet-cm.wluser.ldif
    Red Hat Directory
    netscape-cm.wluser.at.conf and netscape-cm.wluser.oc.conf
    Open Source
    open-cm.wluser.conf

    These files are installed in the conf directory relative to the installation directory.

    You can also select whether the SafeLinx Server checks user records for the WgClient attribute. This attribute determines whether a user account is allowed to access the SafeLinx Server.

    When the Verify WgClient setting box is cleared, SafeLinx Server performs only lookup operations to the enterprise user records and nothing is changed in the enterprises DSS. When you choose not to Extend the records to include the schema, a local copy is maintained by the SafeLinx Server in which you can modify and display these users, but you cannot create new ones. Use the Find button to display these user records if you want to locally modify their properties.