Re: AD over LDAPS

kwg66 · ‎07-18-2023

Our AD team is about to implement LDAP signing, and I am reading this will break our configuration, we are using AD over LDAP.

That said, the write ups on this topic, here for example: https://blogs.vmware.com/vsphere/2020/05/vsphere-authentication-active-directory-ldap-event-2889.htm... show that you can have success configuring AD over LDAPS, see the cut and paste from the blog:

We are on vCenter 6.7 and this is not an option. What build version is this choice an option in the drop down menu when trying to add a new identity source? Or, is it that you select AD over LDAP then configure it a specific way to achieve the state desired so LDAP signing doesn't break our vCenter \ AD integration?

Thanks in advance

GeoPerkins · ‎07-20-2023

We also will need to cross this bridge. Following this thread to learn something new.

Which version of vCenter are you using?

I have vCenter 7.0.3 (Build number 21290409) and the drop-down is greyed out. So I can't select signed LDAP. However, the URL is ldaps: on port 636 ... which makes me wonder if it is already signed (what's the difference between encrypted communication on port 636 and a signed LDAP)?

vwaghule · ‎07-25-2023

You will need to select AD over LDAP option to configure LDAPS.

while providing the server URLs specific LDAPS and upload the certificates.

Below kb you can refer for more details,

https://kb.vmware.com/s/article/2041378

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.psc.doc/GUID-98B36135-CDC1-435C-8F27-5E0D01...

MC1903 · ‎07-26-2023

Hi,

Here's a doc I created when working through this for the first time.

Hope it helps.

M

maksym007 · ‎07-27-2023

there is no rocket science in configuring it

Ajay1988 · ‎07-31-2023

for ldap/ldaps use same option via Identity source. Difference is if you want to use ldaps add certs (URL).
https://kb.vmware.com/s/article/2041378

If you think your queries have been answered
Mark this response as "Correct" or "Helpful".

Regards,
AJ

All

AD over LDAPS

SSO