Secure Global Desktop Administration Guide > Users and authentication > Enabling the LDAP login authority
To use LDAP directory servers to authenticate users to Secure Global Desktop, you need to enable the LDAP login authority. To do this:
ldap://melbourne.indigo-insurance.com
.
ldap://melbourne.indigo-insurance.com:5678
.ldap://melbourne.indigo-insurance.com/dc=indigo-insurance,dc=com
ldaps://
), see Securing connections to LDAP directory servers for details.cn=tarantella-ldap,cn=Users,dc=indigo-insurance,dc=com
.Once the LDAP login authority is enabled, users can log in to Secure Global Desktop using either:
cn
);Users then receive the webtop that has been configured for them using:
Secure Global Desktop can prompt a user for a new password if their password has expired on the LDAP directory server. When a user attempts to log in with an expired password, the aged password dialog displays. This dialog:
If the new password is accepted, the user is logged in to Secure Global Desktop.
For Sun One Directory Servers:
With Microsoft Active Directory, password expiry (including forcing the user to change their password at next logon) can only be handled if there is a secure (SSL) connection between the Secure Global Desktop server and the Active Directory server. See Securing connections to LDAP directory servers for details.
Secure Global Desktop uses two timeouts to control what happens in the event of an LDAP failure.
The LDAP discovery timeout controls how long Secure Global Desktop waits for an LDAP directory server to respond to the initial contact request. The default is 30 seconds. To change this timeout, run the following command:
tarantella config edit --tarantella-config-ldap-discovery-timeout secs
The LDAP timeout controls how long Secure Global Desktop waits for an LDAP directory server to respond to LDAP operations, such as requests for data. The default is 30 seconds. To change this timeout, run the following command:
tarantella config edit --tarantella-config-ldap-timeout secs
With both timeouts, Secure Global Desktop makes two attempts to contact the LDAP directory server. If there is no response, Secure Global Desktop tries the next LDAP directory server listed in the URL field on the Secure Global Desktop Login properties panel in Array Manager. If all LDAP directory servers time out, users can't be authenticated with the LDAP login authority and webtop content can't be generated.
Copyright © 1997-2005 Sun Microsystems, Inc. All rights reserved.