Configuring DSfW as external data store for Novell Access Manager

  • 7009221
  • 22-Aug-2011
  • 25-Apr-2013

Environment

Novell Open Enterprise Server 11 SP1 (OE11SP1)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
DSFW

Situation

Kerberos authentication from NAM to DSfW for the user without UserPrincipalName(UPN) attribute fails.

Resolution

When a user is created using consoleOne or imanager, it does not get the UPN attribute by default.

With the latest oes2sp3 eDir patch, follow the steps to have a UPN populated by default when the user is created.

1. Apply the latest oes2sp3 eDir patch
2. In iManager or ConsoleOne select DSfW Domain root container
3. Add the adminDescription attribute with the value "dnsDomainName=UPNSuffix"
4. Restart ndsd on all the Domain Controllers

For ex:
DSfW domain container ou=dsfw,o=novell is modified to add
adminDescription attribute with value "dnsDomainName=dsfw.com".  Restart ndsd (rcndsd restart).
After restarting ndsd the newly created user will get the userPrincipalName: Newuser@dsfw.com

Existing users will get a UPN when the object gets modified.  If the existing user object has a UPN already populated, the value will be retained.

See TID 7004782 for more information.

Additional Information

Prior to the November 2012 Maintenance Patch the attribute to "dnsDomainName=UPNSuffix" was description.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.