Do I need to run NDSSchema.Exe when using SecretStore as the datastore?

  • 7940216
  • 19-Aug-2009
  • 15-Jan-2014

Environment

SecureLogin
SecureLogin SSO
All Versions
Novell Netware, eDirectory


Situation

Question

Do I need to run NDSSchema.Exe when using SecretStore mode or LDAP mode?

Resolution

Answer

Yes, whenever you use a Novell Directory as the SecureLogin data store, you must run NDSSchema.Exe (even when using LDAP mode and SecretStore mode) to extend the schema and assign rights so users can run SecureLogin.

In a Novell environment SecureLogin can be installed in eDirectory with SecretStore mode or eDirectory only mode. 

When SecureLogin is installed in either mode, you must run NDSSchema.Exe to extend the schema. In eDirectory only mode (no SecretStore) ALL SSO data including the user specific passphrase key, application usernames and passwords, SSO enabled applications and SecureLogin settings, is encrypted and stored in the Directory schema.

In SecretStore mode, SSO encrypted data such as the user specific passphrase key, SSO enabled applications and SecureLogin settings are stored in the schema, while actual logon credentials such as usernames and passwords are stored in SecretStore (i.e. only the actual application ""secrets"" are stored in SecretStore).