How to Configure LDAPS Authentication in vCenter 7.0

This article explains how to configure LDAPS authentication in vCenter 7.0.

1. Connect to the vCenter Server Appliance with SSH and login as root.
2. Run the following command to show the LDAP certificate

   # openssl s_client -connect dc.virten.lab:636 -showcerts

3. The command displays the certificate chain and SSL session information. The information we are looking for is the topmost certificate:
   
4. Copy everything between (and including) -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- and copy it to a text file.
   
5. Save the file with a .cer extension.
6. Open vSphere Client
7. Login as Single Sign-On Administrator
8. Navigate to Menu > Administration > Single Sign-On > Configuration
   
9. In the Identity Provider tab, open Identity Sources
10. Click ADD
11. Select Active Directory over LDAP or OpenLDAP, depending on your directory type.
12. Fill out the remaining fields as follows:
    Identity Source Name: Label for identification
    Base DN for users: The Distinguished Name (DN) of the starting point for directory server searches. Example: If your domain name is virten.lab the DN for the entire directory is "DC=virten,DC=lab".
    Base DN for groups: The Distinguished Name (DN) of the starting point for directory server searches.
    Domain name: Your domain name. Example: "virten.lab"
    Domain alias: Your NetBIOS name. Example: "virten"
    Username: Domain user with at least browse privileges. Example: "ldapbind@virten.lab".
    If you get an "User XXX is not a valid dn format", try using the DN "uid=ldapbind,cn=users,dc=virten,dc=lab"
    Connect to: Either connect to port 636 (LDAP) or 3269 (Global Catalog).
    Example: "ldap://dc01.virten.lab:636".
13. Click Browse next to SSL Certificate
14. Select the .cer file created in step 5.
15. Click ADD and finish the configuration wizard

From here, you can proceed and add users as explained here.