I Googled this question, and came up with an array of responses applicable to ESX vs ESXi vs really old versions vs. not so old versions that say yes, no, I don't know, only when, except if... Searching the Install & Setup guide returns 104 matches that all seem to be about very specific cases, none of which are "Here's how to make this work with LDAP!"
How do I have my standalone ESXi server authenticate against LDAP? And, preferably, only allow access to users in a particular group?
Still hoping for an answer...
Depends what type of LDAP directory u'r using.
If you are using Active Directory you can configure it in the vSphere Client under "Host -> Configuration -> Authentication Services -> and change Directory Service Type fron Local Authentication to Active Directory.
then you just add AD Users/Groups under permissions.
If you are using a non AD LDAP such as OpenLDAP then you need a vCenter.
Since ESXi and removal of the service console there is no support for generic LDAP anymore
I know this is old but it's the only real answer I found in June 2017 so I marked it helpful. It's a shame VMware doesn't support non AD LDAP anymore (I found a note for an older version on how to do it but the commands don't exist anymore). Not everyone runs AD for authentication although many do but it's a shame they took the option out. We may see a day when VMware only supports Windows boxes!
Samba can run on FreeBSD, Linux, Solarish, etc. and has AD domain controller functionality. It actually works really well and is fairly easy to set up. I've managed to get it working fairly well under FreeBSD 11.1 and a few Linux flavors (Arch, Ubuntu, Debian, CentOS, Fedora, OpenSUSE). It's super, super easy with OpenSUSE since they have YAST graphical configuration tools (but can't control with RSAT afaik). Feature-wise, FreeBSD is the easiest to build with MIT Kerberos (as of v4.7) because of the ports tree. Otherwise, you can either use the included Heimdal kerberos or build it yourself (have successfully compiled with MIT krb5 under Ubuntu and Debian). Has great features - new versions still include rfc2307 "Unix Attributes" feature which have been depreciated in Server 2016, which is wonderful if you're on Unix machines. Can even control with RSAT, if that's your thing, if you configure your DC using samba-tool, but Unix Attributes tab is gone from Windows 10 RSAT (limited to Windows 8.1 or 7 if you want the Unix Attributes tab in RSAT). DNS control with RSAT works out of the box, even with built-in DNS, although it's a little flakey. DHCP w/DDNS and DNS can also be controlled with RSAT if you install Bind9 and isc-dhcpd as your backend (so I hear, but I haven't tried it yet).
Anyone can have an ADDC now! http://wiki.samba.org
