You will find everything you need from the this website.
I followed the instructions and it worked perfectly.
Below are the steps I performed.
1. Made a backup of c:\inetpub\wwwroot\Citrix\<SiteCode>\app_data\serverscripts\include.aspxf
2. Placed the following code in include.aspxf directly under Global Variable.
/****************************************************************************************
* By CTX Experientia S.L.
* Modified for WI5.01 by Justin Bousquet
* Gets a list of the user's groups.
*
* Returns a list of all groups of an user.
* If your LDAP directory needs authentification (like AD) to retrieve the info, you must define
* the AdminUSER and AdminPWD fields on DirectoryEntry.
*
* If you can't use an administrator credentials to retrieve info, please
* follow these instructions to create a guest user with read right over LDAP.
*
* 1. Create a user. During creation mark "Password never expires" and "User cannot change password" checkboxes
* and clear "User must change password at first logon" one.
* 2. After a user is created go to the account properties and add it to the "Domain Guests" group. Mark this
* group as Primary. Remove the account from the "Domain users" group.
* 3. Right-click the domain root and select "Delegate control" task. Select the account you've created.
* On the next step select "Create a custop task to delegate" item.
* 4. On the next step check "Only the following objects in the folder" and mark the item "Group objects"
* in the list below
* 5. On the next step check the "General" checkbox only and mark the "Read all properties" item in the list below.
* 6. Finish the wizard and specify the user's credentials in the app_data/serverscripts/include.aspxf script.
*
*
* @return A list of groups sepparated by a bar (|)
*/
string GetADUserGroups(string userName) {
string strLDAP = LDAP://<DC_Server_Name>/DC=<Domain>,DC=<Domain>;
DirectoryEntry entryDomain = new DirectoryEntry(strLDAP,"Username","Password");
DirectorySearcher search = new DirectorySearcher(entryDomain);
search.Filter = String.Format("(sAMAccountName={0})", userName);
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupsList = new StringBuilder();
SearchResult result = search.FindOne();
if (result != null)
{
int groupCount = result.Properties["memberOf"].Count;
for(int counter = 0; counter < groupCount; counter++)
{
groupsList.Append((string)result.Properties["memberOf"][counter]);
groupsList.Append("|");
}
}
if (groupsList.Length >0 )
{
groupsList.Length -= 1; //remove the last '|' symbol
}
return groupsList.ToString();
}
/****************************************************************************************3. Created a user on my domain following the instructions above within include.aspf
4. Changed the following sections of include.aspxf to repesent my domain, username and password
string strLDAP = "LDAP://<DC_Server_Name/DC=<Domain>,DC=<Domain>";
DirectoryEntry entryDomain = new DirectoryEntry(strLDAP,"UserName","password");
5. Made a backup of c:\inetpub\wwwroot\Citrix\XenApp\<SiteCode>\default.aspx and copied the new one over
6. Copied the wimods folder under app_data to c:\inetpub\wwwroot\Citrix\<SiteCode>\app_data\
7. Edited the file groups.aspx located in c$\inetpub\wwwroot\Citrix\<SiteCode>\app_data\wimods\grpaccess. Replacing the string groups_permited = "all"; with string groups_permited = "My Security Group";
The result is
No comments:
Post a Comment