VMware Cloud Community
jim1096
Contributor
Contributor
‎07-17-2009 10:54 AM

Orchestrator 4.0 LDAP Config

PLEASE HELP! My sanity is at risk...

I am trying to configure LDAP in Orchestrator but keep getting the error: LDAP connection successful but no users found. Please check LDAP paths.

my user lookup base is: ou=users,DC=SG,DC=com

I read in an earlier post that changing the ou to CN in front of Users helped but that hasn't been the case for me.

The OU Users certainly exists and I created the a group VMO_Administrators and added the administrator to that group.

I am stumped!

0 Kudos
11 Replies
AndreTheGiant
Immortal
Immortal
‎07-17-2009 11:15 AM

In my AD I have create a specific OU for users and groups related with Orchestrator, and I works.

The example in the configuration I suppose that is wrong, cause Users (in default AD) is not a OU, but a CN.

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
pwyzorski-wyzgu
Enthusiast
Enthusiast
‎07-17-2009 01:17 PM

Are you using some kind of LDAP solution or AD? If AD then I think the string you is "cn=users,DC=SG,DC=com" for both the "Users" and "Groups" setting.

Don't forget if the answers help, award points

Don't forget if the answers help, award points
0 Kudos
jim1096
Contributor
Contributor
‎07-17-2009 01:32 PM

Hi!

I'm using AD... I tried that and here is my result:

[LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=sg,DC=com'

Dude, if that worked, I would have given you the max points allowable.

0 Kudos
pwyzorski-wyzgu
Enthusiast
Enthusiast
‎07-17-2009 03:33 PM

From what little I know about your setup you might want to try the following:

Root: DC=SG,DC=com

Username: SG\(some Domain Admin username)

Password: (password for the above)

User lookup base: cn=Users,dc=SG,dc=com

Group lookup base: cn=Users,dc=SG,dc=com

vCO Admin group: cn=VMO_Administrators,cn=Users,dc=SG,dc=com

Don't forget if the answers help, award points

Don't forget if the answers help, award points
0 Kudos
admin
Immortal
Immortal
‎07-17-2009 04:34 PM

Users is an AD builtin group which can make it hard to find.

I agree that root should be dc=sg,dc=com

However, I would also set the user lookup base and the group lookup base to the same dc=sg,dc=com

Not that you're indicating an issue, but using the username@sg.com form always works for me with AD.

At this point I would apply changes. You should see an "error" that the VMO Admin group is not found.

Now I would recommend using the Search link next to the VCO Administrators Group field and then enter VMO_Administrators as the search string. VCO should return the full DN for your VMO Admin group. Click on that link which will populate the field back on the main LDAP page.

Now click on Apply once more and the status light should go green.

Good luck.

Bill

0 Kudos
admin
Immortal
Immortal
‎07-18-2009 06:55 AM

username should be speficied as user_name or user_name@domain.suffix.

domain\user_name is not likely going to work in my experience since it's MS Windows specific format instead of standard LDAP.

Don't worry, we will get you working.

Sia

0 Kudos
AndreTheGiant
Immortal
Immortal
‎07-18-2009 07:14 AM

Some infos also in this thread:

(but are almost the same notes of )

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
jim1096
Contributor
Contributor
‎07-20-2009 06:10 AM

Thanks for all of the suggestions guys, I really appreciate it! I just got here after the weekend and will start pounding away on it and let you know how it goes.

Thanks again!

0 Kudos
irene_zimmerman
Contributor
Contributor
‎07-20-2009 07:36 AM

We have a pretty complicated AD configuration with users and groups that are not located in the default folders.

The solution for us was to use a config like this:

Root: DC=SG,DC=com

User lookup base: dc=SG,dc=com

Group lookup base: dc=SG,dc=com

The user has the format:

for the vmo admin group: the goup would be a CN, the path all OU and at the end again dc=SG,dc=com (CN=AdminGroup,OU=folder1,OU=folder2,dc=SG,dc=com)

The user must have the right to read the complete AD structure from the root object, otherwise it will not find the specified users our goups.

Hope this helps.

0 Kudos
jim1096
Contributor
Contributor
‎07-22-2009 09:47 AM

Hey Guys,

I was on the phone with support and the support rep changed the Root to: CN=Users,DC=sg,DC=com and that fixed the problem. Craziness....

Thanks for all your help, I REALLY appreciate it - I hope I can return the favor some time!

0 Kudos
victorteufel
Contributor
Contributor
‎06-30-2010 04:57 AM

You deserve all the point bro .. thnx for the help

0 Kudos