I need to add another identity source to my VCenter environment and having trouble. I've read other posts of people having similar trouble and I have not had much luck. I suspect there may be a few reasons why this isn't working and I need help understanding the why and if its even possible.
We have multiple identity sources configured and for sake of brevity I won't share them all.
These names are fictional for security sake..
We currently have an identity source using ldap setup as:
Server url: ldap://business.college.edu:389
I would like to add an identity source to this site and instead of using ldap, I want to use ldaps. This is how I tried adding it as:
Server url: ldaps://business.college.edu:636 (I've also tried port 3269)
I also include the SSL cert
Then I try adding it, I get the following error:
Check the network settings and make sure you have network access to the identity source
Is it possible to have 2 identity sources, one using ldap and the other ldaps?(We're working toward just using ldaps)?
Can the Name of the identity source be anything?
Do you see anything else that may be causing this?
Also, I when I edit the ldap identity source to look at those settings, The information in several fields - particularly the AD information flashes and shows me different results. For example, for Base distinguished name for users, instead of showing (what I think it is set to) DC=business,DC=college,DC=edu, it switches to DC=college,DC=edu.
Is that normal? I suspect that this is because I am logged in with an account in the business.college.edu domain and don't have access to the college.edu domain, but not sure... Either way, I am entering credentials with an account with domain admin rights on the business.college.edu domain. I also, suspect that the true settings for the ldap identity source may be different than I understand and what I see may not be good and the reason why my attempt at adding an ldaps identity source is failing.
Any and all help that gets me closer to a solution or better understanding is appreciated!
Moderator: Moved thread to vCenter Server
Hey, hope you are doing fine, let me point you with some questions:
Have you installed LDAPS domain certificates on your VCSA?
Are you able to ping LDAPs domain controllers from VCSA?
Can you please try to curl the LDAPS identity source from your VCSA?
Is DNS working fine (do you have forward and reverse resolution)?
Check if port 636 is open between VCSA and LDAPs server
it seems to me (based on the error) that there is something on the network, might be connectivity, DNS, firewall or a certificate configuration issue.
Please check that and let me know.