Contents

What You Are Expected to Know
iPlanet Directory Server Access Management Edition Documentation Set
Organization of This Guide
Documentation Conventions Used in This Guide

Typographic Conventions
Terminology

Related Information

Chapter 1 Product Overview

Directory Server Access Management Edition
Features of DSAME

Service Management
Policy Management
Authentication
Single Sign-On
URL Policy Agents
User Management
DSAME Console

Installing DSAME
The DSAME Console

Location Pane
Navigation Pane
Data Pane

Chapter 2 Service Management

Definition of a Service
DSAME Services Defined

Administration
Authentication

Core
Anonymous
Certificate-based
LDAP
Membership (Self-Registration)
RADIUS

Logging
Naming
Platform
Session
URL Policy Agent
User

Attribute Types

Dynamic Attributes
Policy Attributes
User Attributes
Organization Attributes
Global Attributes

Service Management

Chapter 3 Policy Management

The Policy Service
The URL Policy Agent

Validating a User's Sign On
Enforcing URL Access

Hierarchy Of Enforcement

How the URL Policy Agent Works

Policy Management

Registering Policy Services
Creating Named Policies
Assigning Named Policies

Assigning Named Policies to an Organization
Assigning Named Policies to a Role

Chapter 4 User Management

The User Management Interface

User Management View
User Profile View

Managing DSAME Objects

Organizations

Create an Organization

Containers

Create a Container
Delete a Container

People Containers

Create a People Container
Delete a People Container

Group Containers

Create a Group Container
Delete a Group Container

Roles

Create a Role
Delete a Role
Add Users to a Role
Remove Users from a Role

Services

Register a Service
Create a Template for a Service
Unregister a Service

Policies

Assign a Policy
Unassign a Policy

Users

Create a User
Delete a User

Managed Groups

Create a Managed Group
Delete a Managed Group

Properties Function

Chapter 5 Authentication Options

The Core Authentication Service

To Register and Enable the Core Service

Anonymous Authentication

To Register and Enable Anonymous Authentication
Logging In Using Anonymous Authentication

Certificate-based Authentication

To Register and Enable Certificate-based Authentication
Logging In Using Certificate-based Authentication

LDAP Directory Authentication

To Register and Enable LDAP Authentication
Logging In Using LDAP Authentication
Enabling LDAP Authentication Failover

Membership Authentication

To Register and Enable Membership Authentication
Logging In Using Membership Authentication

RADIUS Server Authentication

To Register and Enable RADIUS Authentication
Logging In Using RADIUS Authentication

Chapter 6 Administration Attributes

Global Attributes

Default Role Permissions (ACIs)

Organization Admin
Organization Help Desk Admin

Dynamic Admin Roles ACIs

Group Admin
Organization Admin
Organization Help Desk Admin
People Container Admin
Organizational Unit Admin
Organizational Unit Help Desk Admin
Top Level Admin

Show People Containers
Display Containers In Menu
Show Group Containers
Managed Group Type
Service Hierarchy

Organization Attributes

Groups Default People Container
Maximum Results Returned From Search
Timeout For Search (sec.)
Groups People Container List
Display User's Roles
Display User's Groups
User Group Self Subscription
User Profile Display Options
User Creation Default Roles
View Menu Entries

Chapter 7 Anonymous Authentication Attributes

Authentication Level
Valid Anonymous User List
Default Anonymous User Name

Chapter 8 Certificate Authentication Attributes

Match Certificate in LDAP
SSL On For LDAP Access
Field in Cert to Use to Access User Profile
Authentication Level
Match Certificate to CRL
LDAP Server and Port
LDAP Start Search DN
LDAP Access Authentication Type
LDAP Server Principal User
LDAP Server Principal Password
LDAP Attribute for Profile ID

Chapter 9 Core Authentication Attributes

Organization Attributes

Authentication Menu
Non-Interactive Modules
User's Default Redirect URL
User Based Auth
People Container For All Users
Alias Search Attribute Name
Default Auth Level
User Naming Attribute
Pluggable Auth Page Generator Class
Dynamic User Profile Creation
Default Auth Locale
Organization URL Mapping
Admin Authenticator
Dynamic User Profile Creation Default Roles
Authentication Chaining Modules
Authentication Chaining Enabled
Persistent Cookie Mode
Persistent Cookie Max Time (seconds)

Global Attributes

Pluggable Auth Module Classes

Chapter 10 LDAP Authentication Attributes

Primary LDAP Server and Port
Secondary LDAP Server and Port
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Search Filter
User Entry Naming Attribute
Search Scope
Enable SSL to LDAP Server
Authentication Level

Chapter 11 Membership Authentication Attributes

Minimum Password Length
User Naming Attribute
Search Scope
Enable SSL to LDAP Server
Primary LDAP Authentication Server
Secondary LDAP Authentication Server
Authentication Level
Default User Roles
User Status After Registration
DN to Start User Search
DN for Root User Bind
Password for Root User Bind
Search Filter

Chapter 12 RADIUS Authentication Attributes

RADIUS Server 1
RADIUS Server 2
RADIUS Shared Secret
RADIUS Server's Port
Authentication Level
Timeout (Seconds)

Chapter 13 Logging Attributes

Log Status
Max Log Size
Number of History Files
Log Location

Chapter 14 Naming Attributes

Profile Service URL
Session Service URL
Logging Service URL

Chapter 15 Platform Attributes

Server List
Platform Locale
Cookie Domains
Login Service URL
Logout Service URL
Available Locales

Chapter 16 Session Attributes

Max Session Time (Minutes)
Max Idle Time (Minutes)
Max Caching Time (Minutes)

Chapter 17 URL Policy Agent Attributes

URL Policy Agent Action: Allow
URL Policy Agent Action: Deny
URL Policy Agent Action: Not Enforced
Additional Information

Hierarchy Of Enforcement
Configuring Policy Attributes

Chapter 18 User Attributes

Service Management Attributes

User Preferred Language
User Preferred Timezone
User Preferred Locale
Admin DN Starting View
Default User Status
User Auth Modules

User Profile Attributes

Home Address
User Status
First Name
Last Name
Full Name
Password
Confirm Password
Email Address
Employee Number
Telephone Number
Roles For This User
Groups for this User

Unique User IDs