Once you have enabled the LDAP login authority, any LDAP user who can access a Tarantella server can log in to Tarantella. However, you may not want all LDAP users to have access to Tarantella.
The solution is to configure a search filter on the Tarantella server so that only users, who have a required attribute value on their LDAP user object, can log in to Tarantella. This requires extra configuration on the LDAP directory server and on the Tarantella server.
For Tarantella to be able to apply a filter, it must be able to
test for an attribute value on the user object in your LDAP directory server.
You could use an attribute that already exists in your LDAP database or create
a new attribute, for example an attribute called allowttalogin.
This attribute must be set for all users in your organization.
Once you have configured the LDAP user object attribute, you need to configure a search filter on the Tarantella server. The filter needs to test the LDAP attribute, to allow users to log in if they meet the condition(s).
To set a search filter:
tarantella stop command to stop the Tarantella server.
tarantella config edit --searchldapla.properties-searchFilter (&({0}={1})(attribute_test))tarantella config edit --searchldapla.properties-searchFilter (&({0}={1})(allowttalogin=true))
tarantella start command to start the Tarantella server.
After you have re-started Tarantella, only users who match the search filter will be able to log in to Tarantella.