Just after updating my vSphere system to 5.1 (from 5.0), I notice some strange think with users and groups. Here my setup:
2 domains : let say Domain A and Domain B.
Domain B have a one way trust relationship with domain A. In short, we wan to be able to use Domain A login on domain B.
All my vSphere are on domain B. I have SSO / vCenter server and a Web client. I also create a groupe name VC-Administrators on Domain who contain user from Domain A.
In 5.0, no trouble, all my admin can log with domain A credential.
In 5.1, nothing is working... I add both domain in SSO configuration. My domain A user can log in web client, but they didn't see any vCenter.
BUT, if I put a domain A user directly as a vCenter administrator, it's working.
So, somewhere something doesn't see users from domain A if they are in a group in domain B. User on domain A in domain A works great and B in B also...
I also try a fresh install, same result.
Welcome to the communities.
Again trust relation ship come to role and they are working on there home domain .
If trust relation ship ok then check some firewall and service are running in suto mode .
I'm not sure what your asking but my trust is working (I can log with a domain A user on a domain B computer).
I try today to add a SSO group with domain A user and use this group for permission and this is working...
So, I will stay with that solution for now, unless someone have another idea.
We had this exact same problem and were able to work around by changing the LDAP query in SOO to only query the users OU and not the whole directory. We also saw faster lookups for assigning permissions and logging in.