Hi Ali,
It looks like your problem is that the user you have mirrored in ENS
(via object manager) is in the wrong place. From looking at the logging
you provided you can see that the user is actually located under
"cn=Users,dc=esuria,dc=com" in Active Directory. You must then create
this structure in ENS (via object manager). This would be
"dc=com,dc=esuria,cn=Users" and then put your user in that location. SGD
can then map the AD user directly to this user object in ENS.
For more info on Ldap Mirroring see the docs at
http://docs.sun.com/source/820-1088/ldap_mirroring.html
If you are wanting to group application assignments to AD users based on
an Ldap search or by a list of users, or groups, see
http://docs.sun.com/source/820-1088/using_dsi.html
It is also worth mentioning that SGD 4.40 (available soon) has a pretty
nifty LDAP browser that can be used to assign applications. This is
definitely worth a look as it make administering LDAP/AD users and
application much easier.
Hope this helps,
DD
Mohamed Ali wrote:
Dear Forum users,
Objective: Assign AD authenticated users with specific applications.....
I have installed SGD 4.31 in my SFV240 server. Have configured and
enable AD for users to authenticate.
These are my DNS SGD servers lookup:
-----------------------------------------
portal-01.esuria.com.bn ---> 172.16.2.82
172.16.2.82 ---> portal-01.esuria.com.bn
portal-02.esuria.com.bn ---> 172.16.2.83
172.16.2.83 ---> portal-02.esuria.com.bn
Note: In our existing DNS server, our admin configured the Domain as
"ESURIA.COM.BN"
These are my Array Manager AD Settings:
-------------------------------------------
URL: ad://esuria.com
Base Domain: esuria.com
Default Domain: esuria.com
Note: Our existing AD server, admin has configured the Domain as
"ESURIA.COM"
Object Manager Settings:
-------------------------
Note: These are created by default( dc=bn, dc=com, dc=esuria )
I created Active Directory Container( cn=Users )
I created Person object ( cn=ali ) and assign some applications to ali.
Note:
1) User Ali is created in AD server only.
2) The reason i created the above AD Container and Person object is to
assigned specific applications to user Ali.
Open a firefox browser and type the sgd url and click login. Enter
username ali and password and i am successfully login to SGD webtop.
Unfortunately, every time i login to webtop, i saw the LDAP
Applications NOT the applications i specified in the Object Manager(
Person Object ).
Here are the logs output:
----------------------------
[EMAIL PROTECTED] # tail -f server-login.log
2007/11/12 18:43:25.152 (pid 11467) server/login/moreinfo
#1194864205152
Attempted login for ali
using disambiguation attributes {}.
2007/11/12 18:43:25.165 (pid 11467) server/login/moreinfo
#1194864205165
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=esuria/cn=Users/cn=ali.
2007/11/12 18:43:25.177 (pid 11467) server/login/moreinfo
#1194864205177
The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=esuria/cn=Users/cn=ali.
2007/11/12 18:43:26.568 (pid 11467) server/login/info
#1194864206568
Login attempt for ali.
Login successful.
2007/11/12 18:43:26.571 (pid 11467) server/login/info
#1194864206571
User .../_service/sco/tta/ldapcache/CN=Ali,CN=Users,DC=ESURIA,DC=COM
logged in using profile
.../_ens/o=Tarantella System Objects/cn=LDAP Profile
from 172.16.2.109.
I believe i had missed some steps. Can the forum experts, help me to
archive my objective..
Thanks.
_______________________________________________
SGD-Users mailing list
SGD-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sgd-users
