Use one of the following methods to add LDAP users:
Create an LDAP user—Applicable to scenarios where a single user or a few number of users will be added.
Import LDAP users—Applicable to scenarios where a large number of users will be added in a short time. For example, use this method to import all user information to a newly deployed VDI environment.
From the navigation pane, select Users > LDAP Users.
On the Users tab of the Overview page, the page of an OU, or the page of a user group, click Create.
Configure basic parameters for the user, and then click Next: Extension.
Configure extended parameters for the user, and then click Next: Confirm Configuration.
Verify that the configuration is correct.
Click OK.
LDAP Server: Select a common LDAP authentication server. The user account information of the LDAP user will be synchronized to the selected server.
User Type: Select a user type. Options include Common, Student, and Faculty. This parameter is available only in an education scenario or in an office-education hybrid scenario. The office user type is available only in a hybrid scenario. Student users can log in to the student desktop client and faculty users can log in to the teacher desktop client.
Login Name: Account used by the user to log in to the desktop client. The value is a string of up to 20 characters.
User Name: Name of the local user. In an education scenario, the value is the name of a student if the user type is student and the name of a teacher if the user type is faculty.
Login Password: Password used by the user to log in to the client. The password must be longer than six characters. As a best practice to enhance password security, enter a password that contains a minimum of three character types from uppercase letters, lowercase letter, digits, and special characters.
Confirm: Enter the login password again to confirm it.
User Group: User group to which the user belongs. A student user can belong only to one user group of the class type. Other types of users each can belong to multiple user groups.
Access Policies: Access policies used to restrict the time when the user can access a cloud desktop or course desktop and the IP address used by the user to access the desktop. Configure this parameter if a user account is required for login.
OU: Organization unit to which the LDAP user belongs on the general LDAP authentication server.
Status: Enabled by default. If this option is disabled, the user cannot log in to the client or the user self-service system.
Private Disk: Whether to enable private disk for the user. If you enable private disk for the user, you must set the private disk size. Configure the enabling status of private disk and the private disk size with caution. These parameters cannot be modified after the user is created. For more information about private disk configuration, see private disk settings in "Configure advanced parameters." With private disk enabled, the user can attach its private disk to its cloud desktop regardless if its endpoint. After the user logs in to the desktop, it can open the private disk tray in the lower-right corner of the desktop to attach its private disk to the desktop. Data in the private disk can survive a desktop reboot or power off.
QuantumCTek Auth: Select whether to enable QuantumCTek authentication. When QuantumCTek authentication is enabled, the user must bind a USB key provided by QuantumCTek for login authentication when it logs in to the client installed on a Windows endpoint through its username and a password. The user can log in to the client only after it binds to the USB key successfully. Before enabling QuantumCTek authentication, you must configure QuantumCTek authentication parameters on the System > Security > QuantumCTek Auth page. QuantumCTek authentication is supported only by VDI clients.
Third-Party Login: Select whether to enable third-party login. After you enable third-party login, a user can log in through SMS, DingTalk verification code and QR code, WeCom verification code and QR code. Third-party login is supported only by VDI clients.
Phone: Phone number of the user. As a best practice, configure this parameter if SMS authentication is enabled.
Gender: Select the user gender, male or female. This parameter is available for a student user or a faculty user.
Age: Specify the age of the user.
Organization: Specify the organization of the user.
Department: Specify the department of the user.
Date of Hire: Specify the date when the user was hired.
Identity Number: Identity number of the user. For example, you can enter the identity number on the user's identity card or passport. The identity number is a string of up to 32 characters.
Email: Email address of the user, which is a string of up to 256 characters. The value must be in standard format, for example, [email protected].
Address: Contact address of the user.
Bind Endpoint IP Address: Specify the endpoint IP addresses that can be used by the user to connect to the cloud desktop. You can enter an IP address or a hyphenated IP address range in each line. If you do not specify an IP address or IP address range, the user can use any endpoint IP address to connect to the cloud desktop.
Bind Endpoint MAC Address: Select whether to bind endpoint MAC addresses to the user. The user can use only the bound endpoint MAC addresses to access the desktop. To allow the user to use the endpoint MAC address at the first login to access the desktop, select Bind First-Login MAC Address. You do not need to enter the first-login MAC address. To bind other endpoint MAC addresses to the user, you must manually enter the MAC addresses. You can enter a MAC address in each line.
Expire At: Expiration time of the user. The Space Console will delete the user when it expires. If this field is empty, the user will never expire.
As a best practice, download the LDAP user template file, add LDAP user information to the template file, and then upload the file back to the Space Console.
From the navigation pane, select Users > LDAP Users.
On the Users tab of the Overview page, the page of an OU, or the page of a user group, click Import.
Click Download Template and add LDAP user information to the downloaded template file.
Upload the file back to the Space Console and configure other import parameters.
Click Next: Preview.
Verify that the configuration is correct.
Click OK.
Import Method: Options are Add and Modify. If you select Modify, modifications to the user expiration time, description, and contact address are synchronized to the LDAP server. Modifications to other parameters are synchronized to the local database.
Import File: Upload the file that contains LDAP user information. The encoding format of the file must be GBK.
Delimiter: By default, the value is a comma (,). The value is not user configurable.
LDAP: Select a general-purpose LDAP authentication server. The successfully imported user accounts will be automatically sent to the selected LDAP server.
User Group: Select a method to assign the imported users to user groups. The following options are available:
Import—To import user groups in the file and assign the users to the user groups, select this option. If a user group does not exist on the Space Console, the Space Console will create that user group and import the corresponding users to that user group.
Existing Group—To assign the users to one or multiple existing user groups on the Space Console, select this option.
Create—To create a user group and assign the users to the user group, select this option.
Specify User Type: Select a user type. The following options are available:
Import—To import the user type of each user in the file, select this option.
Existing Type—To specify a user type for all imported users, select this option.
Select a column in the file for each user parameter. The column selected for a parameter must be the same as the column of that parameter in the file.
From the navigation pane, select Users > LDAP Users.
On the User Groups tab of the Overview page or the page of an OU, click Create.
In the dialog box that opens, configure LDAP user group parameters.
Click OK.
LDAP Server: Select a general-purpose LDAP authentication server. The successfully imported user accounts will be automatically sent to the selected LDAP server.
Parent Group: Parent group of the LDAP user group. If the parent group is the root group, the value for this field is a slash (/).
Group Name: Name of the LDAP user group.
Access Policy: Select an access policy to limit user access to cloud desktops or course desktops by time and IP address.
Class Or Not: Select whether the LDAP user group is a class. If the group is a class, you must select a grade level for the class. This parameter is available only in an education scenario or in an office-education hybrid scenario.
Grade Level: Grade level of the class. You can create a grade level in the Manage Grade Levels dialog box. This parameter is available only in an education scenario or in an office-education hybrid scenario.
OU: Organization unit (OU) to which the user group belongs on a general LDAP server. After you select an OU, you must select users added to this user group.
In the current software version, ARM hosts do not support grade level management.
From the navigation pane, select Users > LDAP Users.
Click Manage Grade Levels in the upper-right corner of the page.
Click Create.
In the dialog box that opens, configure the grade level name and the lower-level grade.
Click OK.
The new grade level is displayed in the Manage Grade Levels dialog box.
Grade Level Name: Name of the grade level. The value can contain only letters, Chinese characters, digits, underscores (_), and hyphens (-), and it cannot contain an at sign (@) or pound sign (#).
Lower-Level Grade: Grade level lower than the current grade level. The lower-level grade can be upgraded to the current grade level.
From the navigation pane, select Users > LDAP Users.
Click Manage Grade Levels in the upper-right corner of the page.
Click Delete in the Actions column for the target grade level.