Add LDAP authentication server

When you integrate LDAP protocol with RADIUS and TACAS authentication servers, you can use Citrix ADM to search and authenticate user credentials from distributed directories.

  1. Navigate to System > Authentication.

  2. Select the LDAP tab and then click Add.

  3. On the Create LDAP Server page, specify the following parameters:

    1. Name – Specify the LDAP server name

    2. Server Name/IP address – Specify the LDAP IP address or server name

    3. Security Type – Type of communication required between the system and the LDAP server. Select from the list. If plain text communication is inadequate, you can choose encrypted communication by selecting either Transport Layer Security (TLS) or SSL

    4. Port – By default, port 389 is used for PLAINTEXT. You can also specify port 636 for SSL/TSL

    5. Server Type – Select Active Directory (AD) or Novell Directory Service (NDS) as the type of LDAP server

    6. Time-out (seconds) – Time in seconds for which the Citrix ADM system waits for a response from the LDAP server

    7. LDAP Host Name – Select Validate LDAP Certificate check box and specifying the host name to be entered on the certificate

      Clear the Authentication option and specify the SSH Public Key. With key-based authentication, you can fetch the list of public keys stored on the user object. These public keys are stored in LDAP server through SSH.

      LDAP

      Under Connection Settings, specify the following parameters:

      1. Base DN – The base node for LDAP server to start the search

      2. Administrator Bind DN – User name to it bind to LDAP server. For example, admin@aaa.local.

      3. Bind DN password – Select this option to provide a password for authentication

      4. Enable Change Password – Select this option to enable password change

        LDAP

      Under Other Settings, specify the following parameters

      1. Server Log on Name Attribute – Name attribute used by the system to query the external LDAP server or an Active Directory. Select samAccountname from the list.

      2. Search Filter – Configure external users for two-factor authentication according to the search filter configured in LDAP server. For example, vpnallowed=true with ldaploginame samaccount and the user-supplied user name bob would yield an LDAP search string of: (&(vpnallowed=true)(samaccount=bob).

      3. Group Attribute – Select memberOf from the list.

      4. Sub Attribute Name – The Sub attribute name for group extraction from the LDAP server.

      5. Default Authentication Group – Default group to choose when the authentication succeeds in addition to extracted groups.

        LDAP

  4. Click Create.

    The LDAP server is now configured.

    Note

    If the users are Active Directory group members, the group and the users’ names on Citrix ADM must have the same names of Active Directory group members.