LDAP schema - extending schema necessary?

Hi!

We have a customer who would like to implement SSPR against AD. But they do not want to extend schema.

Based on documentations it looks like LDAP schema extension is only needed for storing challenge-response information:

https://www.netiq.com/documentation/self-service-password-reset-45/sspr-install/data/b1l54no8.html#c41dire1y

https://www.netiq.com/documentation/self-service-password-reset-45/sspr-install/data/b1l5kpc7.html

But looking at schema file there are attributes that could mean schema extension is also needed for other stuff, like pwmEventLog, pwmLastPwdUpdate, pwmGUID and pwmData.

Since customer will use remote database for challenge-response storage, is LDAP schema extension still needed? Will SSPR work without it?

Kind regards,

Sebastijan

Tags: