Secure Global Desktop Administration Guide > Users and authentication > Can I deny an LDAP user access to Secure Global Desktop?
Once you have enabled the LDAP login authority, any LDAP user who can access a Secure Global Desktop server can log in to Secure Global Desktop. However, you may not want all LDAP users to have access to Secure Global Desktop.
The solution is to configure a search filter on the Secure Global Desktop server so that only users, who have a required attribute value on their LDAP user object, can log in to Secure Global Desktop. This requires extra configuration on the LDAP directory server and on the Secure Global Desktop server.
Note You can't use this method to deny access to a user authenticated with the Active Directory login authority. This is because the Active Directory server is not used for authentication.
For Secure Global Desktop to be able to apply a filter, it must be able to
test for an attribute value on the user object in your LDAP directory server.
You could use an attribute that already exists in your LDAP database or create
a new attribute, for example an attribute called allowttalogin
.
This attribute must be set for all users in your organization.
Once you have configured the LDAP user object attribute, you need to configure a search filter on the Secure Global Desktop server. The filter needs to test the LDAP attribute, to allow users to log in if they meet the condition(s).
To set a search filter:
tarantella stop
command to stop the Secure Global Desktop server.
tarantella config edit --searchldapla.properties-searchFilter (&({0}={1})(attribute_test))
tarantella config edit --searchldapla.properties-searchFilter (&({0}={1})(allowttalogin=true))
tarantella start
command to start the Secure Global Desktop server.
After you have re-started Secure Global Desktop, only users who match the search filter will be able to log in to Secure Global Desktop.
Copyright © 1997-2005 Sun Microsystems, Inc. All rights reserved.