vCenter

 View Only

  • 1.  Change ldap user password as local vcsa administrator?

    Posted Jun 03, 2022 01:56 PM

    Stop me if you've heard this one before ( I assume you have, but couldn't find with a search).

    We have SSO with an AD identity source. I changed the pw for the ldap read only user yesterday and forgot that same account was used for the VCSA, Now I can only log into the VCSA as local admin, and I can't change the ldap user pw because the local admin apparently doesn't have network access. I get this error when I try to save: "Check the network settings and make sure you have network access to the identity source."

    Can I fix this as local admin with a command line or some other way? I do still have the old ldap user password, so I might be able to revert back to that temporarily but I wanted to find out if I have another option first. I'm also not sure if I'll be able to change back to the old password if there's an AD policy to prevent that, but I think I'll be able to with this account if I have to.

    Thanks.

     



  • 2.  RE: Change ldap user password as local vcsa administrator?

    Posted Jun 06, 2022 01:23 PM

    Hi  

    I had this issue before with some LDAPs configuration. The solution is as simple as to remove it and recreate it.

    Regards

    Daniel



  • 3.  RE: Change ldap user password as local vcsa administrator?

    Posted Jun 06, 2022 01:25 PM

    OK, I'll try that. Makes sense since we obviously have to create it as local admin in the first place. Thanks.



  • 4.  RE: Change ldap user password as local vcsa administrator?

    Posted Jun 06, 2022 01:27 PM

    Hi

    very good. Let us know the outcome and mark as resolved for house keeping

    Regards

    Daniel



  • 5.  RE: Change ldap user password as local vcsa administrator?

    Posted Jun 06, 2022 01:43 PM

    Will do. Just making sure I have all my info first.



  • 6.  RE: Change ldap user password as local vcsa administrator?

    Posted Jun 06, 2022 02:20 PM

    I removed the ldap identity source, but I'm still getting the "Check the network settings and make sure you have network access to the identity source" error.



  • 7.  RE: Change ldap user password as local vcsa administrator?
    Best Answer

    Posted Jun 07, 2022 01:46 PM

    Fixed. The ldap certificate is not marked as a required field, but it apparently is required so it worked as soon as I plugged in the certificate. If anyone from VMware is reading this, I would recommend that the ldap certificate field be marked as required.

    I was able to download the ldap cert used by our organization by installing Git for Windows, opening Git Bash and running this openssl command:

    echo -n | openssl s_client -connect ldapserver:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldapserver.cer

    Where ldapserver  is either the fqdn or ip address of your organization's ldap server.

    Thanks, all.