Skip to main content

Active Directory Integration

TranslationHere, pending.find instructions on how to integrate users from an Active Directory into the openthinclient Manager.

The Manager then makes the users and user groups from Active Directory available, so that administrators can assign applications, devices, hardware types, and so on to them. After integration, users can log in directly to the openthinclient OS with their Active Directory username and password.

Necessity of Active Directory Integration

In most cases, the system functions effectively without a connection to Active Directory.

Typical use cases for openthinclient are described in these articles:

    Citrix — Quickstart Guide FreeRDP Quickstart Guide

    Useful applications of Active Directory integration include:

      Users often switch between multiple VDI applications. With single sign-on and Active Directory integration, users only need to log in once, when starting the thin client. Users switch freely between different workstations and have multiple user-specific applications assigned to them. Here, too, use Single Sign-On.

      Configure in Basic Settings and Locations.

      Establish the connection to Active Directory in either the Basic Settings or the Locations.

      If a connection to Active Directory has been configured in the basic settings, its users and user groups are displayed in the openthinclient Manager.

      Configuration at the location overrides the corresponding configuration in the basic settings. Users and groups from an Active Directory connected only via a location appear exclusively in the openthinclient Manager when accessing that location.

      Set up a connection to Active Directory

      1. Open the Basic Settings (bottom left) or, alternatively, open a location.

      2. Enter the LDAP data under Active Directory Connection (see Determining the LDAP Information).

      3. Enable the connection to AD in the Use AD for Users and Groups setting

      4. Review the changes and click Save.

      After applying the changes, Active Directory users appear in the openthinclient Manager under Users.

      Determining the LDAP Information

      LDAP URL
      The required LDAP URL consists of three parts:
        Protocol prefix ldap:// Server address, example: office.openthinclient.local BaseDN, example: ou=office,dc=openthinclient,dc=local

        Example: ldap://office.openthinclient.local/ou=office,dc=openthinclient,dc=local

        To determine a user's BaseDN and LDAP path, use the Microsoft tool dsquery Use the Microsoft tool on the domain controller.

        Example:

         C:\> dsquery user -name *Schmidt* "CN=Uwe Schmidt,OU=Users,OU=office,DC=openthinclient,DC=local"

        Customize the attribute for the username — login name

        There're several useful options for Active Directory:

        Username attribute Value in Active Directory Example sAMAccountName Right-hand field of "User login name (Pre-Windows 2000)"
        uschmidt userPrinicipalName User logon name uschmidt@openthinclient.local name Name in the list of all users Uwe Schmidt
        User ID

        For the user ID of the login credentials for read access, use either the userPrincipalName (e.g., ldapquery@openthinclient.local) or the distinguishedName (e.g. CN=Read Only,OU=Users,OU=offic,DC=openthinclient,DC=local) can be used.

        Back to top