VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Add Active Directory over LDAP or OpenLDAP as an Identity Source for VMware Cloud Foundation

Users can log in to the
SDDC Manager UI
 only if they are in a domain that has been added as a vCenter Single Sign-On identity source. vCenter Single Sign-On administrator users can add identity sources, or change the settings for identity sources that they added.
You can use identity sources to attach one or more domains to vCenter Single Sign-On. A domain is a repository for users and groups that the vCenter Single Sign-On server can use for user authentication with
VMware Cloud Foundation
. By default, vCenter Single Sign-On includes the system domain (for example,
vsphere.local
) as an identity source. You can add Active Directory over LDAP or an OpenLDAP directory service as idenitity sources.
  1. In the navigation pane, click
    Administration
    Single Sign On
    .
  2. Click
    Identity Provider
    .
  3. Click
    Add
     and select
    AD over LDAP
     or
    OpenLDAP
    .
    The
    Connect Identity Provider
     wizard opens.
  4. Click
    Next
    .
  5. Enter the server settings and click
    Next
    .
    Active Directory over LDAP and OpenLDAP Server Settings
    Option
    Description
    Identity Source Name
    Name of the identity source.
    Base Distinguished Name for Users
    Base Distinguished Name for users. Enter the DN from which to start user searches. For example,
    cn=Users,dc=myCorp,dc=com
    .
    Base Distinguished Name for Groups
    The Base Distinguished Name for groups. Enter the DN from which to start group searches. For example,
    cn=Groups,dc=myCorp,dc=com
    .
    Domain Name
    The FQDN of the domain.
    Domain Alias
    For Active Directory identity sources, the domain's NetBIOS name. Add the NetBIOS name of the Active Directory domain as an alias of the identity source if you are using SSPI authentications.
    For OpenLDAP identity sources, the domain name in capital letters is added if you do not specify an alias.
    User Name
    ID of a user in the domain who has a minimum of read-only access to Base DN for users and groups. The ID can be in any of these formats:
    • UPN (user@domain.com)
    • NetBIOS (DOMAIN\user)
    • DN (cn=user,cn=Users,dc=domain,dc=com)
    The user name must be fully-qualified. An entry of "user" does not work.
    Password
    Password of the user who is specified by
    Username
    .
    Primary Server URL
    Primary domain controller LDAP server for the domain. You can use either the host name or the IP address.
    Use the format
    ldap://hostname_or_IPaddress:port
     or
    ldaps://hostname_or_IPaddress:port
    . The port is typically 389 for LDAP connections and 636 for LDAPS connections. For Active Directory multi-domain controller deployments, the port is typically 3268 for LDAP and 3269 for LDAPS.
    A certificate that establishes trust for the LDAPS endpoint of the Active Directory server is required when you use
    ldaps://
     in the primary or the secondary LDAP URL.
    Secondary Server URL
    Address of a secondary domain controller LDAP server that is used for failover. You can use either the host name or the IP address.
    Certificates (for LDAPS)
    If you want to use LDAPS with your Active Directory LDAP Server or OpenLDAP Server identity source, click
    Browse
     to select a certificate. To export the root CA certificate from Active Directory, consult the Microsoft documentation.
  6. Review the information and click
    Submit
    .
After you successfully add an identity source, you can add users and groups from the domain. See Add a User or Group to VMware Cloud Foundation.

Content feedback and comments