VMware Cloud Community
TheVMinator
Expert
Expert
‎11-04-2013 04:03 PM

Setting up LDAP authentication

I'm adding an LDAP host for authentication in the custom UI.

Some questions on the "Manage LDAP Host" screen used to pull info from active directory:

My active directory domain is:

bigcorp.com

and the name of my domain controller is:

dc1.bigcorp.com

LDAP Host Name:  Do I use dc1 or dc1.bigcorp.com?

Port: If AD uses default settings will this be 389?

Username Field: What permissions does this username have to have in AD in order for this to work?  domain admin? read-only?

Base DN: In the example here, would this be bigcorp.com ? does it need to be in the format CN=bigcorp and so on?

0 Kudos
6 Replies
abhilashhb
VMware Employee
VMware Employee
‎11-04-2013 05:38 PM

Hey,

LDAP Host Name:  Do I use dc1 or dc1.bigcorp.com?

As far as the vCOPS is able to resolve the DNS you can put dc1 or dc1.bigcorp.com.


Port: If AD uses default settings will this be 389?

Yes if you are using LDAP its 389 and for LDAPS its 636.


Username Field: What permissions does this username have to have in AD in order for this to work?  domain admin? read-only?

Yes the account needs just read- permissions. Make sure the account you use does not have a expiring password.


Base DN: In the example here, would this be bigcorp.com ? does it need to be in the format CN=bigcorp and so on?

Your base DN would be DC=dc1,DC=bigcorp,DC=com.

Abhilash B
LinkedIn : https://www.linkedin.com/in/abhilashhb/

0 Kudos
mark_j
Virtuoso
Virtuoso
‎11-05-2013 12:43 PM

Keep in mind that oftentimes you'll want to narrow down your BaseDN to speed up the ldap query and eliminate errors from improper object values (cn "/", etc). Or if you have a very large AD with many users, narrowing down the BaseDN will eliminate time-outs.

If you find this or any other answer useful please mark the answer as correct or helpful.
0 Kudos
abhilashhb
VMware Employee
VMware Employee
‎11-05-2013 05:17 PM

There is no mention of a particular OU created for vCOPS authentication so i went ahead and gave the general format on how it is done. And yes i agree that narrowing down helps in eliminating time-outs.

Abhilash B
LinkedIn : https://www.linkedin.com/in/abhilashhb/

0 Kudos
migstvdallas
Contributor
Contributor
‎03-19-2014 08:38 PM

I'm also trying to get the full 4-1-1 on importing the LDAP data into my vCOPS; particularly so that I can easily assign roles/permissions to my engineering/administration team.  Hasn't anybody come up with some answers on this - we're now in March (almost April) of 2014!!  Please - desperately need help!!  TIA.

0 Kudos
mark_j
Virtuoso
Virtuoso
‎03-19-2014 10:02 PM

This info is avail in the admin manual. What is your question?

If you find this or any other answer useful please mark the answer as correct or helpful.
0 Kudos
btkrausen
Enthusiast
Enthusiast
‎04-26-2014 08:09 AM

I wrote a post regarding this exact issue. I assume that you've found the answer already but just in case it helps somebody else.

VMware vCOPS - Custom UI & Active Directory Integration | IT Diversified

vExpert 2014 & 2015, VCAP-DCA, VCP5-DCV, VCP5-DT, VCP4, VCP3, CCNA, MCSA, MCTS, MCDST, A+, Net+, Sec+
0 Kudos