VMware Cloud Community
amarcy
Contributor
Contributor
‎02-04-2013 12:25 PM

Cannot import user into org via LDAP

Hello, I am a bit new to VCD so please pardon my ignorance.  I'm working in a test lab w/ a full install of VCD (5.1) and CentOS 6.3.  My problem is that while I am able to import users into VCD at the "<FQDN>/cloud" level, I cannot import users at the organizational "<FQDN>/cloud/org/orgname" level.  I get the following error:  "error searching in a groups or users identity source."  Oddly enough, I can add an AD group, but I still can't login with that user so that it may create/add the user account for me.  Perhaps I'm misunderstanding how users/groups works in VCD?

Any help is appreciated. I can provide log files if necessary.  Thanks.

0 Kudos
3 Replies
amarcy
Contributor
Contributor
‎02-05-2013 06:52 AM

Sorry to bump my own thread, but has anyone encountered this error message?

0 Kudos
amarcy
Contributor
Contributor
‎02-07-2013 09:48 AM

I still haven't found a solution, but I think the problem has to do with AD groups not being recognized correctly.  In our AD environment, we are using simple authentication and don't use SSL.  When I log into VCD at the root level, I am able to add AD users/groups; when I log in to VCD at the organizational level, I can only add groups but can't add users.  FWIW, I'm logging in with a system administrator account.

Again, I get the following error message when trying to import AD groups at the organizational level:  "error searching in a groups or users identity source."

Can anyone tell me what this error means?

0 Kudos
amarcy
Contributor
Contributor
‎02-11-2013 07:01 AM

Finally figured this out.  I first had to wrap my head around the idea that LDAP is defined not only at the top VCD level, but also at the Organizational level.  When I had initially setup the organization, I had defined a OU (ou=users) which was not how I had intended to set it up.  To change this, have to login to the VCD URL (https://<FQDN>/cloud), click on manage & monitor, click organizations (top), then right click the organization listed and select properties.  There is a tab to configure LDAP.  It's probably best to select "custom" if you want to define LDAP users specifically for this organization.

Frankly, it's a little difficult to find some of the configuration areas in VCD.  A lot of the LDAP config looks the same in the documentation.  In any event, this is the solution in case anyone runs into this problem.

0 Kudos