SSL VPN
Reply
Contributor
frank342767
Posts: 21
Registered: ‎03-23-2010
0

presenting weblinks based on user login

I have an SA2000 using LDAP auth,

I need a way of presenting weblinks based on user login. can someone provide a how to or reference.

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: presenting weblinks based on user login

If you are looking to show group "A" a set of bookmarks and group "B" a different set of bookmarks, you define two roles with different bookmarks and use role-mapping to assign users to roles.  You can assign the roles based on usernames or - preferably - some information from the LDAP.

 

If you are wishing to show user "C" bookmarks unique to his/her logon, there are ways to put the username into the bookmark. 

 

Can you tell us a little more about what you are wanting to do?

 

Ken

Contributor
frank342767
Posts: 21
Registered: ‎03-23-2010
0

Re: presenting weblinks based on user login

I was thinking of your first option, I have create a role and within the role I have defined the web links. now how do I assign the role to an ldap user?

 

your second option does sound interesting.

Distinguished Expert
muttbarker
Posts: 2,371
Registered: ‎01-29-2008
0

Re: presenting weblinks based on user login

Realms are used to map roles to users. The realm contains the authentication and authorization servers and the role mappings. You can pretty much use any LDAP attribute including groups to map a user to a role.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Trusted Contributor
SonicBoom
Posts: 195
Registered: ‎07-06-2009
0

Re: presenting weblinks based on user login

your best bet which will keep your sanity is to use LDAP auth assigning roles using "group is" attribute, this way the SA queries AD and if user is in a particular group he will then be assigned the correct role. since our server group manages AD i can hand off most of the tedious work to them, otherwise you will never log off of the box.
Power On
http://vology.com
Moderator
zanyterp
Posts: 2,300
Registered: ‎11-19-2007
0

Re: presenting weblinks based on user login

The best reference is the IVE admin guide (http://www.juniper.net:80/support/products/sa/) and you can look at the information for your IVE version.

As mentioned, once you have your realm defined to use the LDAP auth, you assign users based on group membership to different roles. Each role has a different set of access permissions, including bookmarks.

The most effective way is to create resource profiles for your bookmarks (Users>Resource Profiles>Web)

A resource profile is a link (or series of links if there are multiple directories on one server) that is shared by many roles.

For example, if you want to provide OWA to 3 different roles, you can create the bookmark 3 times (one for each role) OR you can create the bookmark once as a profile and assign the three roles to it.

 

Does that help clarify the way you can approach this?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.