I'm running vSphere 6.7 with LDAP single sign on configured for my users. With the increasing number I would like to set permissions to whole LDAP groups instead of adding LDAP users to local groups. Because we are running more services that hook into LDAP, it is easier and less time consuming to just do our user administration in one place (in our case the LDAP server). But I can't figure out how to set permission to a whole LDAP group.
The LDAP configuration which i'm using right now looks like this:
Users DN: dc=user,dc=company,dc=nl
Groups DN: cn=groups,dc=user,dc=company,dc=nl
primary Server URL: ldap://192.168.178.100:389
I anonymized the configuration but you'll get the point
I also played around with the groups DN, by removing cn=groups or adding a specific group like cn=vsphereusers,cn=groups, but it doesnt matter, I can't seem to find my groups in the permission or in the user dialog. I also tried to use the flash client but that didnt help either.
Just to be clear, I am amble to see my users and add them to local groups and give permissions to those groups.
Does anyone know how to add permissions to LDAP groups?
I would try initially to set the "Global Catalog 3268" port instead of "389".