Hi all,
is it possible to allow users from two AD domain to authenticate to same Organization in vCloud DIrector 5.5.2?
For example, we've two domains.
DomainA
DomainB
The organization 'Test' is configured with Custom LDAP service pointing to DomainB. In this scenario, is there a way for the users in DomainA to authenticate to the Organization 'Test'?
DomainA has one way trust with DomainB.
As far as i know VCD doesn't support hierarchical domains for LDAP authentication.
This should be unique AD forest and does not support hierarchical domains for LDAP authentication as documented VMware vCloud Director Documentation Center
I think the question was around multiple authentication sources for 1 vCloud Org. I haven't personally found a way to do this, and currently working with someone who hopes this can be done as well, however, it looks more like 1 AD Domain per Org in vCloud for LDAP authentication.
To me, the hierarchical sounds a lot more like configuring your org with 1 LDAP domain, hoping to authenticate with credentials from a sub domain or vice versa.
So, possible to have multiple LDAP sources for 1 vOrg? Doubtful, but would be nice if it can be done.
It might be possible, but it's not easy by any means and I have note tested this (so it might not be supported).
However, you cannot have two users of the exact same 'username' (whatever they login to vCloud Director with).
1. user from Domain A
You could have Federation setup to connect to ADFS or OpenAM. Anybody that goes to the https://vcloud.url/cloud/org/orgname would be redirected to the IdP for authentication.
2. users from domain B
Local/LDAP users could be configured separately, and they would login to https://vcloud.url/cloud/org/orgname/login.jsp -- they have to specifically go to login.jsp to bypass the Federation Login page.