Skip to content

Commit

Permalink
docs: LDAP service account setup (#8875)
Browse files Browse the repository at this point in the history 
* updating docs with service account tutorial

* minor corrections

* Apply suggestions from code review

Co-authored-by: Zac Bergquist <[email protected]>

* wording changes based on CR

* minor changes and fixes and adds updated photos with new naming convention

* Updating documentation

* updating gpo instructions to actually make sense

* nits

* adding instructions for exporting ca

* removing unhelpful screen shot

* Fixes quotes and updates to LDAPS

Co-authored-by: Ben Arent <[email protected]>

* clarifying comment

Co-authored-by: Zac Bergquist <[email protected]>
Co-authored-by: Ben Arent <[email protected]>
  • Loading branch information
@zmb3 @benarent
3 people authored Nov 19, 2021
1 parent e8de91c commit f44561d
Show file tree
Hide file tree
Showing 8 changed files with 267 additions and 73 deletions.
Binary file added docs/img/desktop-access/ad-new-user.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/desktop-access/apply-gpo.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/desktop-access/create-and-link-gpo.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/desktop-access/deny-interactive-login.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/desktop-access/remove-authenticated.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/img/desktop-access/select-desktop.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
330 changes: 259 additions & 71 deletions docs/pages/desktop-access/getting-started.mdx
View file

Large diffs are not rendered by default.

10 changes: 8 additions & 2 deletions docs/pages/desktop-access/reference.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,10 +91,16 @@ spec:
environment: ["dev", "stage"]
# Windows user accounts this role can connect as.
windows_desktop_logins: ["Administrator"]
windows_desktop_logins: ["Administrator", "{{internal.windows_logins}}"]
```

It is possible to use wildcards to match all desktop labels.
It is possible to use wildcards (`"*"`) to match all desktop labels.

Like with SSH access, the `windows_desktop_logins` field supports the special `{{internal.windows_logins}}` variable
for local users which will map to any logins that are supplied when the user is created with
`tctl users add alice --windows-logins=Administrator,DBUser`.

For new clusters, the `"access"` role will have `windows_desktop_logins: ["{{internal.windows_logins}}"]` set by default.

## CLI

Expand Down

0 comments on commit f44561d

Please sign in to comment.