Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Configuring the LDAP Server for pcAnywhere

Created: 14 May 2012 | 1 comment
Language Translations
Nitin's picture
0 0 Votes
Login to vote

Active directory Schema Snap-in

By default AD does not have AD Schema snap-in.

To install the Active Directory Schema snap-in

  1. Open Command Prompt.

  2. Type: regsvr32 schmmgmt.dll This command will register Schmmgmt.dll on your computer. For more information about using regsvr32, see Related Topics.

  3. Click Start, click Run, type mmc /a, and then click OK.

  4. On the File menu, click Add/Remove Snap-in, and then click Add.

  5. Under Available Standalone Snap-ins, double-click Active Directory Schema, click Close, and then click OK.

  6. To save this console, on the File menu, click Save.

  7. In Save in, point to the systemroot\system32 directory.

  8. In File name, type schmmgmt.msc, and then click Save.

Above detailed information can be found on Microsoft site http://technet.microsoft.com/en-us/library/cc755885(v=ws.10).aspx.

To use directory services, add a custom object class description to the LDAP server's configuration. This custom object class describes the information that the LDAP server needs to store for each host that a user starts. Once the custom object class is available, modify all existing entries to store values that belong to the new object class.

The custom pcAnywhere object class must be called pcaHost, and must contain a single binary attribute called pcaHostEntry.

For example:

objectclass: pcaHost

pcaHostEntry: binary

Adding the snap-in

Follow this procedure to add the snap-in to the Microsoft Management Console (MMC).

To add the snap-in

  1. On the Windows taskbar, click Start > Run.

  2. Type mmc.

  3. Click OK.

  4. On the Console1 toolbar, click Console > Add/Remove Snap-in.

  5. In the Add/Remove Snap-in dialog box, click Add.

  6. Click Active Directory Schema, and then click Add.

  7. Close the Add standalone snap-in dialog box.

  8. In the Add/Remove Snap-in dialog box, click OK.

  9. In the left pane, right-click Active Directory Schema, and then click Operations Master.

  10. Select The schema may be modified on this Domain Controller.

  11. Click OK.

Creating the pcaHostEntry attribute

Follow this procedure to create the pcaHostEntry attribute.

To create the pcaHostEntry attribute

  1. In the left pane, expand the Active Directory schema item.

      The Classes and Attribute subfolders should now be available.

  2. Right-click the Attributes folder, and then click Create Attribute.

      Continue through the resulting warning message.

  3. In the Common Name entry field, type pcaHostEntry

     This is case-sensitive.

  4. In the LDAP Display Name field, type pcaHostEntry

  5. In the Unique X500 Object ID field, type the following:

      1.3.6.1.4.1.393.100.9.8.1

  6. In the syntax list, click Octet string.

  7. Select Multi-Valued. 

  8. Click OK.

  9. In the left pane, right-click the Classes folder, and then click Create Class .

Continue through the warning message.

Creating the pcaHost object

Follow this procedure to create the pcaHost object.

To create the pcaHost object

  1. In the Common Name entry field, type pcaHost

      This is case-sensitive.

  2. In the LDAP Display Name field, type pcaHost

  3. In the Unique X500 Object ID field, type the following:

      1.3.6.1.4.1.393.100.9.8.2

  4. In the Parent class field, type Top

  5. In the Class list, click Auxiliary.

  6. Click Next.

  7. In the Create New Schema Class dialog box, next to the Optional attribute box, click Add.

  8. Select the pcaHostEntry attribute.

  9. Click OK.

      The pcaHostEntry should appear as an optional attribute.

  10. Click Finish.

Associating the pcaHost object with the user object class

Follow this procedure to associate the pcaHost object with the user object class.

To associate the pcaHost object with the user object class

  1. In the left pane of Console1, expand the Class folder.

  2. Right-click the user object class, and then click Properties.

  3. Select the Relationship tab, and then next to the Auxiliary Classes box, click Add.

  4. Select the pcaHost object class.

  5. Click OK.

  6. Click Apply.

  7. Click OK.

  8. In the left pane, right-click Active Directory Schema.

  9. Click Reload the Schema.

Setting the rights for the pcAnywhere user

To set up the rights for the pcAnywhere user, you must first set up view rights, and then set up edit rights.

To set up view rights for the user

  1. On the Windows taskbar, click Start > Programs > Administrative Tools >Active Directory Users and Computers.

  2. On the View menu, make sure that Advanced Features is selected.

      This enables the Security tab in the property pages.

      You can set the following rights at any organizational unit. You should set these rights at the level that contains the pcAnywhere users.

  3. Right-click the organizational unit, and then click Properties.

  4. On the Security tab, click Add.

  5. Click the Everyone group.

  6. Click Add.

  7. Click OK.

  8. In the Allow column, select Read Only.

  9. On the organizational unit's property page, click Advanced.

  10. Select the Everyone group that you just added.

  11. Click View/Edit.

  12. On the Object tab, in the Apply onto list, click This object and all child objects.

  13. Click OK until you close the Security property page.

Setting up edit rights for the user

Follow this procedure to set up edit rights for the user.

To set up edit rights for the user

  1. On the organizational unit's Security tab, click Add.

  2. Click the Self group.

  3. Click Add.

  4. Click OK.

  5. In the Allow column, select Write.

  6. Click Advanced.

  7. Select the Self group that you just added, and then click View/Edit.

  8. On the Object tab, in the Apply onto list, click Child objects only.

  9. Click OK until you close the Security property page.

Configuring pcAnywhere to use directory services

Configuring pcAnywhere to use directory services involves the following process:

   • Set up directory services in pcAnywhere preferences so that all connection items use the same settings.

     In Vista, administrator privileges are required to add directory services in pcAnywhere preferences. A standard user will be prompted for administrator credentials.

  • Set up directory services for a host connection item.

  • Set up directory services for a remote connection item.

Setting up directory services in pcAnywhere

Configure the directory server entries before beginning this procedure.

To set up directory services in pcAnywhere

  1. In the pcAnywhere Manager window, on the Edit menu, click Preferences.

  2. In the pcAnywhere Options window, on the Directory Services tab, click Add.

  3. In the Display Name field, type a name that clearly describes the directory server.

  4. In the Directory Server field, type the host name or IP address of the directory server.

  5. In the Name field, type the account name specified on the directory server.

  6. In the Password field, type the password that authenticates the account.

      The password is case-sensitive.

  7. Click Advanced to configure the port number and the search base of the directory tree.

      You should always configure this information. The Port number controls the port that the directory server uses to accept queries from the client. The default port is 389. Search Base is the root of the directory structure that begins the query search. Search base for "domain.com" should be mention as "dc=domain,dc=com".

  8. Click OK.

Symantec pcAnywhere attempts to connect to the directory server and search for the entry specified in the Name field. If multiple entries are found, users must select the one that represents them. Once the entry is identified, pcAnywhere stores its Distinguished Name in the registry for easy identification, and labels the entry as Verified.

Common reasons for failed verification include being disconnected from the network, having incorrect TCP/IP configuration settings, using an incorrect user name or password, or not having user information configured on the server.

Setting up the host computer to use directory services

When you set up a host connection to use directory services, pcAnywhere searches the directory server for the specified common name when you launch the host connection. If it finds a corresponding entry, it updates it with the connection information and current status of the host.

As the status changes, the host updates its entry in the directory server so that remote computers can see the current status. When the host is canceled, it resets the host user's entry.

Configure the directory server entries before beginning this procedure.

To set up the host computer to use directory services

  1. In the pcAnywhere Manager window, click Hosts.

  2. Right-click a host connection item that uses a network connection, and then click Properties.

  3. On the Settings tab, check Use directory services.

  4. Select the appropriate directory server in the list.

      The directory server that you select is used to register the host when it starts.

  5. Click OK.

Setting up the remote computer to use directory services

When you set up a remote connection to use directory services, the remote looks on the directory server for waiting host connections. Configure the directory server entries before beginning this procedure.

To set up the remote computer to use directory services

  1. In the pcAnywhere Manager window, click Remotes.

  2. Right-click a remote connection item that uses a network connection, and then click Properties.

  3. On the Settings tab, click Use directory services. 

  4. Select a directory server in the list.

      The list contains only the directory servers that have been preconfigured and verified.

  5. Click Filter to set the initial filter settings.

      The Filter Page narrows the results. Fill out some or all of the fields. Only the entries matching those criteria are returned. You can use wildcard characters in these fields. For example, A* returns entries that have a name beginning with the letter A.

  6. Click OK.

  7. On the Settings tab, click OK.

Comments 1 CommentJump to latest comment

Nitin's picture

This article mainly focussed on setup LDAP server for pcAnywhere for the ease of use for the customer. Hope this helps.

Regards,
Nitin

If you feel your issue has been addressed to, please use the "Mark as Solution" link for the relevant thread

+1
Login to vote