Configuring the Active Directory for Cloud Access Connector
Teradici recommends having a single Active Directory configuration for a single deployment, which means all Connectors within that deployment should be configured to the same AD. If you want to have multiple Connectors with different Active Directory settings then you need to ensure that each Connector belongs to a separate deployment. If you create two Connectors that are associated with the same deployment then both will use the same Active Directory sync settings, and the configuration of the last Connector created will take precedence.
Configuring User and Computer Active Directory Distinguished Names¶
The Connector can optionally be configured to use specific Distinguished Names (DNs) when querying Active Directory for users and computers. This has been extended to be available when running the update command in addition to the install command.
The following is an example of the DN string format: CN=CASM Admins,CN=Users,DC=example,DC=com.
You can also configure the frequency at which the Connector syncs this data with the CASM service, as outlined in the following table:
| Flag | Type | Description |
|---|---|---|
--users-dn |
String | The base DN to search for users within Active Directory. This option may be specified multiple times to provide multiple DNs. |
--computers-dn |
String | The base DN to search for computers within Active Directory. This option may be specified multiple times to provide multiple DNs. |
--sync-interval |
String | The interval time in minutes for how often to sync Active Directory users and computers with the CASM service. It must be at least five minutes. |
--users-filter |
String | The filter to search for users within Active Directory. Specify multiple filters with multiple options. Default user filter: (&(objectCategory=person)(objectClass=user)). An example for a user group filter: (&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=PCoIP Users Group,CN=Users,DC=example,DC=com)). |
--computers-filter |
String | The filter to search for computers within Active Directory. Specify multiple filters with multiple options. Default computer filter: (&(primaryGroupID=515)(objectCategory=computer)). |
These flags outlined are optional and may be provided with the install or update commands. If you are updating a Connector you only need to provide these flags if you want to changing the DN settings associated with that Connector. If you do not add these flags when performing an update then the Connector will retain the same settings.
You can reset user or computer DNs to their default values by providing an explicit DN with a wider scope than the original DN used.
Configuring Active Directory Pool Groups¶
A set of command line flags enables users to update Active Directory pool groups. These flags apply changes to the Active Directory settings of the Connector.
By providing the following flags the appropriate update gets applied to the Connector settings. If no command-line option is provided, the Connector will display all available options for this operation.
| Flag | Type | Description |
|---|---|---|
--cam-insecure |
String | Skips certificate validation when connecting to CAS Manager as a Service. This option should only be used when connecting to CAS Manager as a Service deployed with self-signed certificates. |
--add-pool-group |
String | Adds specified Active Directory group to the existing pool group settings. By providing all the existing pools groups in the Connector, settings would get replaced by the user specified ones. |
--remove-pool-group |
String | Removes specified pool Active Directory group by its DN. |
--clear-pools-groups |
String | Clears all pools Active Directory groups. This operation is exclusive and cannot be combined with --remove-pool-group or --add-pool-group. |
--get-cam-settings |
String | Prints all CAS Manager as a Service settings to Admin console. |