Showing results for 
Search instead for 
Did you mean: 

LDAP Connector & eDirectory 8.7

Has anyone any recommendations for setting up the SafeBoot Connector Manager with Novell eDirectory?
e.g. search setting, attribute type value, attr mappings, change attribute, etc..
We have setup a basic connector, with the General:attribute types containing uniqueid of type ascii string, search setting to (objectClass=user), default attr mappings and a search group using full dn... It seems to work ok in test environment, I just want to be a bit more sure before we start our production pilot...!
(Another alternative is that we use AD connector, as we use Novell IDM to sync eDir/AD and the AD Connector appears to be more fully populated, etc.)
Any thoughts or suggestions welcome!
4 Replies

RE: LDAP Connector & eDirectory 8.7


Battling on.. We have a process that can add users and filter on group, etc.
The main issue I am concerned with is the ability to disable the safeboot account when the edirectory account is disabled.
The attribute mapping for Account Control would appear to be the edirectory (ldap) attribute 'logindisabled'
The issue I am having is getting the LDAP connector to acknowledge that there is a change i.e. the attribute mapping for 'Change Attribute' I have tried an edir attribute named revision, but this appears to be somewhat 'hidden' for ldap queries and is replica server specific. I then thought I'd try 'logindisabled', as this is the only attribute we actually care about - again, no joy...
Any suggestions?!?



RE: LDAP Connector & eDirectory 8.7

I've never found a reason to try and populate the Change Attribute here, Account Control is set to the default of loginDisabled which I confirmed matched our LDAP attribute through LDAP Browser. I have confirmed SB accounts are disabled when the eDirectory account is disabled as well, though the SB account isn't disabled until the next LDAP sync.

We use a filter under Search Settings, not the Search Group here. Search Groups seem to be a much better choice except performance is ridiculous compared to our search filter (which is effectively doing the same thing). I've also seen that the Search Groups incorrectly identify some users as "not a user" but I've been unable to determine a reason. If you go with the Search Settings make sure your Entry Limit is high enough to accommodate the number of records being returned.

RE: LDAP Connector & eDirectory 8.7

Hmm, that's interesting, I was assuming you needed the change attribute for it to assess whether to read the other attributes...
Hey ho, as you've seen from the other post we went for the AD Connector route..

Thanks for posting


RE: LDAP Connector & eDirectory 8.7

Yeah, AD sounds like the smart choice. That's currently not an option here but from your posts it appears performance is 20x better with AD. Using Search Groups with eDirectory I've found it takes over an hour for one sync of 1 group with 1K users. Not to mention the user enrollment issue I mentioned last post.
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community