Re: [SGD-Users] SGD 4.31 - User application mapping( AD enable )

Thu, 15 Nov 2007 04:45:21 -0800 

Mohamed,
You can use command line to create the DC (domain components). Try the following commands: 

# tarantella object new_dc --name ".../_ens/dc=bn"
# tarantella object new_dc --name ".../_ens/dc=bn/dc=com"
# tarantella object new_dc --name ".../_ens/dc=bn/dc=com/dc=esuria"

Then start your Object Manager and you should see the new DCs.

Hope this helps.

/df


Mohamed Ali wrote on 11/15/2007 2:57 AM:

Hi Deany,

Thank you for your reply.

Yes, i got your point about the AD and ENS user mapping.


I cannot create Domain Component(dc=com, dc=esuria) in my Object 
Manager. But i can only see the automatically created Domain Component( 
dc=bn, dc=com, dc=esuria ), in the Object Manager. Is there any way to 
force and create the dc=bn, dc=com, dc=esuria Domain Component ?



Say if i cannot force create dc=bn, dc=com, dc=esuria, is there any 
other solutions to achive my objective ?


Thanks.

# Yours Sincerely,
# Mohamed Ali Bin Abdullah.



Deany wrote:

Message: 1
Date: Tue, 13 Nov 2007 13:26:39 +0000
From: Deany Dean <[EMAIL PROTECTED]>
Subject: Re: [SGD-Users] SGD 4.31 - User application mapping( AD
    enable )
To: Sun Secure Global Desktop Users mailing list
    <[email protected]>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hi Ali,


It looks like your problem is that the user you have mirrored in ENS 
(via object manager) is in the wrong place. From looking at the 
logging you provided you can see that the user is actually located 
under "cn=Users,dc=esuria,dc=com" in Active Directory.  You must then 
create this structure in ENS (via object manager). This would be 
"dc=com,dc=esuria,cn=Users" and then put your user in that location. 
SGD can then map the AD user directly to this user object in ENS.



For more info on Ldap Mirroring see the docs at 
http://docs.sun.com/source/820-1088/ldap_mirroring.html
If you are wanting to group application assignments to AD users based 
on an Ldap search or by a list of users, or groups, see 
http://docs.sun.com/source/820-1088/using_dsi.html
It is also worth mentioning that SGD 4.40 (available soon) has a 
pretty nifty LDAP browser that can be used to assign applications. 
This is definitely worth a look as it make administering LDAP/AD users 
and application much easier.


Hope this helps,

DD

Mohamed Ali wrote:

 

Dear Forum users,

Objective: Assign AD authenticated users with specific applications.....


I have installed SGD 4.31 in my SFV240 server. Have configured and 
enable AD for users to authenticate.


These are my DNS SGD servers lookup:
-----------------------------------------
portal-01.esuria.com.bn --->   172.16.2.82
172.16.2.82 --->   portal-01.esuria.com.bn

portal-02.esuria.com.bn --->   172.16.2.83
172.16.2.83 --->   portal-02.esuria.com.bn


Note: In our existing DNS server, our admin configured the Domain as 
"ESURIA.COM.BN"



These are my Array Manager AD Settings:
-------------------------------------------
URL:  ad://esuria.com
Base Domain:  esuria.com
Default Domain:  esuria.com


Note: Our existing AD server, admin has configured the Domain as 
"ESURIA.COM"



Object Manager Settings:
-------------------------
Note: These are created by default( dc=bn, dc=com, dc=esuria )
I created Active Directory Container( cn=Users )
I created Person object ( cn=ali ) and assign some applications to ali.

Note:
1) User Ali is created in AD server only.

2) The reason i created the above AD Container and Person object is 
to assigned specific applications to user Ali.




Open a firefox browser and type the sgd url and click login. Enter 
username ali and password and i am successfully login to SGD webtop. 
Unfortunately, every time i login to webtop, i saw the LDAP 
Applications NOT the applications i specified in the Object Manager( 
Person Object ).


Here are the logs output:
----------------------------
[EMAIL PROTECTED] # tail -f server-login.log

2007/11/12 18:43:25.152 (pid 11467)     server/login/moreinfo   
#1194864205152

Attempted login for  ali
using disambiguation attributes {}.


2007/11/12 18:43:25.165 (pid 11467)     server/login/moreinfo   
#1194864205165

The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=esuria/cn=Users/cn=ali.


2007/11/12 18:43:25.177 (pid 11467)     server/login/moreinfo   
#1194864205177

The login authority com.sco.tta.server.login.ens.SearchENSLoginAuthority
has found a potential login candidate
.../_ens/dc=bn/dc=com/dc=esuria/cn=Users/cn=ali.


2007/11/12 18:43:26.568 (pid 11467)     server/login/info       
#1194864206568

Login attempt for ali.
Login successful.


2007/11/12 18:43:26.571 (pid 11467)     server/login/info       
#1194864206571

User .../_service/sco/tta/ldapcache/CN=Ali,CN=Users,DC=ESURIA,DC=COM
logged in using profile
.../_ens/o=Tarantella System Objects/cn=LDAP Profile
from 172.16.2.109.



I believe i had missed some steps. Can the forum experts, help me to 
archive my objective..


Thanks.

    

_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users

_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users






















					Reply via email to