Shulou(Shulou.com)06/01 Report--

NetScaler combined with AD restricts user access to cloud desktops

-LDAP configuration

I. background

Among XenDesktop cloud desktop delivery platforms, NetScaler is the most common security gateway used for public network delivery of cloud desktops. In many cases, customers 'access to the cloud desktop public network also has public network bandwidth and information security considerations, so they hope that the cloud desktop public network access can be restricted and specified for special personnel to have access.

II. principle

When a user types credentials on the login page of the NetScaler Gateway virtual server and presses Enter, NetScaler first searches Active Directory (LDAP) for the entered username. If an LDAP search filter is not defined in the LDAP policy/server, NetScaler searches all Active Directory user names for a match. When a match is found, NetScaler extracts the user's full distinguished name (DN) and authenticates Active Directory using the user's DN and password.

If an LDAP search filter is defined, only user names matching the LDAP search filter are searched for user name matches. For example, if the LDAP search filter is structured to search only for members of an Active Directory group, the username entered by the user must match the members of that group.

III. configuration steps

3.1 Go to AD and open Active Director Users and Computers

3.2 Click View to open "Advanced Features"

3.3 Right-click on the user groups allowed access and select Properties

3.4 Select the Attribute Editor and double-click DistinguishedName

3.5 Copy the value of an attribute

3.6 Log in to NetScaler's administration page and select NetScaler Gateway - Virtual Servers -

3.7 Select the virtual server on the right and click Edit;

3.8 Find LDAP Policy under Basic Authentication and click Configure

3.9 Select Edit Server from the Edit drop-down menu

3.10 Enter "memberof=CloudUsers,OU= Production Users, OU = Users,OU= Cloud Desktop Testing Platform,DC=home,DC=local" in the "Search Filter" box under Other Settings (note that "memberof="+"allows access to attribute values of user groups"), click ok, and save the configuration. This configuration is complete.

IV. Refer to KB link

https://support.citrix.com/article/CTX111079

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.