5.2 Configuring in an AWS Managed Microsoft Active Directory Environment

Before you install SecureLogin, you must first extend the schema.

5.2.1 Extending the AWS Managed Microsoft Active Directory Schema

Schemas are used by AWS Managed Microsoft AD to structure and regulate the storage of directory data. With a valid LDAP Data Interchange Format (LDIF) file, schema extensions enable you to alter the schema of your AWS Managed Microsoft AD directory.

You must create an LDIF file before extending the schema. To create an LDIF file, perform the following:

  1. Copy the following code and paste in any text editor:

    #==================================================================
#
# This file contains SSO extensions for default ADAM schema.
# It should be imported with the following command:
#   ldifde -i -f sso-schema.ldf -s server:port -b username domain password -k -j . -c "CN=Configuration,DC=opennsl,DC=com" "#ConfigurationNamingContext"
#
#==================================================================

# Attributes

dn: CN=protocom-SSO-Entries,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: ntdsschemaadd
objectClass: attributeSchema
cn: protocom-SSO-Entries
attributeID: 1.2.840.113556.1.8000.60.1
attributeSyntax: 2.5.5.10
isSingleValued: FALSE
adminDescription: Protocom-SSO-Entries
oMSyntax: 4
lDAPDisplayName: protocom-SSO-Entries
systemOnly: FALSE


dn: CN=protocom-SSO-Auth-Data,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: ntdsschemaadd
objectClass: attributeSchema
cn: protocom-SSO-Auth-Data
attributeID: 1.2.840.113556.1.8000.60.2
attributeSyntax: 2.5.5.10
isSingleValued: FALSE
adminDescription: protocom-SSO-Auth-Data
oMSyntax: 4
lDAPDisplayName: protocom-SSO-Auth-Data
systemOnly: FALSE


dn: CN=protocom-SSO-Security-Prefs,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: ntdsschemaadd
objectClass: attributeSchema
cn: protocom-SSO-Security-Prefs
attributeID: 1.2.840.113556.1.8000.60.3
attributeSyntax: 2.5.5.10
isSingleValued: FALSE
adminDescription: protocom-SSO-Security-Prefs
oMSyntax: 4
lDAPDisplayName: protocom-SSO-Security-Prefs
systemOnly: FALSE


dn: CN=protocom-SSO-Entries-Checksum,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: ntdsschemaadd
objectClass: attributeSchema
cn: protocom-SSO-Entries-Checksum
attributeID: 1.2.840.113556.1.8000.60.5
attributeSyntax: 2.5.5.10
isSingleValued: FALSE
adminDescription: protocom-SSO-Entries-Checksum
oMSyntax: 4
lDAPDisplayName: protocom-SSO-Entries-Checksum
systemOnly: FALSE


dn: CN=protocom-SSO-Security-Prefs-Checksum,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: ntdsschemaadd
objectClass: attributeSchema
cn: protocom-SSO-Security-Prefs-Checksum
attributeID: 1.2.840.113556.1.8000.60.6
attributeSyntax: 2.5.5.10
isSingleValued: FALSE
adminDescription: protocom-SSO-Security-Prefs-Checksum
oMSyntax: 4
lDAPDisplayName: protocom-SSO-Security-Prefs-Checksum
systemOnly: FALSE


dn: CN=protocom-SSO-Profile,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: ntdsschemaadd
objectClass: attributeSchema
cn: protocom-SSO-Profile
attributeID: 1.2.840.113556.1.8000.60.7
attributeSyntax: 2.5.5.1
isSingleValued: TRUE
adminDescription: protocom-SSO-Profile
oMSyntax: 127
lDAPDisplayName: protocom-SSO-Profile
systemOnly: FALSE

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

# Classes

dn: CN=User,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: modify
add: mayContain
mayContain: protocom-SSO-Entries
mayContain: protocom-SSO-Auth-Data
mayContain: protocom-SSO-Security-Prefs
mayContain: protocom-SSO-Entries-Checksum
mayContain: protocom-SSO-Security-Prefs-Checksum
mayContain: protocom-SSO-Profile
-

dn: CN=Container,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: modify
add: mayContain
mayContain: protocom-SSO-Entries
mayContain: protocom-SSO-Auth-Data
mayContain: protocom-SSO-Security-Prefs
mayContain: protocom-SSO-Entries-Checksum
mayContain: protocom-SSO-Security-Prefs-Checksum
mayContain: protocom-SSO-Profile
-

dn: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=opennsl,DC=com
changetype: modify
add: mayContain
mayContain: protocom-SSO-Entries
mayContain: protocom-SSO-Auth-Data
mayContain: protocom-SSO-Security-Prefs
mayContain: protocom-SSO-Entries-Checksum
mayContain: protocom-SSO-Security-Prefs-Checksum
mayContain: protocom-SSO-Profile
-

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-

  2. Update all instances of DC=opennsl, DC=com with DC=<domain name>,DC=<domain extension> as per your requirement.

  3. Save the file with .ldif extension.

  4. Perform the steps as mentioned in Extend your schema to complete the schema extension process.