I'm adding an LDAP host for authentication in the custom UI.
Some questions on the "Manage LDAP Host" screen used to pull info from active directory:
My active directory domain is:
bigcorp.com
and the name of my domain controller is:
dc1.bigcorp.com
LDAP Host Name: Do I use dc1 or dc1.bigcorp.com?
Port: If AD uses default settings will this be 389?
Username Field: What permissions does this username have to have in AD in order for this to work? domain admin? read-only?
Base DN: In the example here, would this be bigcorp.com ? does it need to be in the format CN=bigcorp and so on?
Hey,
LDAP Host Name: Do I use dc1 or dc1.bigcorp.com?
As far as the vCOPS is able to resolve the DNS you can put dc1 or dc1.bigcorp.com.
Port: If AD uses default settings will this be 389?
Yes if you are using LDAP its 389 and for LDAPS its 636.
Username Field: What permissions does this username have to have in AD in order for this to work? domain admin? read-only?
Yes the account needs just read- permissions. Make sure the account you use does not have a expiring password.
Base DN: In the example here, would this be bigcorp.com ? does it need to be in the format CN=bigcorp and so on?
Your base DN would be DC=dc1,DC=bigcorp,DC=com.
Keep in mind that oftentimes you'll want to narrow down your BaseDN to speed up the ldap query and eliminate errors from improper object values (cn "/", etc). Or if you have a very large AD with many users, narrowing down the BaseDN will eliminate time-outs.
There is no mention of a particular OU created for vCOPS authentication so i went ahead and gave the general format on how it is done. And yes i agree that narrowing down helps in eliminating time-outs.
I'm also trying to get the full 4-1-1 on importing the LDAP data into my vCOPS; particularly so that I can easily assign roles/permissions to my engineering/administration team. Hasn't anybody come up with some answers on this - we're now in March (almost April) of 2014!! Please - desperately need help!! TIA.
This info is avail in the admin manual. What is your question?
I wrote a post regarding this exact issue. I assume that you've found the answer already but just in case it helps somebody else.
VMware vCOPS - Custom UI & Active Directory Integration | IT Diversified