Integrating LDAP Sun Directory with Sun SGD
Hi Gurus,
Installed SGD server 4.31 on machine1
Wanted to link this SGD server to the sun Directory server(the DS is on a seperate m/c) hence went to the configuration wizard of admin and checked the "Ldap login authority" and entered the ldap server and clicked on apply and exited from it.
Now I logged into the SGD server using the developer/developer which is a user present in the Directory server. The login was successful.
Now if i click on any application(gnome terminal) for this user, it shows
su: Unknown id: developer
login: developer
Password:
Requesting application server authentication...
Login incorrect
login:
Waiting for the server to respond...
Logging in to the application server...
1. why is it requesting application server authentication ?
2. what are the extra steps to be done if the developer user has to access the applications
Thanx in advance
Siddesh
# 1
On Unix system, you need to have an account in order to execute anything. When you configure SGD to authenticate against DS, the user is "logged in" into SGD, but not the application server (even though your application server looks to be the same as the SGD server.)
So, when executing an application (gnome-terminal, in this case), SGD will attempt to use the credential to authenticate on the "application server". If the account "developer" is not valid, you'll get the result you got.
What you need to do is to ensure that the user has a valid account on the application server. The easiest way to do this, in your case, is to configure the application server to use the same DS for authentication.
Hope this helps.
Wai.a at 2007-7-12 16:23:41 >
# 3
Authenticating for SSGD and appliactions does not have anything to do with authentication to tomcat/apache/java.
Simplest form:
- A user logs on to SSGD with a valid username and password.
- SSGD presents applications to the user via the webtop.
- The user starts an application by clicking the application name on the webtop.
- SSGD connects to the application-server (a *nix-server, Windows Terminal server, etc), authenticates to the application server and starts the application.
SSGD connects to the application server like you normally would do form your workstation:
- To Windows Terminal Server via RDP protocol (like mstsc.exe on windows)
- To linux/unix server via SSH (like putty.exe on windows) or telnet (like telnet.exe on windows)
When using LDAP-authentication for SSGD you need to tell SSGD to use LDAP-authentication (see http://docs.sun.com/source/819-6255/ldap_auth_enabling.html).
When connection to an Application Server (Windows Terminal Server/ *nix-server) you need to configure LDAP-authentication (or something synchronized whith LDAP) to be able to use Single Sign On from SSGD to these application servers.
Synchronizing AD with the Sun Directory Server can be done with Identity Synchronization for Windows (http://www.sun.com/software/products/identity_synch/) or use unix-integration on Windows 2003 R2.
- Remold | Everett
