Schema updates for external LDAP servers

When adding Secure SD-WAN Manager-specific LDAP classes and attributes to the schema of external LDAP servers, see the following tables.

The Secure SD-WAN Manager-specific attribute and class names start with “sg”. The classes are listed in the following table.

Table 1. Secure SD-WAN Manager-specific LDAP classes
Class Description
sggroup Secure SD-WAN Manager user group
sguser Secure SD-WAN Manager user account

The Secure SD-WAN Manager-specific attributes are listed in the following table.

Table 2. Secure SD-WAN Manager-specific LDAP attributes
Attribute Related classes Description
sgactivation sguser Activation date for the user account.
sgauth sggroup, sguser Authentication service for the user or group.
sgdelay sggroup, sguser Number of days the user account is valid after the activation.
sgexpiration sguser Last day when the user account is valid and the user can log in.
sggrouptype sggroup Indicates the type of the group: a subtree or discrete group.
sgmember sggroup The Distinguished Name (DN) for the user member of this group.
sgpassword sguser MD5 message digest hash of the user password.
sgpresharedkey sguser IPsec PreSharedKey for the user account.
sgsubjectaltnames sguser IPsec certificate SubjectAltNames for the user account.
sgvirtualip sggroup, sguser Virtual IP allocation allowed for the user.

In addition to updating the directory schema, there can be some server-specific requirements. For Netscape and OpenLDAP version 1.2.11 servers, you must configure the following lines to the LDAP server’s slapd.conf configuration file after stopping the LDAP service.

Additional configuration for OpenLDAP v1.2.11 and Netscape server

include /etc/openldap/slapd.at.conf
include /etc/openldap/slapd.oc.conf
include /etc/openldap/sg-schema.conf
schemacheck on

For OpenLDAP server versions 2.0 and later, you must configure the following lines to the LDAP server’s slapd.conf configuration file after stopping the LDAP service.

Additional configuration for OpenLDAP version 2.0 or later

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/sg-v3.schema