Learn this text to discover ways to configure Energetic Listing over LDAP as an identification supplier in a vCenter Server.
Step 1: Create an AD Service Account
Whenever you configure Energetic Listing over LDAP, you have to specify a service account. Observe these steps to create a service account.
- Open Energetic Listing Customers and Laptop (ADUC). Then, right-click the OU you want to create the account, and level to New > Consumer.
- On the primary web page of the “New Object – Consumer” web page, enter the main points and click on Subsequent.
I’m utilizing “Ldap Service Account” because the identify of the account and ldap_user because the login identify.
- On the subsequent web page, enter a password and repeat it. Then, uncheck “Consumer should change password and verify “Password by no means expires,” then click on End on the subsequent web page to create the account.
Step 2: Get the Required Info
You want some info to configure AD over LDAP. To make the subsequent step straightforward, let’s put the knowledge collectively.
Firstly, you require the DistinguishedName (DN) of the service account you created in step 1. Moreover, you want the bottom DN of the area.
Observe these steps to get this info:
- On Energetic Listing Customers and Computer systems, click on View and choose Superior Options. Notice that earlier than you click on Superior Options, there shall be no tick beside it.
- Subsequent, to get the DN of the AD Area, right-click the area and choose Properties.
- Click on the Attributed Editor tab, then, find DistinguishedName and double-click it.
- Lastly, copy the DN
- Repeat steps 1 to 4 for the LDAP service account you created earlier. Lastly, you require the IP tackle of at the least one Area Controller and the Absolutely Certified Area Title (FQDN) of the area.
Earlier than you proceed, be aware the next:
a) The DistinguishedName of the area identify and the LDAP service account
b) The IP tackle of at the least one DC within the Area
c) You additionally require the FQDN of the area, for instance, corp.itechguides.com
d) The password of the LDAP service account
After getting these, proceed to step 3 under.
Step 3: Configure Energetic Listing over LDAP in vCenter
- Log in to vCenter with an account that has the required permission. Then, click on the menu in vCenter and choose Administration.
- Underneath Single Signal on, click on Configuration > Identification Sources > ADD.
- Then, choose “Energetic Listing over LDAP” on the Add Identification Supply > Identification Supply Kind drop-down.
- Lastly, configure the identification supplier as proven within the screenshot and explanations under:
On the Identification supply identify, enter the primary a part of the area. If the FQDN of the area is lab.itechguides.com, the Identification supply identify is “lab”.
Subsequent, on the “Base distinguished identify for customers” and “Base distinguished identify for teams,” enter the area’s DN.
After that, on the Area identify enter the area’s FQDN. The Alias is identical because the Identification supply identify.
On the Consumer identify and Password, enter the DN of the LDAP person account and the account’s password. On the Hook up with possibility, choose “Particular area controllers.”
Enter the IP tackle of a DC within the Major server URL, beginning with “ldap://“. Lastly, enter the IP of a second DC within the Secondary server URL.
Whenever you end supplying the required info, click on ADD on the backside proper of the web page.
Earlier than continuing, make the brand new vCenter Identification supplier default. Use this screenshot as a information.
Step 3: Grant Energetic Listing Customers Entry to vCenter
Observe this screenshot so as to add an AD group to a vCenter group. I added the Area Admins group to the vCenter’s World Administrator group on this instance.
If it’s essential to add a person or group to a vCenter function, click on Roles on the left pane, choose the function, after which add the person.
Conclusion
Energetic Listing over LDAP as a vCenter identification supplier delivers AD Single Signal-on for vCemter. With this characteristic, you keep away from the duplicate work of making and managing vCenter customers regionally.
As a substitute, you possibly can grant AD customers entry by including them to vCenter teams. In the meantime, you additionally keep away from becoming a member of vCenter to the AD area.
By the best way, VMWare recommends configuring Energetic Listing over LDAP as an alternative of becoming a member of vCenter to the AD area.
I’m assured that this information made your day! Why not let me know by responding to the “Was this web page useful?” query under?
Earlier than you go, see if any of the articles within the “Associated Articles” part under pursuits you. Thanks for visiting Itechguides!