Hello,
I am currently working on integrating OpenLDAP with vCenter Single Sign-On. I have encountered an issue regarding the use of the posixAccount objectClass, which is required by most LDAP clients (except vCenter) to retrieve key attributes like cn, uid, and userPassword.
While vCenter Single Sign-On explicitly requires the use of the inetOrgPerson objectClass for user objects, many of the LDAP clients in our environment rely on posixAccount to access Unix/Linux-specific attributes. This creates a challenge when trying to ensure compatibility across both systems.
I would like to ask:
-
Is it possible to use the posixAccount objectClass in OpenLDAP while also satisfying the inetOrgPerson requirement for vCenter Single Sign-On?
- Specifically, can both objectClasses (i.e.,
inetOrgPerson and posixAccount) be used together for users, ensuring compatibility with both vCenter and other LDAP clients?
-
What are the best practices for integrating vCenter with Unix/Linux systems using posixAccount and ensuring that the required attributes (cn, uid, userPassword) are accessible by both vCenter and other LDAP clients?
-
Can vCenter be configured to handle posixAccount attributes like uid, cn, and userPassword, while maintaining compatibility with the standard LDAP schema required by vCenter?
-
Are there any known issues or limitations when combining posixAccount with the vCenter-required inetOrgPerson?
urrently, I am unable to authenticate my users via LDAP because my LDAP schema uses nsOrgPerson instead of the required inetOrgPerson objectClass.
I would appreciate any insights, solutions, or suggestions on how to achieve a smooth integration between vCenter Single Sign-On and the other LDAP clients that depend on posixAccount.
Thank you for your help!