3.1. About User Directory Integration

3.1.1. Active Directory Types
3.1.2. LDAP Types
3.1.3. User Directory Customization

Typically user information is already stored in an Active Directory or LDAP server. Before you can create pools and assign users to desktops, you must configure the desired Active Directory/LDAP server and the Oracle VDI. The following information describes the user directory types supported by Oracle VDI.

3.1.1. Active Directory Types

Active Directory integration is the recommended choice for production platforms integrating with Microsoft Active Directory. Active Directory integration requires additional configuration (Kerberos configuration and time synchronization) on the Oracle VDI hosts. To set up Active Directory integration quickly, for example for testing purposes, you can use LDAP Types, see Section 3.1.2, “LDAP Types”.

See Section 3.2, “Supported User Directories” for details of the supported versions of Active Directory.

The users from Active Directory can be used for desktop and pool assignments and will be able to access desktops provided by Oracle VDI. On top of this basic feature, Active Directory integration offers the following functionalities:

  1. Active Directory integration enables access to all the users from a forest and makes those users available for desktop and pool assignments. This means that the users from the different sub-domains of the forest will be able to access desktops from Oracle VDI.

    For more details on supported forest configurations, see Section 3.10, “About Complex Forest Configurations”.

  2. Active Directory integration allows computer entries to be removed from Active Directory when cloned desktops are deleted by the Oracle VDI.

    During cloning, when a Windows desktop joins a domain, this creates a new computer entry in Active Directory. Configuring Oracle VDI with Kerberos authentication enables Oracle VDI to remove the computer entries from Active Directory, when deleting unused desktops. This avoids having computer entries piling up in Active Directory while the matching desktops have long been destroyed.

  3. Active Directory integration allows users to update their password (Section 6.2.3, “User Password Change and Expiry”) in Active Directory either before this password has expired (optional action) or after the password has expired (mandatory action).

You can choose from the following supported Active Directory types:

3.1.2. LDAP Types

LDAP integration is the recommended choice for integrating with other types of LDAP directories or to set up Active Directory integration quickly. The setup is straight-forward, without the need for extra configuration.

See Section 3.2, “Supported User Directories” for details of the supported LDAP directories.

LDAP integration allows users to update their password (Section 6.2.3, “User Password Change and Expiry”) in the directory server only before this password has expired. If the user password expires, the user will be required to update it using a customer-provided process external to Oracle VDI.

LDAP Integration offers three security types for authentication: anonymous, simple, and secure:

When a user gets a desktop from Oracle VDI (via the Desktop Selector), Oracle VDI passes the user credentials to the desktop so the user does not have to re-enter their credentials at the desktop login. One way Oracle VDI enables users to authenticate is through their email address, however, an email address is not a valid user name on the desktop side.

3.1.3. User Directory Customization

If you have an expert understanding of user directory integration and would like to optimize Oracle VDI for your user directory, refer to the following sections: