Hey Jon,

This is for the /Custom UI

Thanks

VK

It should be possible.  You just have to add an LDAP server per each instance, then import the users or groups into a role.  I'm not aware of a specific limit to the number of LDAP servers you can have.

It is usually preferable to have a single LDAP group directly associated to a role in vCOps, making administration easy in small environments.  However, that's not always possible logistically or practically (admin or ad structure).

Hey Jon,

Thanks for ur reply. can you explain how can i Integrate the present AD Security groups at different geographical groups in the vC Ops LDAP environment? What r the details i need to configure it.

Thanks

VK

If the AD groups are part of different AD Forests, then it might be best to add a specific group from each geography ... I'm not an AD expert by any means.  As long as an LDAP Search can find it given the search criteria and BaseDN and the users are in the same BaseDN, you should be fine.

Otherwise, you create a security group in AD, add each user account as a member, then find that group in vCOps and import it.

Hello Jon,

I got the detailed information regarding the LDAP host registration in a blog. Here is the blog info

http://tech.zsoldier.com/2012/04/vcenter-operations-5x-vapp-ldap.html

Thanks

VK

sorry, I can't get to that site from work =(

Can you put the details directly in this thread?

Hello Jon,

I found this in one of our friends blogs names Zsoldier's tech blogs. I am pasting it here.

Summary:

I happened to see someone searching for this and coming across my previous post on it’s wonkiness

, so I figured I’d make a post showing how I went about configuring it w/ an Active Directory domain.  This only applies to the vcops-custom page.  The standard vCops-vsphere page uses vCenter’s authentication via role permissions.

Details:

1. Log into your vcops-custom page as an admin. (example http://yourvCOPsUIvmIP/vcops-custom)
2. Select Admin –> Security
   • 
3. Select the Import from LDAP button
   • 
4. Select the add button
   • 
5. Now see the screenshot below to see how to fill out the configuration screen:
   • 
6. Below details how the auto-sync works:
   • 
7. You’re pretty much done @ this point.

Auto Sync occurs once every hour, so once you configure it, it’ll take approx. an hour before users are granted access.  The other caveat is that nested groups are not supported.  Users must be direct members of the security group you setup w/ Auto Sync.

Feel free to ask questions in the comments.  I’m always keeping an eye on those.

Thanks

VK

how do i configure a new user without AD/LDAP for vCOPs dashboard?

also i can't see where to set up LDAP with /vSphere... missing something?

:smileyconfused:

Hi,

Under admin -> Security. you can just add a "local" user and "drag/drop" onto a group.

Hello Twin dude

You can import the LDAP settings in only Custom dashboard which is http:\\vcops\custom not in \vsphere. please see my previous post in the same thread where i copied for one of our friends blogs about seting up of LDAP.

Thanks

VK

so i am going here:

https://x.x.x.x/admin (vCenter Operations Manager Administration)

I see - reg/smtp/ssl/status/update/account

i am logging in as admin - i do not see a "security" tab

https://x.x.x.x/vcops-vsphere/ (vCenter Operations Manager)

i am logging in as admin - i do not see a "security" tab

this is what i have in test currently:

Hey Twindude,

You will see the security tab in the custom dashboard not in the vsphere UI. for vcops uwill have two kinds of dashboards.

hit this in the browser -- http:\\vcosp ip address or dns name  which opens the vsphere the UI

if u hit http:\\vcops ipaddressor dnaname\admin it will open admin page

if u hit http:\\vcops ip address or dns mane\custom it will open custom dashboard.

The custom dashboard is available depending on the license u have on vcops. the custom dahsboard is available in enterprise edition. hopw this helps.

Thanks

VK

how do i configure a new user without AD/LDAP for vCOPs dashboard? "should have added the default UI"

also i can't see where to set up LDAP with "/vSphere"... missing something?

ADVANCE license does NOT support /custom UI (i understand that)

           I understand the difference in the 2 different items (custom/default)

I am trying to setup another user/s other than admin for accessing the "default vcops/vsphere UI" - is this possible? if so how, please

/sphere uses vCenter pass through authentication.  What does this mean?

1. the user must have an account in EACH vCenter that has been added to vCOps in the the /admin

2. In each of these vCenters, the user MUST have a role that includes EITHER the vCOps Admin or vCOps User permission.

Admins have this by default, users need this enabled (under the global permissions set, last two options).

When they login to the /vsphere UI of vCOps, they type in their username as if it were the vSphere client.

vCOps checks to see if the user can login to each vcenter and has the required permission.  If this is true, they can login.  Otherwise it's a failure.

Best Regards,

Jon Hemming

Hey twin dude

If you provide access to the users for the default dashboard yu have to do the following

In the vcenter create two seperate roles as  vcops users & vcops Admins. now when you edit the vcops admin role in the priviliges select

Global -> vCenter Operations Manager ADMIN only have rights to vSphere UI which provides admin access to vcops UI

similarly

when you edit the vcops user role in the priviliges select

Global -> vCenter Operations Manager User only have rights to vSphere UI which provides user access (read-only) to vcops UI.

Creating seperate roles will help in auditing the roles.

You might have done admin and for users also if u provide access at vcenter roles i suggested with their AD names they will have access to default dashboard