Defining webtops for LDAP users using login profiles

Read this topic to...
  • Learn how to use login profiles to define webtop content for LDAP users.

Once a user has been authenticated using either the LDAP login authority or web server authentication, Tarantella can use an LDAP directory server to determine the webtop the user should receive. The content of the webtop is controlled by:

Determining the login profile

For an LDAP user, Tarantella uses the first login profile it finds out of the following:

  1. A person object in ENS with the same name as the LDAP person object.
  2. A person object in ENS, with the name cn=LDAP Profile, in the same organizational unit (OU) as the LDAP person object.
  3. A person object in ENS, with the name cn=LDAP Profile, in any parent OU for the LDAP person object.
  4. The default LDAP profile object o=Tarantella System Objects/cn=LDAP Profile.

Tarantella makes allowances for the differences between the LDAP and ENS naming systems. For example, if the LDAP object cn=Indigo Jones,ou=Administration,o=Indigo Insurance is found, Tarantella searches ENS for o=Indigo Insurance/ou=Administration/cn=Indigo Jones.

If you defined a search root as part of the URL of the LDAP directory server, Tarantella disregards the search root when searching for the login profile.

If you are using web server authentication:

Creating login profiles

To be able to use a login profile other than the default LDAP profile (o=Tarantella System Objects/cn=LDAP Profile), you have to:

  1. Mirror your LDAP organization in ENS. You don't need to mirror your entire organization, only as much of the structure as you need.
  2. Create as many person objects as you need and place them in your organizational hierarchy.
  3. Define webtop content for these objects by editing them in Object Manager and dropping application and document objects onto the Links tab.

Example

To give users the webtops they need, you could create the following objects in the organizational hierarchy:

Directory server typeMicrosoft Active DirectorySun™ ONE Directory Server
LDAP paths
cn=Finance,dc=indigo-insurance,dc=com
cn=Marketing,dc=indigo-insurance,dc=com
cn=Sid Cerise,cn=Finance,dc=indigo-insurance,dc=com
ou=Finance,o=indigo-insurance.com
ou=Marketing,o=indigo-insurance.com
uid=Sid Cerise,ou=Finance,o=indigo-insurance.com
Object Manager hierarchyExample Object Mananger organization for Microsoft Active DirectoryExample Object Mananger organization for Sun ONE Directory Server
NotesYou must use domain component and Active Directory container objects to mirror your LDAP organization.You must create the person object using a uid= prefix. Use BACKSPACE to delete the Tarantella default cn= prefix for person objects and then type uid=. You can only do this when you create the object. Once the object has been created, you cannot amend the cn= part of the name.

With this organizational hierarchy:

Related topics
  • Using Tarantella with an LDAP directory server
  • Which LDAP directory servers are supported?
  • Enabling the LDAP login authority
  • Defining webtops for LDAP users using LDAP webtop searches
  • Can I give users different webtops without "mirroring" my LDAP organization in ENS?
  • LDAP users can't log in to Tarantella
  • Can I deny an LDAP user access to Tarantella?