Manage LDAP users and groups

Use this feature to manage LDAP users and groups, including editing, deleting, and exporting LDAP users and groups, enabling or disabling third-party login, and setting the user expiration time.

Edit an LDAP user

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page, the page of an OU, or the page of a user group, click Edit in the Actions column for an LDAP user.

3. In the dialog box that opens, edit user parameters.

4. Click OK.

Delete LDAP users

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page, the page of an OU, or the page of a user group, use one of the following methods to delete LDAP users:

• Delete an LDAP user—Click Delete in the Actions column for the target LDAP user. In the dialog box that opens, click OK.

• Bulk delete LDAP users—Select multiple LDAP users and click More. Then, select Delete from the pop-up menu. In the dialog box that opens, click OK.

Edit the access policy for LDAP users or user groups

1. From the navigation pane, select Users > LDAP Users.

2. Select users or user groups, click More, and then click Edit Access Policy.

3. Select an access policy, and then click OK.

Add LDAP users to the denylist

The Denylist page displays the users added to the denylist.

To add LDAP users to the denylist:

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page, the page of an OU, or the page of a user group, select one or multiple LDAP users and click More. Then, select Add to Denylist from the pop-up menu.

3. In the dialog box that opens, click OK.

Move LDAP users between LDAP user groups

1. From the navigation pane, select Users > LDAP Users.

2. Select one or multiple users, click More, and then select Move User Group.

3. Select a user group, and then click OK.

Enable private disk

Only Windows and Kylin operating system VDI cloud desktops support private disks.

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page or the Users tab on the page of a user group, select one or multiple LDAP users and click More. Then, select Enable Private Disk from the pop-up menu.

3. In the dialog box that opens, set the private disk size. By default, the size is 10 GB.

4. Click OK.

Enable or disable third-party login

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page or the Users tab on the page of a user group, select one or multiple LDAP users and click More. Then, select Enable Third-Party Login or Disable Third-Party Login from the pop-up menu.

Enable or disable QuantumCTek authentication

Restrictions and guidelines

This feature is available only when QuantumCTek authentication is configured.

Procedure

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page or the Users tab on the page of a user group, select one or multiple LDAP users and click More. Then, select Enable QuantumCTek Auth or Disable QuantumCTek Auth from the pop-up menu.

Set the user expiration time

Perform this task to set the expiration time for users. If scheduled user clearing is disabled, the client displays an expiration reminder after a user expires. If scheduled user clearing is enabled, Space Console will delete the user when it expires.

Before setting the user expiration time, access the System > Advanced Settings > Server Configuration > Auth Server page, click Edit from the Actions column of an authentication server, and then enable Allow Server Data Update for the Security Control field.

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page, the page of an OU, or the page of a user group, select one or multiple LDAP users and click More. Then, select Set User Expiration Time from the pop-up menu.

3. In the dialog box that opens, set the user expiration time. If this field is empty, the users will never expire.

4. Click OK.

Configure scheduled user clearing

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page, the page of an OU, or the page of a user group, click More. Then, select Configure Scheduled User Clearing from the pop-up menu.

3. In the dialog box that opens, select whether to enable expired user clearing.

4. Click OK.

Set the user validity period

If a user has not logged in to the cloud desktop within the specified validity period, the user will be disabled. A user in disabled state cannot log in to the client or the self-service system.

To set the user validity period:

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page, the page of an OU, or the page of a user group, click More. Then, select Set User Validity Period from the pop-up menu.

3. In the dialog box that opens, set the user validity period. Value 0 indicates no user validity limit.

4. Click OK.

Reset LDAP user passwords

 

·          To reset LDAP user passwords, first access the System > Advanced Settings > Server Configuration > Auth Server page, click Edit from the Actions column of an authentication server, and then enable Allow Server Data Update for the Security Control field. For more information about server data update configuration, see "Configure authentication servers." ·          An LDAP user password reset operation takes effect immediately after being executed.

 

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page, the page of an OU, or the page of a user group, select one or multiple LDAP users and click More. Then, select Reset Password from the pop-up menu.

3. In the dialog box that opens, enter a new password and click OK.

Edit the user type (education scenario)

Restrictions and guidelines

You can change the user type to student for a user only if the group to which the user belongs is a class.

In the current software version, ARM hosts do not support editing the user type.

Procedure

1. From the navigation pane, select Users > LDAP Users.

2. On the Users tab of the Overview page, the page of an OU, or the page of a user group, select one or multiple LDAP users and click More. Then, select Edit User Type from the pop-up menu.

3. In the dialog box that opens, select a user type.

4. Click OK.

Edit an LDAP user group

1. From the navigation pane, select Users > LDAP Users.

2. Use one of the following methods to edit an LDAP user group:

• Edit an LDAP user group on the Overview page or on the page of an OU—(To enter the page of an OU, click the OU name.) On the User Groups tab, click Edit in the Actions column for the target LDAP user group. In the dialog box that opens, edit group parameters and click OK.

• Edit an LDAP user group on the page of the user group—Click the OU name to which the target LDAP user group belongs. On the page of the OU, click the User Groups tab. Then, click the name link of the target LDAP user group. On the page that opens, click Edit in the User Group Info area. In the dialog box that opens, edit group parameters and click OK.

Delete LDAP user groups

1. From the navigation pane, select Users > LDAP Users.

2. Use one of the following methods to delete LDAP user groups:

• Delete an LDAP user group—Use one of the following methods to delete an LDAP user group:

• On the Overview page or on the page of an OU, click the User Groups tab. Then, click Delete in the Actions column for the target LDAP user group. In the dialog box that opens, click OK.

• On the Overview page or on the page of an OU, click the User Groups tab. Then, click the name link of the target LDAP user group. On the page that opens, click Delete in the User Group Info area. In the dialog box that opens, click OK.

• Bulk delete LDAP user groups—On the Overview page or on the page of an OU, click the User Groups tab. Select multiple LDAP user groups, click More, and then click Delete. In the dialog box that opens, click OK.

Change the grade level (education scenario)

In the current software version, ARM hosts do not support changing the grade level.

Procedure

1. From the navigation pane, select Users > LDAP Users.

2. Click the User Groups tab.

3. Click Change Grade Level.

4. Select All or Custom in the Target Grade Levels field and specify the change type. If you select Custom, you must also specify a group (a class).

5. Click OK.

Parameters

• Target Grade Levels: Options are All and Custom. To change the grade level of all classes, select All. To change the grade level of one class, select Custom and specify the group name of the class.

• Type: Options are Upgrade and Downgrade.

• To change the class to its higher-level grade, select Upgrade. If the class is the highest-level grade, it cannot be upgraded.

• To change the class to its lower-level grade, select Downgrade. If the class is the lowest-level grade, it cannot be downgraded.