Newb449
Contributor
Contributor

SSO Identity Source Base DN

I have found not all domain users or members of AD groups are able to logon to vcenter 5.1 when the account/group is not within the base DN.  Problem is the users/groups are in different OUs.  If I set the base DN to the root it takes ages to logon.

Can I create another identify source pointing to the same AD, but with different base DNs to start with?

Tags (1)
0 Kudos
3 Replies
schepp
Leadership
Leadership

Hi,

you can't do that, the domain name needs to be unique.

Regards

Newb449
Contributor
Contributor

Yep.  Tested that and that's definitely true Smiley Sad  So I have no choice but to move the base DN high enough up the tree to cater for all potential OUs that users might be in?

0 Kudos
schepp
Leadership
Leadership

I guess yes.

Also make sure your identity source is a global catalog, this might speed up the lookup process.

Tim

0 Kudos