VMware Cloud Community
Mohammad1982
Hot Shot
Hot Shot

vCO LDAP settings

Hi All,

I have installed orchestrator with VC server. The Version of VC is 4.0. I am trying to configure VCO using VCO web configuration. I was able to configure the network settings. I am unable to configuire LDAP settings.

I entered the LDAP server IP and port etc. I am getting a LDAP URL. I am unable to get the browsing part. I am unable to search the users and groups using userlokup and grouplookup.

On the LDAP server I have created a use called vCO which is in Administrators group. ( Please help me with the LDAP configuration)

Also help me with the prerequisites on the AD server. (What are the things I require before configuring VCO)

Any help is higly appreciated.

Thank you

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Mohammad Wasim
Reply
0 Kudos
4 Replies
admin
Immortal
Immortal

Hi,

1. First check your AD replies on ldap port (telnet <AD IP> <ldap port>). If you get connection closed that means there is something wrong with your AD.

2. Second if you have a ldapsearch client you can try to perform ldapsearch queries on your AD to see wether it is replying to ldap request

3. There is a test page on configurator for ldap. Use this.

4. Have a look at the vCO doc

5. If you are still stuck post the entries you are putting to see wether they seem correct.

Cheers.

B.

Reply
0 Kudos
dhedges
Contributor
Contributor

Hi, this is what I did and it's working now.

This is setup using a domain called mydomain.com which is a windows active directory domain.

I also created a group called vmoadmins and added the administrator account to it.

LDAP client = active directory

Primary ldap host = 1.2.3.4 (enter your ip address here)

Root = dc=mydomain,dc=com

username and password entered for an administrator on the domain

user lookup base = CN=Users,DC=mydomain,DC=com

group lookup base = CN=Users,DC=mydomain,DC=com

vco admin group = CN=vmoadmins,cn=users,DC=mydomain,DC=com

Hope this helps.

Reply
0 Kudos
pcerda
Virtuoso
Virtuoso

Hi,

Here some steps to configure the LDAP Settings on Orchestrator. On Active Directory you must create a group (you'll grant administrative privileges for Orchestrator), in my case 'VCOGroup'. You also must to create a domain user (Orchestrator uses this user to connect to the LDAP server).

- From the LDAP client drop-down menu, select the directory server type that you are using as the LDAP server.

- In the Primary LDAP host text box, type the IP address or the DNS name of the host on which your primary LDAP service runs. This is the first host on which the Orchestrator configuration interface verifies user credentials. Optionally specify a Secondary LDAP host.

- In the Port text box, type the value for the look up port of your LDAP server. If your DC is configured to use Global Catalog, you must use port 3268, otherwise you must use the default port 389.

- In the Root text box, type the root element of your LDAP service. If your domain name is company.org, your root LDAP is dc=company,dc=org. You also can specify just an OU instead of the entire directory (ou=employees,dc=company,dc=org).

- Enter a valid user name (LDAP string) in the User name text box for a user on your LDAP who has browsing permissions. You can use the DN format, Principle name format or NetBEUI format.

- In the Password text box, enter the valid password for the user name you entered. (Orchestrator uses these credentials to connect to the LDAP server.)

Next, you have to define the LDAP containers for Orchestrator to look up users and groups.

- Define the User lookup base. This is the LDAP container where Orchestrator searches for potential users. Click Search and type the top-level domain name or organizational unit (you also can do a searching without specify anything). Next, select the OU you want.

- Define the Group lookup base. This is the LDAP container where Orchestrator looks up groups. Click Search and type the top-level domain name or organizational unit (you also can do a searching without specify anything). Next, select the OU you want.

- Define the vCO Admin group. This must be an LDAP group (like Domain Users) to which you grant administrative privileges for Orchestrator. Click Search and type the top-level group name. (you also can do a searching without specify anything). Next, select the Group you want.

I attach some screenshots from my vCenter Orchestrator.






Regards / Saludos

-


Patricio Cerda !http://www.images.wisestamp.com/linkedin.png!

VMware VCP-410

Join to Virtualizacion en Español group in Likedin

See My Blog

See My Linkedin Profile

-


Si encuentras que esta o cualquier otra respuesta ha sido de utilidad, vótalas. Gracias.

If you find this or any other answer useful please consider awarding points by marking the answer helpful or correct. Thank you.

Regards / Saludos - Patricio Cerda - vExpert 2011 / 2012 / 2013
Reply
0 Kudos
pcerda
Virtuoso
Virtuoso

More screenshots






Regards / Saludos

-


Patricio Cerda !http://www.images.wisestamp.com/linkedin.png!

VMware VCP-410

Join to Virtualizacion en Español group in Likedin

See My Blog

See My Linkedin Profile

-


Si encuentras que esta o cualquier otra respuesta ha sido de utilidad, vótalas. Gracias.

If you find this or any other answer useful please consider awarding points by marking the answer helpful or correct. Thank you.

Regards / Saludos - Patricio Cerda - vExpert 2011 / 2012 / 2013
Reply
0 Kudos