VMware Cloud Community
PSYOPwarrior
Contributor
Contributor
‎03-21-2014 11:55 AM

vCloud LDAP Architecture

I've searched through the communities and haven't found the exact answer I'm looking for.

Currently our company has an internal AD domain that I'm using for LDAP called "myinternaldomain.com".  The problem is that our Cloud company is a spinoff of the original company, hence a new name "mycloud.com".  I want our customers to see "mycloud.com" when they are going to their URL or authenticating.

Does it make sense to spin up a new AD domain for "mycloud.com" in this situation?  

Any suggestions would be greatly appreciated!

Thanks!

0 Kudos
4 Replies
IamTHEvilONE
Immortal
Immortal
‎03-21-2014 12:16 PM

each organization can have a dedicated LDAP connector instance to a different domain, dc, whatever you want.

Just know it's a strict LDAP search engine (e.g. we don't adhere to MSDS hierarchy stuff).

However, you can't have 1 organization connected to two different LDAP instances/domains/BaseDNs.

0 Kudos
PSYOPwarrior
Contributor
Contributor
‎03-21-2014 12:26 PM

Ahh, I see.  So I can have a separate LDAP for my external cloud customers, while still maintaining my internal LDAP for my internal people / organizations?

Would this be the recommended architecture or am I just complicating things and perhaps I don't need to create a separate LDAP for the external customers?

Thanks!

0 Kudos
IamTHEvilONE
Immortal
Immortal
‎03-21-2014 12:26 PM

though you could use the global catalog port, so long as all the required attributes are replicated to it.

0 Kudos
IamTHEvilONE
Immortal
Immortal
‎03-21-2014 12:32 PM

> Ahh, I see.  So I can have a separate LDAP for my external cloud customers, while still maintaining my internal LDAP for my internal people / organizations?

Yes, this is entirely possible.  Each Organization can have a 'custom ldap setup'. 

> Would this be the recommended architecture or am I just complicating things and perhaps I don't need to create a separate LDAP for the external customers?

It's really "up to you".  If you want to leverage the existing LDAP config, then you can inherit the settings from System into the specific Org.  Otherwise, just use a dedicated LDAP config per each Organization.

0 Kudos