Skip to content

Vmware VCSA 5.1 AD

October 1, 2013
  • Login as root (VCSA) or admin@system-domain (Windows)
  • Navigate to Administration > Sign-On and Discovery > Configuration (If there is no Configuration entry you are probably not logged in as admin@system-domain)
  • Click the green + sign to add an identity source

webclient_add_identity_source

  • Select Active Directory
  • Fill out the form, replace with your domain settings
  • Name: virten (This is just a nunfunctional label)
  • Primary server URL: ldap://dc01.virten.local:3268 or ldap://dc01.virten.local
    Note: Port 3268 is the global catalog. Browsing the directory is much faster when asking the global catalog.
  • Secondary server URL: ldap://dc02.virten.local:3268 or ldap://dc02.virten.local(optional)
    Domain name: virten.local
  • Domain alias: virten
  • Authentication type: Password
    Note: Anonymous or Reuse Session will not work with this method
  • Enter Username and Password (Can be a read-only user. I usually use an own sso user)
    Note: You do not have to enter Base DN for users or Base DN for groups. It will use the directory root automatically. (You can modify that later if you want)

AD

  • Click Test Connection. It should tell “The connection has been established successfully.
  • Click OK twice
    Back at the Identity Source Window your AD should appear in the list and from now on you are able to assign vCenter permissions to users or groups from your active directory (As you know from vSphere 5.0 and previous). But users can’t login unless you add the identity source to the default domains.
  • Click the “world with arrow” button

add_identity_source_to_default_domain

You should get an warning telling you that ”Having multiple domains in the Default Domain list might result in locked user accounts during authentication”. That means when you have the same username with different passwords in different domains (Mostly the Administrator user in Windows) you might authenticate against the wrong directory and lock account.

You AD should now appear in the bottom list.

  • Save the configuration

save_default_domain_config

THANKS – http://www.virten.net

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: