Secure Global Desktop Administration Guide > Users and authentication > LDAP users can't log in to Secure Global Desktop
If you are using the LDAP login authority to authenticate users and you find that LDAP users are not able to log in to Secure Global Desktop, use the following checklist to identify the source of the problem.
You may also find it helpful to turn on extra logging in Array Manager.
Select the Array properties panel and add
a server/login/*
and a server/ldap/*
filter in the Log Filter box.
Things to check | Notes |
---|---|
Is the LDAP login authority enabled? | You cannot use an LDAP directory server with Secure Global Desktop unless the
LDAP login authority is enabled.
Use the Secure Global Desktop Login properties
in Array Manager (or use the |
Are the URLs of the LDAP directory servers correct? | To be able to use the LDAP login authority, each Secure Global Desktop server must be
able to contact the LDAP directory servers at the specified URLs.
Use the Secure Global Desktop Login properties
in Array Manager (or use the
For Sun™ ONE (formerly Netscape or iPlanet) Directory Server, you may also need to do
some extra configuration to map ENS names to LDAP names correctly.
For example, the LDAP directory server has a
|
Is the LDAP directory server username and password correct? | Some LDAP directory servers support anonymous logins, so you don't need to supply
a username or password. Others, including Microsoft Active Directory, require
the username and password of a user that has sufficient privileges to search the
LDAP database.
Use the Secure Global Desktop Login properties
in Array Manager (or use the |
If you are you using secure connections to the LDAP directory server, has this been configured correctly? |
Check:
See Securing connections to LDAP directory servers for details. |
Is Secure Global Desktop providing the right information for locating the user? | When Secure Global Desktop searches an LDAP database for a user it uses
the following attributes:
If these attributes are not sufficient for identifying users, you can add extra attributes:
Note These steps require caution as any mistakes can result in all users being unable to log in. |
Have recent LDAP configuration changes taken effect? | After making changes to your LDAP database, it is advisable to wait for a period of time for the changes to take effect.
Secure Global Desktop caches the data it collects from an LDAP directory server. If you find that Secure Global Desktop is not detecting changes, you can manually flush the cached data with the tarantella cache command. |
Copyright © 1997-2006 Sun Microsystems, Inc. All rights reserved.