Secure Global Desktop Administration Guide > Users and authentication > The LDAP login authority
The LDAP login authority allows users to log in to Secure Global Desktop if they have an entry in an LDAP directory.
This login authority is disabled by default.
The user types either a common name (for example "Indigo Jones"), a username (for example "indigo") or an email address (for example "indigo@indigo-insurance.com").
cn
(common name) attribute that matches what the user typed. If there's no match, the search is repeated on the uid
(username) attribute, and finally on the mail
(email address) attribute. The identity is the LDAP person object and has the form
.../_service/sco/tta/ldapcache/LDAP-person.
The first match of the following is used:
cn=Indigo Jones,ou=Administration,o=Indigo Insurance
is found, this login authority would search ENS for o=Indigo Insurance/ou=Administration/cn=Indigo Jones
.cn=LDAP Profile
, in the same OU as the LDAP person object. For example, o=Indigo Insurance/ou=Administration/cn=LDAP Profile
.cn=LDAP Profile
, in any parent OU for the LDAP person object. For example, o=Indigo Insurance/cn=LDAP Profile
.o=Tarantella System Objects/cn=LDAP Profile
.Emulator sessions and password cache entries belong to the LDAP person object.
Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.