04-14-2011 06:09 AM
If you are looking to show group "A" a set of bookmarks and group "B" a different set of bookmarks, you define two roles with different bookmarks and use role-mapping to assign users to roles. You can assign the roles based on usernames or - preferably - some information from the LDAP.
If you are wishing to show user "C" bookmarks unique to his/her logon, there are ways to put the username into the bookmark.
Can you tell us a little more about what you are wanting to do?
04-14-2011 09:52 AM
I was thinking of your first option, I have create a role and within the role I have defined the web links. now how do I assign the role to an ldap user?
your second option does sound interesting.
04-14-2011 11:33 AM
Realms are used to map roles to users. The realm contains the authentication and authorization servers and the role mappings. You can pretty much use any LDAP attribute including groups to map a user to a role.
04-19-2011 06:06 AM
04-22-2011 09:40 PM
The best reference is the IVE admin guide (http://www.juniper.net:80/support/products/sa/) and you can look at the information for your IVE version.
As mentioned, once you have your realm defined to use the LDAP auth, you assign users based on group membership to different roles. Each role has a different set of access permissions, including bookmarks.
The most effective way is to create resource profiles for your bookmarks (Users>Resource Profiles>Web)
A resource profile is a link (or series of links if there are multiple directories on one server) that is shared by many roles.
For example, if you want to provide OWA to 3 different roles, you can create the bookmark 3 times (one for each role) OR you can create the bookmark once as a profile and assign the three roles to it.
Does that help clarify the way you can approach this?