VMware Cloud Community
TheVMinator
Expert
Expert

Setting up LDAP authentication

I'm adding an LDAP host for authentication in the custom UI.

Some questions on the "Manage LDAP Host" screen used to pull info from active directory:

My active directory domain is:

bigcorp.com

and the name of my domain controller is:

dc1.bigcorp.com

LDAP Host Name:  Do I use dc1 or dc1.bigcorp.com?

Port: If AD uses default settings will this be 389?

Username Field: What permissions does this username have to have in AD in order for this to work?  domain admin? read-only?

Base DN: In the example here, would this be bigcorp.com ? does it need to be in the format CN=bigcorp and so on?

Reply
0 Kudos
6 Replies
abhilashhb
VMware Employee
VMware Employee

Hey,

LDAP Host Name:  Do I use dc1 or dc1.bigcorp.com?

As far as the vCOPS is able to resolve the DNS you can put dc1 or dc1.bigcorp.com.


Port: If AD uses default settings will this be 389?

Yes if you are using LDAP its 389 and for LDAPS its 636.


Username Field: What permissions does this username have to have in AD in order for this to work?  domain admin? read-only?

Yes the account needs just read- permissions. Make sure the account you use does not have a expiring password.


Base DN: In the example here, would this be bigcorp.com ? does it need to be in the format CN=bigcorp and so on?

Your base DN would be DC=dc1,DC=bigcorp,DC=com.

Abhilash B
LinkedIn : https://www.linkedin.com/in/abhilashhb/

Reply
0 Kudos
mark_j
Virtuoso
Virtuoso

Keep in mind that oftentimes you'll want to narrow down your BaseDN to speed up the ldap query and eliminate errors from improper object values (cn "/", etc). Or if you have a very large AD with many users, narrowing down the BaseDN will eliminate time-outs.

If you find this or any other answer useful please mark the answer as correct or helpful.
Reply
0 Kudos
abhilashhb
VMware Employee
VMware Employee

There is no mention of a particular OU created for vCOPS authentication so i went ahead and gave the general format on how it is done. And yes i agree that narrowing down helps in eliminating time-outs.

Abhilash B
LinkedIn : https://www.linkedin.com/in/abhilashhb/

Reply
0 Kudos
migstvdallas
Contributor
Contributor

I'm also trying to get the full 4-1-1 on importing the LDAP data into my vCOPS; particularly so that I can easily assign roles/permissions to my engineering/administration team.  Hasn't anybody come up with some answers on this - we're now in March (almost April) of 2014!!  Please - desperately need help!!  TIA.

Reply
0 Kudos
mark_j
Virtuoso
Virtuoso

This info is avail in the admin manual. What is your question?

If you find this or any other answer useful please mark the answer as correct or helpful.
Reply
0 Kudos
btkrausen
Enthusiast
Enthusiast

I wrote a post regarding this exact issue. I assume that you've found the answer already but just in case it helps somebody else.

VMware vCOPS - Custom UI & Active Directory Integration | IT Diversified

vExpert 2014 & 2015, VCAP-DCA, VCP5-DCV, VCP5-DT, VCP4, VCP3, CCNA, MCSA, MCTS, MCDST, A+, Net+, Sec+
Reply
0 Kudos