AD setup for Orchestrator

cw2 · ‎11-24-2010

I'm trying to configure LDAP for vCenter Orchestrator 4.0.1

I get the green light for the LDAP configuration but the test login does not recognise that I'm a member of the admin group

I've got

User: OU=Our Users,DC=mycompany,DC=com

Group: CN=Groups,DC=mycompany,DC=com

vCO Admin: CN=vco_admin,OU=Groups,DC=mycompany,DC=com

The username is a member of the vco_admin group on Active Directory. Using the Test Login it authenticates, but says that the user is not a member of vCO Administors.

As a test I've changed the vCO Admin group to be CN=Domain Admin - a username who is a member of Domain Admin comes up as a member of vCO Administrators; username not a member comes up as not a member.

Also tried it with vCO Admin group as Domain Users, and that works ok - all usernames check as members of vCO Administrators.

So Orchestrator seems to be working ok but using the dedicated vco_admin group then Orchestrator test login reports that username is not a member, even though added as a member to the AD group.

So, anyone got any clues as to what's wrong in the Active Directory setup - or how it might be investigated? More of an AD issue than Orchestrator!

admin · ‎11-24-2010

Hi,

something i asked myself when reading: why is Groups a OU and an CN? Are they different?

best regards

Christian

admin · ‎11-24-2010

Can you please show us a screenshot from the ldap config?

VMGenie02 · ‎02-09-2011

Hi,

Did you come right?

AureusStone · ‎02-14-2011

Group: CN=Groups,DC=mycompany,DC=com

That should be

OU=Groups,DC=mycompany,DC=com

All

AD setup for Orchestrator