Michael Hassey wrote on 10/ 6/06 01:38 PM:
Hello
I have SGD running great, using ldap fine...
What I am looking for is a way to allow access to SGD based on an LDAP
group... or other way to mark a user as an SGD user for auth in LDAP.
When I use;(under array manager > Secure Global Desktop Login > LDAP
Server)
ldap://jds.mydomain.com:389/ou=People,o=mydomain.com,dc=mydomain,dc=com
Things work great..
When I try;
ldap://jds.mydomain.com:389/cn=sgdusers,ou=groups,o=mydomain.com,dc=mydomain,dc=com
I get no satisfaction...
sgdusers is a static group with a couple of test users.
Any ideas?
How does the community restrict SGD access via LDAP?
The way I currently do it is not ideal, but may work for you, depending
on scale...
* Configure (in arraymanager) "Search LDAP and use the closest ENS
match"
* Create ENS users that map to LDAP users, for example:
.../_ens/dc=com/dc=mydomain/o=mydomain.com/ou=People/uid=mhassey
* Create the special ENS user object:
.../_ens/dc=com/dc=mydomain/o=mydomain.com/cn=LDAP Profile
* Uncheck the box "May log in to Secure Global Desktop" for the "LDAP
Profile" user object (or if you're creating via the command line,
use "--enabled false")
So, people who have LDAP entries but not ENS entries will get mapped to
"cn=LDAP Profile", which isn't allowed to login.
There's probably a "proper" way to do it in LDAP (DSI, maybe?), but I
haven't looked for it...
~D..
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
