LDAP is a central authentication mechanism that lets you use a login credential to access multiple servers and groups with which you are associated.

If an organization already uses LDAP to handle its authentication and directory services, vCloud Application Director server can integrate with the existing LDAP authentication mechanism. You can use the CLI to create and manage LDAP configurations in vCloud Application Director.

Note

You can have multiple LDAP servers defined in a vCloud Application Director server, but you can have only one LDAP configuration active at any given time for authentication.

Verify that your user account has the ROLE_SYSTEM_ADMIN system administrator role assigned to it.

Verify that you know the password for the darwin_user. This password was set during installation. See Start the vCloud Application Director Appliance.

Start the vCloud Application Director CLI. See Start the CLI Remotely.

1

In the roo shell, follow the prompts to create an LDAP configuration.

create-ldap-config

vCloud Application Director creates the LDAP configuration and saves the configuration in its database.

2

(Optional) Check the existence of a user name in the LDAP directory to confirm server connectivity.

test-named-ldap-config --configname LDAPConfigName --name LDAPUserName
3

(Optional) Activate an LDAP configuration if it was not activated during the initial creation or to activate another LDAP configuration.

activate-ldap-config --configname LDAPConfigName

Activating an LDAP configuration in the vCloud Application Director server allows authentication against the named LDAP configuration.

Even after the LDAP configuration is activated, vCloud Application Director always searches the local database first for valid users before performing an SSO or LDAP authentication. This verification action ensures that local users are not locked out if the same user name exists in the local database, SSO group, and the LDAP server. If users have the same credentials in the SSO group as the LDAP server, the SSO authentication takes precedence. If multiple user names exist on the local database, the first entry that was added is used for authentication.

To connect to your LDAP server over a secure channel when your LDAP certificate is signed by a local authority, or self-signed, import the LDAP certificate to the vCloud Application Director server openssl trusted list. See Import a SSL Certificate for Secure LDAP Connection.

Use the CLI to perform tasks such as importing users and groups and updating existing LDAP configurations. See Managing LDAP Configurations.