You can configure the vCenter Hyperic server to use LDAP authentication for new users, and to assign user roles based on LDAP group membership.

1

On the Admin tab, click HQ Server Settings.

2

In the LDAP Configuration Properties section, enter appropriate values for the following properties.

Property

Description

Use LDAP Authentication

Select the checkbox to enable LDAP authentication.

URL

Enter the location of your LDAP or Active Directory server. If other than the standard LDAP port is used, specify it the URL. Add the port to the end of the URL, after a colon (:) character. For example, ldap://YourLDAPHost:44389.

If your LDAP directory requires SSL, specify the SSL port in the URL.

SSL

Select the checkbox if your LDAP directory requires SSL connections.

Username

Supply an LDAP username with sufficient privileges to view the sections of the directory that contain the information for LDAP users who will access vCenter Hyperic. (This property is not necessary if the LDAP directory allows anonymous searching. This is not something that is common in secure environments.)

Password

Supply the password for the LDAP user specified in Username.

Search Base

(Mandatory) The Search Base property, sometimes referred to as the suffix, defines the location in the LDAP directory from which the LDAP user search begins. Supply the full path to the branch for example, ou=people,dc=example,dc=com

Consult your LDAP administrator if necessary.

Search Filter

Optionally, enter a filter to limit the LDAP user search to a subset of the object identified by the Search Base property. For example, (!(location=SFO*)).

Login Property

(Mandatory) Specify the LDAP property (for an LDAP user) that vCenter Hyperic will use as the username for the user's vCenter Hyperic account. The default value is cn. Depending on your LDAP environment, a different property, for example, uid, might be appropriate.

Group Search Base

For vCenter Hyperic to automatically assign vCenter Hyperic roles to new users, supply a value for this property. The property defines the location in the LDAP directory from which the LDAP group search begins.

Search Subtree

If you have configured the Group Search Base property, select the checkbox to enable search of the entire subtree of the object identified by Group Search Base.

Group Search Filter

If you have configured the Group Search Base property, enter a filter to limit the LDAP group search to a subset of the objects found in the group search.

The default value Member={0}, results in filtering by the full distinguished name of a user.

To filter by user login name, setMember={1}.

3

Click OK.