Extend the schema to add the attributes for the limit of concurrent connections and the timestamp for a connection.
For eDirectory: The schema has to be extended and the attribute rights have to be set using the included .sch and .ldif files, which are found at SecureLogin\Tools\Schema\LDAP. The Concurrent_schema_extn.sch file is used to add the attributes to the schema, and the concurrent-rights.ldif file is used to extend the rights. These files can be extended as mentioned in the proceeding options.
The Concurrent_schema_extn.sch file can be used to extend the eDirectory schema with one of the following options:
ndssch (eDirectory schema extension utility): This is a Windows/ Linux executable. Type the following in the command shell:
ndssch <AdminDN> Concurrent_schema_extn.sch
For more information, see ndssch Utility.
ICE Tool (version 20503.02 or later): Execute the following command:
ice -S SCH -f Concurrent_schema_extn.sch -D LDAP -d <AdminDN> -w <password> -L <ServerCertificate>
For more information about ICE (NetIQ Import Conversion Export Utility), see NetIQ Import Conversion Export Utility in the eDirectory Administration guide.
The concurrent-rights.ldif file can be extended by using one of the following options:
ICE Tool (version 20503.02 or later): Execute the following command in eDirectory:
ice -S LDIF -f concurrent-rights.ldif -D LDAP -d <AdminDN> -w <password> -L <ServerCertificate>
For more information about ICE (NetIQ Import Conversion Export Utility), see NetIQ Import Conversion Export Utility in the eDirectory Administration guide.
LDAP Modify tool: Execute the following command in eDirectory:
ldapmodify -x -h <host ip address> -p 389 -D cn=admin,o=context -w password -f concurrent-rights.ldif
NOTE:LDIF and SCH files are not integrated with the ldapschema.exe file, but are bundled as separate files in SecureLogin\Tools\Schema\LDAP.
For Active Directory: The ConcurentSchema.exe file is used to extend the schema to add the required attributes to the schema. The default location for this file is SecureLogin\Tools\Schema\AD. To extend the schema, perform the following:
Run the Concurrentschema.exe file.
Select Extend Active Directory Schema.
Assign rights to the directory.
To set the attribute values, see Section 26.3, Setting the Attribute Values.
Click OK.
After the schema is extended, three new attributes are added to the list of attributes:
Protocom-SSO-Connections: This attribute stores the connection information, that is the IP address along with the timestamp. This attribute gets added when a user connects for the first instance.
Protocom-SSO-ConnectionLimit: This attribute stores the configuration parameter, indicating the number of concurrent connections that are allowed for the user.
Protocom-SSO-ConnectionTTL: This attribute stores the configuration parameter that indicates how long the connection information will be stored.