Active Directory Integration

Here, find instructions on how to integrate users from an Active Directory into the openthinclient Manager.

The Manager then makes the users and user groups from Active Directory available, so that administrators can assign applications, devices, hardware types, and so on to them. After integration, users can log in directly to the openthinclient OS with their Active Directory username and password.

Necessity of Active Directory Integration

In most cases, the system functions effectively without a connection to Active Directory.

Typical use cases for openthinclient are described in these articles:

Useful applications of Active Directory integration include:

Users often switch between multiple VDI applications. With single sign-on and Active Directory integration, users only need to log in once, when starting the thin client.
Users switch freely between different workstations and have multiple user-specific applications assigned to them. Here, too, use Single Sign-On.

Configure in Basic Settings and Locations.

Establish the connection to Active Directory in either the Basic Settings or the Locations.

If a connection to Active Directory has been configured in the basic settings, its users and user groups are displayed in the openthinclient Manager.

Configuration at the location overrides the corresponding configuration in the basic settings. Users and groups from an Active Directory connected only via a location appear exclusively in the openthinclient Manager when accessing that location.

Set up a connection to Active Directory

1. Open the Basic Settings (bottom left) or, alternatively, open a location.

2. Enter the LDAP data under Active Directory Connection (see Determining the LDAP Information).

3. Enable the connection to AD in the Use AD for Users and Groups setting

4. Review the changes and click Save.

After applying the changes, Active Directory users appear in the openthinclient Manager under Users.

Determining the LDAP Information

LDAP URL

The required LDAP URL consists of three parts:

Protocol prefix ldap://
Server address, example: office.openthinclient.local
BaseDN, example: ou=office,dc=openthinclient,dc=local

Example: ldap://office.openthinclient.local/ou=office,dc=openthinclient,dc=local

To determine a user's BaseDN and LDAP path, use the Microsoft tool dsquery Use the Microsoft tool on the domain controller.

Example:

C:\> dsquery user -name *Schmidt* "CN=Uwe Schmidt,OU=Users,OU=office,DC=openthinclient,DC=local"

Customize the attribute for the username — login name

There're several useful options for Active Directory:

Username attribute	Value in Active Directory	Example
`sAMAccountName`	Right-hand field of "User login name (Pre-Windows 2000)"	`uschmidt`
`userPrinicipalName`	User logon name	`uschmidt@openthinclient.local`
`name`	Name in the list of all users	`Uwe Schmidt`

User ID

For the user ID of the login credentials for read access, use either the userPrincipalName (e.g., ldapquery@openthinclient.local) or the distinguishedName (e.g. CN=Read Only,OU=Users,OU=offic,DC=openthinclient,DC=local) can be used.

Audio

Browser

Citrix Client

Desktop

Evidian Authentication Manager

FreeRDP

Horizon Client

Command Line

localboot

localboot Installation USB Drive

OpenVPN Client

Remote Connection (VNC)

VNC Viewer

Thin client Login

Display

Keyboard

Graphics Card Drivers

Persistent Home Directory

Touchscreen Calibration

USB Permissions

CUPS Client

Print Server Emulation (Similar to HP PrintJet)

Print