You can set up an OpenLDAP server and use the pass-through authentication (PTA) mechanism to verify the user credentials against Active Directory.
OpenLDAP Pass-through Authentication supports integration with Active Directory for desktops running any Linux distribution supported by Horizon Agent.
Note: For OpenLDAP Pass-through Authentication, you can perform the configuration in a template virtual machine. No additional steps are required in the cloned virtual machines.
At a high level, the OpenLDAP Pass-through Authentication solution involves the following steps.
Procedure
- To enable LDAPS (Lightweight Directory Access Protocol over SSL), install Certificate Services on the Active Directory.
- Set up an OpenLDAP server.
- Synchronize user information (except password) from the Active Directory to the OpenLDAP server.
- Configure the OpenLDAP server to delegate password verification to a separate process such as saslauthd, which can perform password verification against the Active Directory.
- Configure the Linux virtual machines to use an LDAP client to authenticate users with the OpenLDAP server.