This article explains how to configure LDAPS authentication in vCenter 7.0.
- Connect to the vCenter Server Appliance with SSH and login as root.
- Run the following command to show the LDAP certificate
# openssl s_client -connect dc.virten.lab:636 -showcerts
- The command displays the certificate chain and SSL session information. The information we are looking for is the topmost certificate:
- Copy everything between (and including) -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and copy it to a text file.
- Save the file with a .cer extension.
- Open vSphere Client
- Login as Single Sign-On Administrator
- Navigate to Menu > Administration > Single Sign-On > Configuration
- In the Identity Provider tab, open Identity Sources
- Click ADD
- Select Active Directory over LDAP or OpenLDAP, depending on your directory type.
- Fill out the remaining fields as follows:
Identity Source Name: Label for identification
Base DN for users: The Distinguished Name (DN) of the starting point for directory server searches. Example: If your domain name is virten.lab the DN for the entire directory is "DC=virten,DC=lab".
Base DN for groups: The Distinguished Name (DN) of the starting point for directory server searches.
Domain name: Your domain name. Example: "virten.lab"
Domain alias: Your NetBIOS name. Example: "virten"
Username: Domain user with at least browse privileges. Example: "ldapbind@virten.lab".
If you get an "User XXX is not a valid dn format", try using the DN "uid=ldapbind,cn=users,dc=virten,dc=lab"
Connect to: Either connect to port 636 (LDAP) or 3269 (Global Catalog).
Example: "ldap://dc01.virten.lab:636". - Click Browse next to SSL Certificate
- Select the .cer file created in step 5.
- Click ADD and finish the configuration wizard
From here, you can proceed and add users as explained here.