Environment
Novell SecureLogin
NSL6.x
NSL7sp1
eDir data store
LDAP GINA Mode
Situation
LDAPAuth gina does not echo eDir usernames into the windows login.
NSL-LDAP GINA keeps name of last logged in user in the Windows user field.
User must enter Windows user name after entering LDAP / eDir user name.
The Novell Client for Windows echos the user name entered for the eDirectory login into the username window for the Windows login.
Desire is to have the NSL-LDAP GINA behave more like the Novell Client for Windows.
Resolution
Fixed in NSL7.0.2 or later.
Workaround for earlier versions of SecureLogin:
Install SecureLogin in LDAP Application mode (LDAP install option "When SecureLogin Starts") instead of in LDAP GINA mode (option "Before Logging into Windows). LDAP - Application mode was designed for shared workstation environments. Enhancement request has been entered suggesting that the NSL-LDAP client be made to behave more like the Novell Client for Windows, by having the same name that the user types in the eDirectory user field show in the Windows user name field.
Additional Information
The typical implementation of SecureLogin in LDAP / Application mode is designed for shared workstations. The workstation remains logged in as the same generic Windows user all day. Users log in and out of eDirectory, switching eDir and SecureLogin users, through the NSL-LDAP GINA, but not changing the Windows user.
Because the Windows user does not change, eDirectory / SecureLogin users can be changed without logging in and out of Windows. This reduces login time to a matter of seconds. Adding DAS to the mix and using it to automate the login / logout hide / show desktop operations adds additional security.
Because the Windows user does not change, eDirectory / SecureLogin users can be changed without logging in and out of Windows. This reduces login time to a matter of seconds. Adding DAS to the mix and using it to automate the login / logout hide / show desktop operations adds additional security.