3.10. About Complex Forest Configurations

The following types of Active Directory forest configurations are supported by Oracle VDI.

Example of a Single Tree Forest

The Active Directory is a forest containing:

  • A root domain named example.com. The Global Catalogs are located in the root domain.

  • A child domain named users.example.com where all the users are located, including the user used to set up authentication in the Oracle VDI Manager.

The krb5.conf file should look similar to the following.

[libdefaults]
default_realm = USERS.EXAMPLE.COM


[realms]
USERS.EXAMPLE.COM = {
kdc = users.host
admin_server = users.host
kpasswd_protocol = SET_CHANGE
}
EXAMPLE.COM = {
kdc = example.windows.host
admin_server = example.windows.host
kpasswd_protocol = SET_CHANGE
}

[domain_realm]
.users.example.com = USERS.EXAMPLE.COM
users.example.com = USERS.EXAMPLE.COM
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM

And the settings to be used in the Oracle VDI Manager:

  • Domain: example.com

  • Username: super-user@users.example.com

Example of Multiple Tree Forests

For example, the following multiple tree configuration with multiple domains is supported.

  • One tree containing the domain central.vdi.example.com (Forest Root) and a child domain child.central.vdi.example.com

  • A second tree containing the domain east.vdi.example.com

  • Both trees are part of the same forest (central.vdi.example.com)

In order to add this tree configuration as a Company in Oracle VDI Manager, first make sure that Kerberos has been configured correctly on the Oracle VDI hosts.

The krb5.conf file should look similar to the following.

[libdefaults]
default_realm = CENTRAL.VDI.EXAMPLE.COM 

[realms]
CENTRAL.VDI.EXAMPLE.COM = {
kdc = centralroot.vdi.example.com
}
CHILD.CENTRAL.VDI.EXAMPLE.COM = {
kdc = centralchild.vdi.example.com
}
EAST.VDI.EXAMPLE.COM = {
kdc = eastroot.vdi.example.com
}

[domain_realm]
.central.vdi.example.com = CENTRAL.VDI.EXAMPLE.COM
central.vdi.example.com = CENTRAL.VDI.EXAMPLE.COM
.child.central.vdi.example.com = CHILD.CENTRAL.VDI.EXAMPLE.COM
child.central.vdi.example.com = CHILD.CENTRAL.VDI.EXAMPLE.COM
.east.vdi.example.com = EAST.VDI.EXAMPLE.COM
east.vdi.example.com = EAST.VDI.EXAMPLE.COM

In the Oracle VDI Manager New Company wizard, be sure to enter the domain name of the Forest Root in the Specify Connection step.