Configuring the Active Directory for Anyware Connector
We recommend having a single Active Directory configuration for a single deployment, which means all Anyware Connectors within that deployment should be configured to the same AD. If you want to have multiple Anyware Connectors with different Active Directory settings then you need to ensure that each Anyware Connector belongs to a separate deployment. If you create two Anyware Connectors that are associated with the same deployment then both will use the same Active Directory sync settings, and the configuration of the last Anyware Connector created will take precedence.
Configuring User and Computer Active Directory Distinguished Names¶
The Anyware Connector can optionally be configured to use specific Distinguished Names (DNs) when querying Active Directory for users and computers. This has been extended to be available when running the update command in addition to the install command.
The following is an example of the DN string format: CN=CASM Admins,CN=Users,DC=example,DC=com.
You can also configure the frequency at which the Anyware Connector syncs this data with the AWM service, as outlined in the following table:
| Flag | Type | Description |
|---|---|---|
--users-dn |
String | The base DN to search for users within Active Directory. This option may be specified multiple times to provide multiple DNs. |
--computers-dn |
String | The base DN to search for computers within Active Directory. This option may be specified multiple times to provide multiple DNs. |
--sync-interval |
String | The interval time in minutes for how often to sync Active Directory users and computers with the AWM service. It must be at least five minutes. |
--users-filter |
String | The filter to search for users within Active Directory. Specify multiple filters with multiple options. Default user filter: (&(objectCategory=person)(objectClass=user)). An example for a user group filter: (&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=PCoIP Users Group,CN=Users,DC=example,DC=com)). |
--computers-filter |
String | The filter to search for computers within Active Directory. Specify multiple filters with multiple options. Default computer filter: (&(primaryGroupID=515)(objectCategory=computer)). |
These flags outlined are optional and may be provided with the install or update commands. If you are updating a Anyware Connector you only need to provide these flags if you want to changing the DN settings associated with that Anyware Connector. If you do not add these flags when performing an update then the Anyware Connector will retain the same settings.
You can reset user or computer DNs to their default values by providing an explicit DN with a wider scope than the original DN used.
Configuring Active Directory Pool Groups¶
A set of command line flags enables users to update Active Directory pool groups. These flags apply changes to the Active Directory settings of the Anyware Connector.
By providing the following flags the appropriate update gets applied to the Anyware Connector settings. If no command-line option is provided, the Anyware Connector will display all available options for this operation.
| Flag | Type | Description |
|---|---|---|
--cam-insecure |
String | Skips certificate validation when connecting to Anyware Manager as a Service. This option should only be used when connecting to Anyware Manager as a Service deployed with self-signed certificates. |
--add-pool-group |
String | Adds specified Active Directory group to the existing pool group settings. By providing all the existing pools groups in the Anyware Connector, settings would get replaced by the user specified ones. |
--remove-pool-group |
String | Removes specified pool Active Directory group by its DN. |
--clear-pools-groups |
String | Clears all pools Active Directory groups. This operation is exclusive and cannot be combined with --remove-pool-group or --add-pool-group. |
--get-cam-settings |
String | Prints all Anyware Manager as a Service settings to Admin console. |