I have a vCenter 6.0 instance which uses an OpenLDAP identity source (actually on a RedHat 389 Directory Server), and I notice there are some differences between the available 'Administration' menu items when logging in as an externally managed LDAP user than for a local SSO Domain user. If it's relevant this installation uses an external PSC.
These differences are:
'Single Sign-On' item is missing for the external LDAP user
'Solutions > Client Plug-Ins' item is missing for the external LDAP user
'Deployment > System Configuration' shows 0 Nodes and Services, and the message "You do not have permissions to view this page. You must be a member of the SystemConfiguration.Administrators group in vCenter Single Sign-On to access System Configuration.".
If I try to add the external LDAP user to SytemConfiguration.Administrators group (or any other group) I get an error saying that 'One or more of the specified principals was already part of the group'.
Is it possible to have the same privileges for the externally authenticated users as for local users, and, if so, how is this achieved?
Thanks in advance.