Product Documentation

Creating an LDAP Connection to a User Directory

Dec 21, 2015

From the Options dialog box in Device Manager, you can perform the following actions for LDAP connections:

  • Create a new LDAP connection.
  • Edit an existing connection.
  • Set the default LDAP connection.
  • Activate or deactivate an LDAP connection.
  1. To create a new LDAP connection, click New.
  2. Select which type of directory (LDAP or LDAPS).
  3. If you chose an LDAPS connection, enter the required parameters and then click Import.
  4. After the SSL Certificate is successfully imported, click Next.
  5. Define the connection parameters.

    Make sure that the Search user Service Account has the following rights granted to it:

    • READALLUSERINFORMATION
    • READALLNETWORKPERSON
    Note: In the lockout limit field, the default is set to zero. However, Citrix recommends using a higher value, as well as a value that is slightly lower than the lockout limit set on your LDAP server. For example, if your LDAP server is configured to a limit of five attempts before lockout, Citrix suggests that you enter a 4 or a 3 in this field.
  6. Click Check to test the connection with the LDAP or LDAPS directory. If the connection check with the directory is successful, the following message appears: LDAP directory binding successful.
  7. Click OK and then click Next to map the directory attributes to the Device Manager Repository database. You can leave that step as it is and Device Manager will automatically bind the default fields.
  8. Click Next to define the mapping between the LDAP groups and Device Manager roles. To add a new group, press Add a group. Select a group and define the role you want to give to that LDAP group.
    Note: Unlike the process for creating groups within the web console in a standalone manner in which roles are given to users, here roles are given to an LDAP group.
  9. Specify which LDAP or LDAPS directory groups are imported in the Device Manager Repository database and then click Next. A window appears summarizing the directory connection configuration.
  10. Click Finish to save the parameters in the Device Manager database.