Managing Datastore

I want to store the enterprise credential vault objects and i am trying the following steps in PAM 3.2:-

click Enterprise Credential Vault --> Datastore --> Settings.--> LDAP

Added a datastore (My edirectory is installed on suse linux server (/opt/novell/edirectory).

Name: edirectory
Host: 192.168.1.XXX
Port: 389
Admin DN: cn=admin,ou=sa,o=system
Password: Admin DN password.
Container DN: o=data
Getting error
For 389 confidentiality required
For 636 extend the ldap schema for credentioal vault

But i cannot find doc for Extending the LDAP Directory Schema in linux server.

Please help me it is a new feature for me.

i have found some doc on extending schema https://www.netiq.com/documentation/edir88/edir88/data/amijij0.html
should i follow this doc
  • frankabhinav;2470930 wrote:
    I want to store the enterprise credential vault objects and i am trying the following steps in PAM 3.2:-

    click Enterprise Credential Vault --> Datastore --> Settings.--> LDAP

    Added a datastore (My edirectory is installed on suse linux server (/opt/novell/edirectory).

    Name: edirectory
    Host: 192.168.1.XXX
    Port: 389
    Admin DN: cn=admin,ou=sa,o=system
    Password: Admin DN password.
    Container DN: o=data
    Getting error
    For 389 confidentiality required
    For 636 extend the ldap schema for credentioal vault

    But i cannot find doc for Extending the LDAP Directory Schema in linux server.

    Please help me it is a new feature for me.

    i have found some doc on extending schema https://www.netiq.com/documentation/edir88/edir88/data/amijij0.html
    should i follow this doc


    Inside i get the follwing error
    Error, PAM LDAP TestCredentialVault OU=TestCredentialVault,o=data could not be created - LDAP err code = 65
    Warning, LDAP bind failed, error 13 (Confidentiality required)
    Thu Nov 30 13:14:48 2017, 31, 1126098688, 2340, Error, LDAP authentication failed - 13
    Thu Nov 30 13:14:48 2017, 31, 1126098688, 2340, Error, Test Connection Failed with Error : 182513
  • For LDAP port 389, the "confidentially required" error is a response from the LDAP server. The LDAP server is not allowing simple binds in clear text, which could potentially be a security issue. The LDAP server could be configured to allow this sort of simple bind, if necessary; however, I recommend using port 636 for secure LDAP binds.

    PAM offers the ability to Manage the Datastore in a SQLite database or in an external datastore (LDAP). To store in an external datastore such as LDAP, there are pre-requisite steps that should be followed. One of these steps is to extend the ldap schema, which explains the error you are receiving when trying to migrate the datastore to LDAP via port 636.

    For complete details, please refer to documentation:
    - https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/managedatastore.html
    - https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/change_datastore.html
    Note: Order matters in Step 4, as it includes extending the ldap schema prior to migration.

    Extending the LDAP schema of the eDirectory server will configure the LDAP server to support PAM objects. For details on how to do this, please refer to docs:
    https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/extendingschema.html
    Note: This step is referenced in the above documentation sources.