VMware Cloud Community
tbbochum
Contributor
Contributor

vCenter 5.5 LDAP search group

Hi there,

after I successfully attach the vCenter 5.5 (VCLA) to our LDAP I need help regarding the permission and group configuration.

One problem is that all users there are in the base DN container can successful connect to the vCenter.

But we need that only users there are in a special LDAP-usergroup(vCenter-Admins) can connect to the vCenter.

Q1: Where I can configure that ?

Another Problem is that I can not browse the users in the -Single Sign On / Users and Groups / Domain (LDAP)

-->Error: Invalid principal:

Q2: Where can I configure the principal ? It must be the special LDAP-usergroup(vCenter-Admins)

Thnaks a lot !

Reply
0 Kudos
6 Replies
Shafay2000
Enthusiast
Enthusiast

How did you connect the vCenter to an LDAP group. Did you use MS AD version of LDAP or Linux ?

Reply
0 Kudos
tbbochum
Contributor
Contributor

Hi,

we are using Novell eDirectory and we configured OpenLDAP in vSphere 5.5

Greetings

*T

Reply
0 Kudos
Shafay2000
Enthusiast
Enthusiast

So you need some flavor of windows, you cant integrate vCenter 5.5 with like Open source LDAP, can you ?

Reply
0 Kudos
Hiney
Enthusiast
Enthusiast

Shafay2000,

"So you need some flavor of windows, you cant integrate vCenter 5.5 with like Open source LDAP, can you ?"

Yes. The instructions say you can.

when you add a source, it's the default "source type"

tbbochum

I got the same thing. I'm going to look at setting up ldap as it's a sles box at it's heart. Is this something you've tried ?

Phiney

"I have an inferiority complex, it's just not a very good one."
Reply
0 Kudos
Hiney
Enthusiast
Enthusiast

ok, i've learn't something important.

all users in your ldap search container(s) need a uniqueID. even serveradmin and OESCommonProxy_server users

I think each affected user comes up on the web console or just tailf /storage/log/vsphere-client/logs/vsphere_client_virgo.log.

I also have it "seeing" the edirectory users by turning on SLES ldap settings (yast ldap). So i'm going to check if i can get one of them to work. the normal openldap identity source should be the one of choice though

phiney.

"I have an inferiority complex, it's just not a very good one."
Reply
0 Kudos
Hiney
Enthusiast
Enthusiast

FYI,

using the openLDAP configuration of the user source and ldaps// works.

p

"I have an inferiority complex, it's just not a very good one."
Reply
0 Kudos