Tarantella Administration Guide > Users and authentication > Enabling the LDAP login authority

Enabling the LDAP login authority

To use an LDAP directory server to authenticate users to Tarantella, you need to enable the LDAP login authority. To do this:

1. Make sure all the Tarantella servers in the array can contact the LDAP directory server on the network.
2. In Array Manager, open Tarantella Login properties.
3. Check the LDAP login authority box.
4. In the URL field, type the URL of the LDAP directory server, for example ldap://melbourne.indigo-insurance.com.
5. If your LDAP directory server does not support anonymous logins, enter the details of an LDAP user in the Username and Password fields.
6. Click Apply.

Once the LDAP login authority is enabled, users can log in to Tarantella using either:

• their full name (common name or cn);
• their uid;
• their e-mail address; or
• their SAM account name.

Users then receive the webtop that has been configured for them using:

• LDAP user login profile objects; and
• searches of your LDAP database.

Notes

• Currently a Tarantella array can only be configured to connect to a single DNS name of an LDAP directory server.
• Some LDAP directory servers support anonymous logins, so you don't need to supply a username or password. Others, including Microsoft Active Directory, require the username and password of a user that has sufficient privileges to search the LDAP database. You might want to create a special LDAP user reserved for the Tarantella LDAP login authority. The username must be the distinguished name of the user, for example cn=tarantella-ldap,cn=Users,dc=indigo-insurance,dc=com.
• The standard ports on which LDAP directory servers listen are 389 (for standard connections) and 636 (for secure connections). If your LDAP directory server uses a different port, you can specify the port number as part of the URL, for example ldap://melbourne.indigo-insurance.com:5678.
• Some LDAP directory servers require or allow SSL-based secure connections. To use SSL connections:
  • Obtain and install the Tarantella Security Pack on each array member. You need a Security license to use the Security Pack.
  • Make sure the LDAP Server attribute specifies a URL that begins ldaps://.
• Normally, the LDAP login authority searches the entire LDAP directory server. You can restrict the search to part of the LDAP directory server by adding a search root to the end of the URL, for example ldap://melbourne.indigo-insurance.com/dc=indigo-insurance,dc=com