Limiting SecureLogin eDirectory connections

  • Document ID:7014188
  • Creation Date:26-Nov-2013
  • Modified Date:03-Dec-2013
    • Micro Focus Products:
      SecureLogin

Environment

Novell SecureLogin 7.0.3
NetIQ SecureLogin 8.x
Installed in eDir / LDAP mode

Situation

How to restrict users to accessing SecureLogin data from only one workstation at time. 
How to limit the number of connections to eDir held by a SecureLogin user
How to set the maximum number of concurrent connections to eDirectory for a SecureLogin user attaching via LDAP.

Resolution

Perform the following three steps:

1. On the LDAP server(s):
Extend the schema and grant appropriate rights.  This can be done with the .sch and .ldif files included with the SecureLogin installation files in the folder ...\SecureLogin\Tools\Schema\LDAP. Use the ICE tool on the following files:
 - Concurrent_schema_extn.sch  (adds the required attributes)
 - Concurrent-rights.ldif   (extends rights)
 
 
Four new attributes will be added:
Protocom-SSO-ConnectionLimit - Specifies the limited number of connections allowed
Protocom-SSO-ConnectionTimeToLive Time to live value in minutes
Protocom-SSO-Connections - contains the current active connections 
Protocom-SSO-ConnectionConfig - Since the above configuration can be inherited by users if set on containers, this attribute holds a "Yes / No" value specifying whether or not a user can inherit the configuration from higher up in the tree (similar to "Stop walking here").  

For more detail see "Setting up the Environment for Limiting Concurrent Connections."  For a complete list of SecureLogin LDAP schema extensions see the online documentation here

2. On the client workstations: 
Run regedit and create and set to 1 the DWORD value 
EnforceConcurrentConnections      under
HKLM\Software\Novell\Login\LDAP

3. In iManager with the SecureLogin SSO plugin:
Set the limit for the number of connections 
Define the desired time to live in minutes 

Additional Information

Note that these settings are only available in an eDirectory / LDAP environment. In an environment with the Novell Client SecureLogin will use the NCP connection established by the Novell Client.  To restrict NCP connections, use iManager to set the maximum connections on the "Login Restrictions" tab for the user or container.