hi
i'm trying to evaluate the vmware lifecycle manager.
The installation itself it's pretty easy but i'm not able to confuigure the LDAP part of the orchestrator configuration:
i always receive : Error Bad username or password Cannot login user : my Active Directory user
supposing is mydomain.it i've set the parameters in that way:
Primary LDAP Host: server.mydomain.it
Root: dc=mydomain,dc=it
Username: my usual Active directory username (i'm in the Domain Admins Group so i have all the rights to browse the AD ldap)
but i always get the error Bad username or password Cannot login user :myusername.
Any idea of what i'm doing wrong?
thank you
LDAP part of the orchestrator configuration is not well documented. What you have to do to get LDAP working is to configure VMO Admin group as per instruction below:</span>
Click LDAP tab
·<span style="font: 7pt 'Times New Roman'"> </span>Primary LDAP Host: server.mydomain.it
·<span style="font: 7pt 'Times New Roman'"> </span>Root: dc=mydomain,dc=it
·<span style="font: 7pt 'Times New Roman'"> </span>Username: DOMAIN\<Username>
Click LDAP Lookup Paths tab.
·<span style="font: 7pt 'Times New Roman'"> </span>user lookup base is dc=mydomain,dc=it
·<span style="font: 7pt 'Times New Roman'"> </span>The group lookup base is dc=mydomain,dc=it,
·<span style="font: 7pt 'Times New Roman'"> </span>VMO Admin group is cn=Domain users,cn=users,dc=mydomain,dc=it
Click Test Logon tab:
Enter the name and the password for test user and everything should work fine.
Regards,
Dusan Munizaba
dusan@dmtech.com.au
Hey Dusan -
Does the group need to be named "VMO Admin"? or can it be anything. I have a client with a group called "vmoper".
my user base and group base are set as "dc=subdomain,dc=subdomain,dc=domain,dc=com"
my VMO Admin group is set as "cn=VMOpers,dc=subdomain,dc=subdomain,dc=domain,dc=com"
Dave
Message was edited by: dconvery
hi there,
do i need a ldap server to be part of my life cycle manager setup?
please let me know if you have some good documentation with respect to VMware life cycle mamanger.
thx
hi dusan,
i am trying to finsih of the LDAP configuration i tried whts mentioned in the document and also tried the work around as mentioned by you but every time i get a message incorrect administrator password.
I have active directory configured on windows 2003 srv do i need to make some changes on active directory wrt to ldap.
And do i need to create any groups in my domain etc etc..
any details on this will be highly appreciated.
thx
You may want a little more secure LDAP configuration,
LDAP HOST: obviously your AD server
Root: This is your AD Domain in LDAP format, for example my domain is AD.SANNET.GOV which would be dc=ad,dc=sannet,dc=gov
On the LDAP lookup paths tab, this is where you specify your USER and GROUP base, along with what your actual VMO Admin group is...for security purposes we created a new Group just for VMO admins.
User Lookup base: OU=USERS,DC=AD,DC=SANNET,DC=GOV
Group Base: OU=GROUPS,DC=AD,DC=SANNET,DC=GOV
VMO Admin Group: CN=VMOADMINS,CN=USERS,DC=AD,DC=SANNET,DC=GOV
Good luck...install/config of VMO is pretty nerve racking.
rscherer -
I have been told that the best thing to do for the user and group bases is to use the root path. So they should be " DC=AD,DC=SANNET,DC=GOV" in your example. Your method was what I was using and it got me into a little trouble at my last installation.
Dave
I can see how it would be a benefit to do that, but I would be worried about opening OU's that really shouldn't be open. What type of issue(s) did you run into by doing what I suggested?
Rick
I think my issue was the fact that the AD had about 50K objects. VMO choked with it. Will be fixed with the new version, I hear...
Ahh, good to know.... My installs were into AD with only around 20k objects and it seems to be working OK.
Yes - the current version's LDAP connection doesn't like large ADs..
Thanks your directions got me going in the right direction. For the VMO I had to use Dsquery to get the complete path for the group.
Here is what I've got:
On the LDAP Tab
Primary and Secondary LDAP (AD DC's)
Root: dc=mydomain,dc=com
Username: mydomain\username
Password: my domain password
On Ldap Lookup Paths Tab
User lookup Base: dc=mydomain,dc=com
Group lookup Base: dc=mydomain,dc=com
VMO Admin Group: CN=Group,OU=Sub OU,OU=Top OU,DC=mydomain,DC=com (used dsquery group -name "Groupname" to get this path)
Tested logon and all was good.
Thanksa again this was kicking my butt...