vCenter

 View Only
  • 1.  LDAPS Identity source addition

    Posted Apr 22, 2020 08:06 PM

    I need to add another identity source to my VCenter environment and having trouble. I've read other posts of people having similar trouble and I have not had much luck. I suspect there may be a few reasons why this isn't working and I need help understanding the why and if its even possible.

    We have multiple identity sources configured and for sake of brevity I won't share them all.

    These names are fictional for security sake..

    We currently have an identity source using ldap setup as:

    Name: business.college.edu

    Server url: ldap://business.college.edu:389

    Domain: business.college.edu

    Alias: business

    I would like to add an identity source to this site and instead of using ldap, I want to use ldaps. This is how I tried adding it as:

    Name: business.college.edu

    Server url: ldaps://business.college.edu:636 (I've also tried port 3269)

    Domain: business.college.edu

    Alias: business

    I also include the SSL cert

    Then I try adding it, I get the following error:

    Check the network settings and make sure you have network access to the identity source

    Is it possible to have 2 identity sources, one using ldap and the other ldaps?(We're working toward just using ldaps)?

    Can the Name of the identity source be anything?

    Do you see anything else that may be causing this?

    Also, I when I edit the ldap identity source to look at those settings, The information in several fields - particularly the AD information flashes and shows me different results. For example, for Base distinguished name for users, instead of showing (what I think it is set to) DC=business,DC=college,DC=edu, it switches to DC=college,DC=edu.

    Is that normal? I suspect that this is because I am logged in with an account in the business.college.edu domain and don't have access to the college.edu domain, but not sure... Either way, I am entering credentials with an account with domain admin rights on the business.college.edu domain. I also, suspect that the true settings for the ldap identity source may be different than I understand and what I see may not be good and the reason why my attempt at adding an ldaps identity source is failing.

    Any and all help that gets me closer to a solution or better understanding is appreciated!

    James



  • 2.  RE: LDAPS Identity source addition

    Posted Apr 23, 2020 06:00 AM

    Moderator: Moved thread to vCenter Server



  • 3.  RE: LDAPS Identity source addition

    Posted Apr 23, 2020 07:10 AM

    You can add multiples identity source however, make sure you login with administrator@vsphere.local account. Below are the reference KB may this will also help you.

    VMware Knowledge Base

    VMware Knowledge Base



  • 4.  RE: LDAPS Identity source addition

    Posted Oct 05, 2020 06:05 PM

    Hi, were you able to resolve the issue? If so how?

    Thanks



  • 5.  RE: LDAPS Identity source addition

    Posted Oct 06, 2020 12:19 PM

    Hey, hope you are doing fine, let me point you with some questions:

    Have you installed LDAPS domain certificates on your VCSA?
    Are you able to ping LDAPs domain controllers from VCSA?
    Can you please try to curl the LDAPS identity source from your VCSA?

    Is DNS working fine (do you have forward and reverse resolution)?
    Check if port 636 is open between VCSA and LDAPs server

    it seems to me (based on the error) that there is something on the network, might be connectivity, DNS, firewall or a certificate configuration issue.

    Please check that and let me know.