You can configure Orchestrator to connect to a working LDAP server on your infrastructure to manage user permissions.

If you are using secure LDAP over SSL, Windows Server 2003 or 2008, and AD, verify that the LDAP Server Signing Requirements group policy is disabled on the LDAP server.

If you configure Orchestrator to work with LDAP, you will not be able to use the Orchestrator Web Client for managing vSphere inventory objects.


Multiple domains that are not in the same tree, but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported.


If your LDAP server uses SSL, you can import the SSL certificate file to the Orchestrator configuration interface and activate secure connection between Orchestrator and LDAP.


The LDAP service provider uses a URL to configure the connection to the directory server. To generate the LDAP connection URL, you must specify the LDAP host, port, and root.


Orchestrator must read your LDAP structure to inherit its properties. You can specify the credentials that Orchestrator uses to connect to an LDAP server.


You can define the users and groups lookup information.


You can customize the LDAP search queries and make searching in LDAP more effective.


When you encounter the LDAP:error code 49 error message and experience problems connecting to your LDAP authentication server, you can check which LDAP function is causing the problem.