Mike_Ho
Sep 02, 2008Cirrus
Dynamic group mapping via LDAP groups AND URI landings
I want to offer several service levels on my Firepass. In fact I do currently but each to different audiences. I currently define levels of service with Master Groups linked to the specific resource groups they are related to. I now want users to access a given resource group by using landing URIs. An example:
Customer Bob connects to https://mysite/vpn and a master group mapping entry (the first in the list) identifies that Bob is in the LDAP group allowing access to the master group configured to allow access on the URI landing /vpn.
I ALSO want Bob to be able to connect to https://mysite/ and be served a webmail webtop, even though he is authorized to obtain more privilege if he connects via the /vpn landing, and this doesn't work for me.
At first I assumed (hoped) that by defining a master group for the VPN access and then relying on a fallback master group setting to provide the webmail webtop, that everything would work ok. It doesn't seem to work that way. When I do an LDAP (group object) lookup in the master group mapping table it does not appear to take the landing URI into consideration until after the group has been mapped and then the group says "hey, I'm only accessible from the /vpn landing and that's not what this user requested."
It seems that for me one solution would be to have a master group mapping comprised of LDAP (group object) AND URI Landing. That way I could say user Alice on landing /vpn gets this master group, whereas Alice on landing / gets this other master group.
I am probably missing another way to configure what I'm looking for and I just haven't found it yet. Ideas?
I did see that I can configure a resource mapping table in the master group configuration, but I don't see a way to launch a webtop based on a given resource mapping like you can with master group web application intranet webtops mappings.
Firepass 6.0.2