This article describes how to allow Active Directory users to log on to NetScaler with Active Directory credentials and have appropriate privileges assigned to manage the NetScaler.

Instructions

Add Authentication Server

To add an authentication server, complete the following procedure from the graphical user interface of NetScaler:

1. Click System > Authentication > LDAP > Servers > Add.

   You can then configure the parameters for the LDAP server in the Create Authentication dialog box, as shown in the following screen shot:
   
   

2. Specify the required information to define the LDAP Server.
   The required fields are:

   • Name* - Name of the server.

   • Authentication Type - The authentication type, in this scenario is LDAP.

   • Server – The IP address and TCP port used by the LDAP server.

   • Base DN – The base, or node from where the ldapsearch should start.

   • Bind DN – The full distinguished name that is used to bind to the LDAP server.

   • Bind DN Password – The password for the Bind DN account.

   • Confirm Bind DN Password – The password for the Bind DN account.

   • Login Name – The name attribute used by the NetScaler appliance to query the external LDAP server or an Active Directory.

   • Search Filter – The string to be combined with the default LDAP user search string to form the value.

   • Group Attribute Name – The Attribute name for group extraction from LDAP server.

   • Sub Attribute Name – The Sub Attribute name for group extraction from LDAP server.

   • Security Type – Select Plaintext for non-secure LDAP communication or select TLS or SSL for secure LDAP communication.

3. Click Create.  

4. Click the Policies tab, then click the Add button:

   

5. Enter a name for the policy, select the server that you created in steps 2 and 3 from the drop-down menu.

6. In the Expression text field, type ns_true, then click Create:

   

7. Click the policy that you just created to select it, then click the Global Bindings button:

   

8. Select the policy that you previously created from the drop-down menu, then click the Select button:

   

9. Click Bind, then click Done.

Create Group

1. Click System > User Administration > Groups > Add:

   

2. Type the group name, which must exactly match the name of the Active Directory group, as configured in Active Directory Users and Computers on the server. This group name is that one that you would like to allow access to the NetScaler.  
   Click the Insert button in the Command Policies section:

   

3. Select the appropriate policy that corresponds to the privilege level that you want to assign to the group.  
   In this example, superuser is selected.  
   Click the Insert button:

   

4. Click Create.

5. You should now be able to log into the NetScaler with the users assigned in Active Directory to the group that you just created on the NetScaler, and they should have the privilege level that you have assigned to them.

Sample LDAP Search Filter

In this article we have created an OU named Citrix Test, and in that OU, there is a group named Citrix Admins, and the users are located within that group. On the NetScaler, use the following search filter:  memberOf=CN=Citrix Admins,OU=Citrix Test,DC=JKlab,DC=com.