COBMikolajek
Contributor
Contributor

LDAPS Identity source addition

I need to add another identity source to my VCenter environment and having trouble. I've read other posts of people having similar trouble and I have not had much luck. I suspect there may be a few reasons why this isn't working and I need help understanding the why and if its even possible.

We have multiple identity sources configured and for sake of brevity I won't share them all.

These names are fictional for security sake..

We currently have an identity source using ldap setup as:

Name: business.college.edu

Server url: ldap://business.college.edu:389

Domain: business.college.edu

Alias: business

I would like to add an identity source to this site and instead of using ldap, I want to use ldaps. This is how I tried adding it as:

Name: business.college.edu

Server url: ldaps://business.college.edu:636 (I've also tried port 3269)

Domain: business.college.edu

Alias: business

I also include the SSL cert

Then I try adding it, I get the following error:

Check the network settings and make sure you have network access to the identity source

Is it possible to have 2 identity sources, one using ldap and the other ldaps?(We're working toward just using ldaps)?

Can the Name of the identity source be anything?

Do you see anything else that may be causing this?

Also, I when I edit the ldap identity source to look at those settings, The information in several fields - particularly the AD information flashes and shows me different results. For example, for Base distinguished name for users, instead of showing (what I think it is set to) DC=business,DC=college,DC=edu, it switches to DC=college,DC=edu.

Is that normal? I suspect that this is because I am logged in with an account in the business.college.edu domain and don't have access to the college.edu domain, but not sure... Either way, I am entering credentials with an account with domain admin rights on the business.college.edu domain. I also, suspect that the true settings for the ldap identity source may be different than I understand and what I see may not be good and the reason why my attempt at adding an ldaps identity source is failing.

Any and all help that gets me closer to a solution or better understanding is appreciated!

James

0 Kudos
4 Replies
scott28tt
VMware Employee
VMware Employee

Moderator: Moved thread to vCenter Server


-------------------------------------------------------------------------------------------------------------------------------------------------------------
VMware Training & Certification blog
0 Kudos
Nawals
Expert
Expert

You can add multiples identity source however, make sure you login with administrator@vsphere.local account. Below are the reference KB may this will also help you.

VMware Knowledge Base

VMware Knowledge Base

NKS Please Mark Helpful/correct if my answer resolve your query.
0 Kudos
joeflint
Enthusiast
Enthusiast

Hi, were you able to resolve the issue? If so how?

Thanks

0 Kudos
nachogonzalez
Commander
Commander

Hey, hope you are doing fine, let me point you with some questions:

Have you installed LDAPS domain certificates on your VCSA?
Are you able to ping LDAPs domain controllers from VCSA?
Can you please try to curl the LDAPS identity source from your VCSA?

Is DNS working fine (do you have forward and reverse resolution)?
Check if port 636 is open between VCSA and LDAPs server

it seems to me (based on the error) that there is something on the network, might be connectivity, DNS, firewall or a certificate configuration issue.

Please check that and let me know.

0 Kudos