The Authentication Proxy looks like a great tool to enable AD authentication on ESXi Servers. The issue we are facing with this is that during the installation of the service it creates an active directory user and therefore requires a domain administrator to install the service. The environment which this is being deployed in is under a high degree of control and automatic user creation isn't allowed without both:-
a) Fully documented changes which are applied during this installation
b) Understanding what are the minimum permissions which this (CAM) user can have. It is applied with many permissions at the top of the OU structure.
We have contacted GSS who weren't particularly helpful and suggest we create a feature request!! This doesn't seem correct as we're asking for some documentation for something which is already within the software.
Ideally what we'd like is create our own user, apply the minimum permissions in the correct OU and then assign this user to the VAP service.
Anyone come across this issue before and have a reasonable workaround or any information.