Add LDAP authentication server 编辑

When you integrate LDAP protocol with RADIUS and TACAS authentication servers, you can use ADM to search and authenticate user credentials from distributed directories.

1. Navigate to System > Authentication.

2. Select the LDAP tab and then click Add.

3. On the Create LDAP Server page, specify the following parameters:

   1. Name – Specify the LDAP server name

   2. Server Name/IP address – Specify the LDAP IP address or server name

   3. Security Type – Type of communication required between the system and the LDAP server. Select from the list. If plain text communication is inadequate, you can choose encrypted communication by selecting either Transport Layer Security (TLS) or SSL

   4. Port – By default, port 389 is used for PLAINTEXT. You can also specify port 636 for SSL/TLS

   5. Server Type – Select Active Directory (AD) or Novell Directory Service (NDS) as the type of LDAP server

   6. Time-out (seconds) – Time in seconds for which the Citrix ADM system waits for a response from the LDAP server

   7. LDAP Host Name – Select Validate LDAP Certificate check box and specifying the host name to be entered on the certificate

      Clear the Authentication option and specify the SSH Public Key. With key-based authentication, you can now fetch the list of public keys that are stored on the user object in LDAP server through SSH.

      

      Under Connection Settings, specify the following parameters:

      1. Base DN – The base node for LDAP server to start the search

      2. Administrator Bind DN – User name to it bind to LDAP server. For example, admin@aaa.local.

      3. Bind DN password – Select this option to provide a password for authentication

      4. Enable Change Password – Select this option to enable password change

         

      Under Other Settings, specify the following parameters

      1. Server Log on Name Attribute – Name attribute used by the system to query the external LDAP server or an Active Directory. Select samAccountname from the list.

      2. Search Filter – Configure external users for two-factor authentication according to the search filter configured in LDAP server. For example, vpnallowed=true with ldaploginame samaccount and the user-supplied user name bob would yield an LDAP search string of: &(vpnallowed=true)(samaccount=bob).

         Note

         By default, the values in the search filter are enclosed in brackets.

      3. Group Attribute – Select memberOf from the list.

      4. Sub Attribute Name – The Sub attribute name for group extraction from the LDAP server.

      5. Default Authentication Group – Default group to choose when the authentication succeeds in addition to extracted groups.

         

4. Click Create.

   The LDAP server is now configured.

   Note

   If the users are Active Directory group members, the group and the users’ names on Citrix ADM must have the same names of Active Directory group members.