joeflint
Enthusiast
Enthusiast

vCenter LDAPs

Hi, we use vSphere v6.7 U2 and i have an external AD identity source configured using LDAP. We have a requirement to change the configuration to use LDAPs.

Firstly, can the existing identity source be updated to LDAPs or does a new identity source need to be created for LDAPs?

Secondly, can two identity sources for the same domain co-exist? If the answer is no does vCenter allow removing the LDAP identity source and to add the LDAPs identity source for the same domain? I'm not sure if it's true but read that a vCenter re-install my be required.

Lastly, i've limited experience on CA certificates which is a requirement to implement LDAPs. Can anyone sure a clear guide to complete the following:-

  • Install CA for AD (on a DC) - I'm not sure if CA needs to be installed but a certifcate is required for LDAPs
  • Export certificate for use in LDAPs identity source configuration on the vCenter server

Thanks

0 Kudos
1 Reply
nachogonzalez
Commander
Commander

Hey, hope you are doing fine:

regarding your questions:

1. In my experience, you can make some editions to the Identity sources but sometimes is easier to delete them and re-create them
2. No, just one per domain

Check this document on LDAPS: https://ctrl-alt-insert.com/2020/01/08/ldaps-configuration-vcsa/

0 Kudos