SSL VPN
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
frank342767
Contributor
frank342767
Posts: 21
Registered: ‎03-23-2010
0

presenting weblinks based on user login

Options

‎04-13-2011 01:40 PM

I have an SA2000 using LDAP auth,

I need a way of presenting weblinks based on user login. can someone provide a how to or reference.

Message 1 of 6 (401 Views)
 
Reply
Recognized Expert
Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: presenting weblinks based on user login

Options

‎04-14-2011 06:09 AM

If you are looking to show group "A" a set of bookmarks and group "B" a different set of bookmarks, you define two roles with different bookmarks and use role-mapping to assign users to roles.  You can assign the roles based on usernames or - preferably - some information from the LDAP.

 

If you are wishing to show user "C" bookmarks unique to his/her logon, there are ways to put the username into the bookmark. 

 

Can you tell us a little more about what you are wanting to do?

 

Ken

Message 2 of 6 (386 Views)
 
Reply
frank342767
Contributor
frank342767
Posts: 21
Registered: ‎03-23-2010
0

Re: presenting weblinks based on user login

Options

‎04-14-2011 09:52 AM

I was thinking of your first option, I have create a role and within the role I have defined the web links. now how do I assign the role to an ldap user?

 

your second option does sound interesting.

Message 3 of 6 (381 Views)
 
Reply
Distinguished Expert
Distinguished Expert
muttbarker
Posts: 1,946
Registered: ‎01-29-2008
0

Re: presenting weblinks based on user login

Options

‎04-14-2011 11:33 AM

Realms are used to map roles to users. The realm contains the authentication and authorization servers and the role mappings. You can pretty much use any LDAP attribute including groups to map a user to a role.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 4 of 6 (369 Views)
 
Reply
Trusted Contributor
SonicBoom
Posts: 195
Registered: ‎07-06-2009
0

Re: presenting weblinks based on user login

Options

‎04-19-2011 06:06 AM

your best bet which will keep your sanity is to use LDAP auth assigning roles using "group is" attribute, this way the SA queries AD and if user is in a particular group he will then be assigned the correct role. since our server group manages AD i can hand off most of the tedious work to them, otherwise you will never log off of the box.
Power On
http://vology.com
Message 5 of 6 (347 Views)
 
Reply
Moderator Moderator
Moderator
zanyterp
Posts: 1,950
Registered: ‎11-19-2007
0

Re: presenting weblinks based on user login

Options

‎04-22-2011 09:40 PM

The best reference is the IVE admin guide (http://www.juniper.net:80/support/products/sa/) and you can look at the information for your IVE version.

As mentioned, once you have your realm defined to use the LDAP auth, you assign users based on group membership to different roles. Each role has a different set of access permissions, including bookmarks.

The most effective way is to create resource profiles for your bookmarks (Users>Resource Profiles>Web)

A resource profile is a link (or series of links if there are multiple directories on one server) that is shared by many roles.

For example, if you want to provide OWA to 3 different roles, you can create the bookmark 3 times (one for each role) OR you can create the bookmark once as a profile and assign the three roles to it.

 

Does that help clarify the way you can approach this?

Message 6 of 6 (296 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.