Environment
Self Service Password Reset
SSPR 3.x
SSPR 3.x
SSPR 4.x
Situation
What attributes does SSPR add to the directory schema?
What changes are made to the schema by executing SSPR ldif files?
What schema extensions are added when ssprADSschema.exe is run?
What changes are made to the schema by executing SSPR ldif files?
What schema extensions are added when ssprADSschema.exe is run?
Resolution
SSPR adds the following to the diretory schema:
Object Class:
pwmUser - defines the user as an SSPR user
Attributes:
pwmEventLog - allows logging events for the user
pwmResponseSet - answers to challenge response questions
pwmLastPwdUpdate - date of the last password update made through SSPR
Depending on the LDAP directory the following attributes may also be added:
pwmGUID - unique identifier assigned to the SSPR user.
pwmToken - used with one time password configuration
pwmOtpSecret - used with one time password configuration
Object Class:
pwmUser - defines the user as an SSPR user
Attributes:
pwmEventLog - allows logging events for the user
pwmResponseSet - answers to challenge response questions
pwmLastPwdUpdate - date of the last password update made through SSPR
Depending on the LDAP directory the following attributes may also be added:
pwmGUID - unique identifier assigned to the SSPR user.
pwmToken - used with one time password configuration
pwmOtpSecret - used with one time password configuration
Additional Information
Note that it is not not necessary to extend the schema to use SSPR with Active Directory. There are three options for installing SSPR on Active Directory - database mode, schema mode, and RDBMS mode. Only schema mode requires the AD schema to be extended.
For more detail see "Setting up Your Environment" in the online documentation at https://www.netiq.com/documentation/sspr3/adminguide/data/b14gnfe6.html
The LDIF files that ship with SSPR also show the schema extensions to be made. Select the file for the appropriate directory. These LDIF files are found in the ...\supplemental\ldif directory. Note that, unlike eDirectory or other directories, AD Schema extensions are not made with an LDIF, but by running ssprADSschema.exe from the directory ...\supplemental\Schema\AD.
For more detail see "Setting up Your Environment" in the online documentation at https://www.netiq.com/documentation/sspr3/adminguide/data/b14gnfe6.html
The LDIF files that ship with SSPR also show the schema extensions to be made. Select the file for the appropriate directory. These LDIF files are found in the ...\supplemental\ldif directory. Note that, unlike eDirectory or other directories, AD Schema extensions are not made with an LDIF, but by running ssprADSschema.exe from the directory ...\supplemental\Schema\AD.