Secure Global Desktop Administration Guide > Applications, documents and hosts > Mirroring your LDAP organization in ENS

Mirroring your LDAP organization in ENS

If you have configured Secure Global Desktop to authenticate users with either the LDAP login authority, the Active Directory login authority or web server/third party authentication (using the LDAP search methods), all users have the same webtop content (defined by the default LDAP profile object o=Tarantella System Objects/cn=LDAP Profile) and have the same Secure Global Desktop-specific settings.

In order to customize webtop content and/or Secure Global Desktop-specific settings, you have to mirror some of your LDAP organization in ENS by creating the person objects that will be used as login profiles. These login profiles can then be used, for example, to control:

webtop content;
access to standard or secure connections to Secure Global Desktop;
access to client drives; and
access to Secure Global Desktop printing services.

Note Directory Services Integration offers a more efficient and flexible way of customizing webtop content.

For details of how the login profiles are determined, see the LDAP login authority, the Active Directory login authority or web server/third party authentication.

When you create person objects as login profiles:

You don't need to mirror your entire LDAP organization in ENS, only as much of the structure as you need.
Inherit as much as possible from other objects in the organizational hierarchy.
Only create person objects for individual users if you really have to.

Example

Indigo Insurance has five departments: IT, Sales, Marketing, Finance, and Administration
It has a flat organizational hierarchy.
The Finance and Marketing departments need different webtop content to the other departments.
Sid Cerise in the Finance department also wants access to the Cust-o-dat application but no-one else in Finance is allowed to access it.

To give users the webtops they need, you could create the following objects in the organizational hierarchy:

Microsoft Active Directory
LDAP paths	cn=Finance,dc=indigo-insurance,dc=com cn=Marketing,dc=indigo-insurance,dc=com cn=Sid Cerise,cn=Finance,dc=indigo-insurance,dc=com
Object Manager hierarchy
Notes	You must use domain component and Active Directory container objects to mirror your LDAP organization.
Sun™ ONE Directory Server
LDAP paths	ou=Finance,o=indigo-insurance.com ou=Marketing,o=indigo-insurance.com uid=Sid Cerise,ou=Finance,o=indigo-insurance.com
Object Manager hierarchy
Notes	You must create the person object using a `uid=` prefix. Use BACKSPACE to delete the Secure Global Desktop default `cn=` prefix for person objects and then type `uid=`. You can only do this when you create the object. Once the object has been created, you cannot amend the `cn=` part of the name.

With this organizational hierarchy:

Sid Cerise receives the webtop defined for his person object. He also inherits webtop content and other settings from parent OU objects in the organizational hierarchy.
Users in the Finance and Marketing departments receive the webtop defined for the Finance and Marketing cn=LDAP Profile objects. They also inherit webtop content and other settings from parent OU objects in the organizational hierarchy.
All other users receive the webtop and other settings defined for the o=tarantella System Objects/cn=LDAP Profile object.

Related topics
Which LDAP directory servers are supported? The LDAP login authority The Active Directory login authority Web server/third party authentication Using Directory Services Integration Can I deny an LDAP user access to Secure Global Desktop?