On a first place or one of the first you should register vCloud director to vCenter SSO and to central user directory such as OpenLDAP or Active Directory.
Registering vCloud Director in Single Sign-On
- Log in to vCloud director as Administrator
- Go to Administration –> system settings –>Federation –> Register
- Type required information:
- Lookup Service url
- SSO admin User Name: admin@system-Domain
- SSO admin password – the one which was set during SSO installation
- vCloud director URL
[box type=”info”] NOTE: if you marked Use vSphere Single SignOn, before use SSO users you have to configure vCD to use SAML.[/box]
Connecting vCloud Director to Active Directory
To make user management easier you can connect vCloud director to LDAP server such as OpenLDAP or Active Directory.
- Log in to vCloud Director as Administrator
- Administration –> system settings –> LDAP
[box type=”info”] NOTE: I will configure connection over 389 port, if you want to use SSL and Kerberos authentication refer to VMware vCloud Director documentation.[/box]
- Type the host name or IP for LDAP server – in this example will be AD domain controller
- Type the port number – For LDAP, the default port number is 389. For LDAP over SSL (LDAPS), the default port number is 636
- Type the base distinguished name (DN) – in my example is DC=lab,DC=local which refer to lab.local domain
- Choose authentication method – Simple
- Type a user name and password to connect to the LDAP server. Type the full LDAP DN:
CN=vCAC app user,CN=Users,DC=lab,DC=local
- Apply and test connectivity to LDAP server
Add LDAP users or groups to vCloud Director
- Log in to vCloud Director as Administrator
- Administration –> system administrator and roles –> Users or groups –> Import Users
- choose source – LDAP and type user or groups name –> click on ADD button
User or group will appear on summary page for selected objects