VMware Cloud Community
qc4vmware
Virtuoso
Virtuoso

AD Plugin and vCO authentication with Peer Domain structure

I am struggling trying to get a single instance of vCO setup so that

A. Users from any or our domains can authenticate to vCO.

B. The AD plugin can interact with any of our domains.

First I will explain a little about our domain structure as I understand it ( I am no expert when it comes to this stuff ) .  Our AD admins tell me we have a peer domain structure.  They have assisted me in setting up our authentication section of vCO and say that it should be seeing all users in all domains if the client is built with .net tools.  If the underlying client is using typical ldap then I would need to configure it to point to a specific peer domain.  When I point everything to the root I get a configuration error saying it sees no users so I am going to assume the underlying client is not built upon .net.  I attempted to use SSO instead of LDAP as the authentication type but this seems to break the AD plugin.  I started getting some strange errors... I am still doing some testing to confirm this is true but a quick test seems to confirm it.

The plugin also seems to exhibit the same behavior where I can only see one domain as opposed to all of our domains.  Whenever I configure it to point to the root domain instead of one of the sub or peer domains I get nothing.  Does anyone have advice on this?  I don't want to have multiple vCO's  just to support some basic AD interactions and authentication.  At the moment I am seeing no alternative and this will make for a very complex vCO layout and confusion for the people that need to use it.

Paul

Reply
0 Kudos
2 Replies
igaydajiev
VMware Employee
VMware Employee

>>I attempted to use SSO instead of LDAP as the authentication type but this seems to break the AD plugin

AD plugin is independent from the platform authentication.

If you go in vCO configurator->Active Directory there is a property "Copy from LDAP configuration"

If this property is cheked the AD plugin configuration is populated from the vCO platform authenticationss.

If you uncheck it you can configure the AD plugin to arbitrary AD server different from the platform one.

When the platform is configured in SSO mode. This property must be uncheked and proper configuration must be provided for AD plugin.

Hope it helps a bit..

Reply
0 Kudos
qc4vmware
Virtuoso
Virtuoso

That was unchecked.  Still breaks.

Reply
0 Kudos