

Configuring the Active Directory

Teradici recommends having a single AD configuration for a single deployment, which means all Cloud Access Connectors within that deployment should be configured to the same AD. If you want to have multiple Cloud Access Connectors with different Active Directory settings then you need to ensure that each Cloud Access Connector belongs to a separate deployment. If you create two Cloud Access Connectors that are associated with the same deployment then both will use the same Active Directory sync settings, and the configuration of the last Cloud Access Connector created will take precedence.

Configuring User and Computer Active Directory Distinguished Names¶

The Cloud Access Connector can optionally be configured to use specific Distinguished Names (DNs) when querying Active Directory for users and computers. This has been extended to be available when running the update command in addition to the install command.

The following is an example of the DN string format: CN=CAM Admins,CN=Users,DC=example,DC=com. You can also configure the frequency at which the Cloud Access Connector syncs this data with the CAM service, as outlined in the following table:

Flag	Type	Description
`--users-dn`	String	The base DN to search for users within Active Directory. This option may be specified multiple times to provide multiple DNs.
`--computers-dn`	String	The base DN to search for computers within Active Directory. This option may be specified multiple times to provide multiple DNs.
`--sync-interval`	String	The interval time in minutes for how often to sync Active Directory users and computers with the CAM service. It must be at least five minutes.
`--users-filter`	String	The filter to search for users within Active Directory. Specify multiple filters with multiple options. Default user filter: (&(objectCategory=person)(objectClass=user)). An example for a user group filter: (&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=PCoIP Users Group,CN=Users,DC=example,DC=com)).
`--computers-filter`	String	The filter to search for computers within Active Directory. Specify multiple filters with multiple options. Default computer filter: (&(primaryGroupID=515)(objectCategory=computer)).

These flags outlined are optional and may be provided with the install or update commands. If you are updating a Cloud Access Connector you only need to provide these flags if you want to changing the DN settings associated with that Cloud Access Connector. If you do not add these flags when performing an update then the Cloud Access Connector will retain the same settings.

You can reset user or computer DNs to their default values by providing an explicit DN with a wider scope than the original DN used.

Configuring Active Directory Pool Groups¶

A set of command line flags enables users to update Active Directory pool groups. These flags apply changes to the Active Directory settings of the Cloud Access Connector.

By providing the following flags the appropriate update gets applied to the Cloud Access Connector settings. If no command-line option is provided, the Cloud Access Connector will display all available options for this operation.

Flag	Type	Description
`--cam-insecure`	String	Skips certificate validation when connecting to Cloud Access Manager. This option should only be used when connecting to Cloud Access Manager deployed with self-signed certificates.
`--add-pool-group`	String	Adds specified Active Directory group to the existing pool group settings. By providing all the existing pools groups in the Cloud Access Connector, settings would get replaced by the user specified ones.
`--remove-pool-group`	String	Removes specified pool Active Directory group by its DN.
`--clear-pools-groups`	String	Clears all pools Active Directory groups. This operation is exclusive and cannot be combined with `--remove-pool-group` or `--add-pool-group`.
`--get-cam-settings`	String	Prints all Cloud Access Manager settings to Cloud Access Manager Admin console.