VMware Cloud Community
Sreejesh_D
Virtuoso
Virtuoso
‎09-02-2015 06:22 AM

Is it possible to allow users from two AD domain (trusted domains) to authenticate to one/same ORG?

Hi all,

is it possible to allow users from two AD domain to authenticate to same Organization in vCloud DIrector 5.5.2?

For example, we've two domains.

DomainA

DomainB

The organization 'Test' is configured with Custom LDAP service pointing to DomainB. In this scenario, is there a way for the users in DomainA to authenticate to the Organization 'Test'?

DomainA has one way trust with DomainB.

0 Kudos
4 Replies
Sreec
VMware Employee
VMware Employee
‎09-02-2015 09:26 AM

As far as i know VCD doesn't support hierarchical domains for LDAP authentication.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
admin
Immortal
Immortal
‎09-03-2015 08:16 AM

This should be unique AD forest and does not support hierarchical domains for LDAP authentication as documented VMware vCloud Director Documentation Center

0 Kudos
genevt
Contributor
Contributor
‎09-08-2015 10:34 AM

I think the question was around multiple authentication sources for 1 vCloud Org.  I haven't personally found a way to do this, and currently working with someone who hopes this can be done as well, however, it looks more like 1 AD Domain per Org in vCloud for LDAP authentication.

To me, the hierarchical sounds a lot more like configuring your org with 1 LDAP domain, hoping to authenticate with credentials from a sub domain or vice versa.

So, possible to have multiple LDAP sources for 1 vOrg?  Doubtful, but would be nice if it can be done.

IamTHEvilONE
Immortal
Immortal
‎09-10-2015 12:42 PM

It might be possible, but it's not easy by any means and I have note tested this (so it might not be supported).

However, you cannot have two users of the exact same 'username' (whatever they login to vCloud Director with).

1. user from Domain A

You could have Federation setup to connect to ADFS or OpenAM.  Anybody that goes to the https://vcloud.url/cloud/org/orgname would be redirected to the IdP for authentication.

2. users from domain B

Local/LDAP users could be configured separately, and they would login to https://vcloud.url/cloud/org/orgname/login.jsp -- they have to specifically go to login.jsp to bypass the Federation Login page.

0 Kudos