Schema updates for external LDAP servers
When adding Secure SD-WAN Manager-specific LDAP classes and attributes to the schema of external LDAP servers, see the following tables.
The Secure SD-WAN Manager-specific attribute and class names start with “sg”. The classes are listed in the following table.
Class | Description |
---|---|
sggroup | Secure SD-WAN Manager user group |
sguser | Secure SD-WAN Manager user account |
The Secure SD-WAN Manager-specific attributes are listed in the following table.
Attribute | Related classes | Description |
---|---|---|
sgactivation | sguser | Activation date for the user account. |
sgauth | sggroup, sguser | Authentication service for the user or group. |
sgdelay | sggroup, sguser | Number of days the user account is valid after the activation. |
sgexpiration | sguser | Last day when the user account is valid and the user can log in. |
sggrouptype | sggroup | Indicates the type of the group: a subtree or discrete group. |
sgmember | sggroup | The Distinguished Name (DN) for the user member of this group. |
sgpassword | sguser | MD5 message digest hash of the user password. |
sgpresharedkey | sguser | IPsec PreSharedKey for the user account. |
sgsubjectaltnames | sguser | IPsec certificate SubjectAltNames for the user account. |
sgvirtualip | sggroup, sguser | Virtual IP allocation allowed for the user. |
In addition to updating the directory schema, there can be some server-specific requirements. For Netscape and OpenLDAP version 1.2.11 servers, you must configure the following lines to the LDAP server’s slapd.conf configuration file after stopping the LDAP service.
Additional configuration for OpenLDAP v1.2.11 and Netscape server
include /etc/openldap/slapd.at.conf
include /etc/openldap/slapd.oc.conf
include /etc/openldap/sg-schema.conf
schemacheck on
For OpenLDAP server versions 2.0 and later, you must configure the following lines to the LDAP server’s slapd.conf configuration file after stopping the LDAP service.
Additional configuration for OpenLDAP version 2.0 or later
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/sg-v3.schema