You can integrate Data Management for VMware Tanzu with an external identity provider and import those users into a DMS organization. The integration with Lightweight Directory Access Protocol (LDAP) enables an organization to use its existing LDAP service as a user source for DMS.

To take advantage of this LDAP integration, you must configure an LDAP server for your Data Management for VMware Tanzu installation. This server becomes the single LDAP user source for all organizations that are configured in DMS.

Note: Changing the LDAP server or groups for an existing configuration could result in loss of access to Data Management for VMware Tanzu for any user that is not registered with the new LDAP server or group. Note that any Service Instances provisioned by such users could become orphaned, and no longer managed by DMS.


Before you configure an LDAP server, ensure that you can identify the server host address, domain, and the user name and password of a read-only service user.

The LDAP endpoint must be resolvable by the DNS server specified at the time of Provider VM deployment.


Perform the following procedure to configure an LDAP server:

  1. Select Settings from the left navigation pane.

    This actions displays the Settings view, Information pane.

  2. Select the LDAP Settings tab to view and configure/update the LDAP settings.

  3. Set or update the LDAP properties:

    Property Name Value Required?
    Host Address The hostname or IP address of the LDAP server. Required
    Port The port number on which the LDAP server is listening. For LDAP, the default port number is 389. For LDAPS, the default port number is 636.
    Username The ID of a read-only user in the domain. Required
    Password The password of the user who is specified by Username. Required
    Domain The FQDN of the domain. Required
    Base Dn The base distinguished name identifies the location in the LDAP directory from which to start user searches. The default behaviour is for search to start from the root DN.
    Search Filter The filter that defines the criteria to restrict access. The default value is (&(objectClass=user)).
    Login Attribute The LDAP attribute to map to the DMS Email Id. The default value is userPrincipalName.
    Firstname Attribute The LDAP attribute to map to the DMS First Name.
    Lastname Attribute The LDAP attribute to map to the DMS Last Name.
    TLS Enabled Check this box if your server is using LDAPS. Required
  4. Click SAVE or UPDATE to apply the LDAP settings.

    Data Management for VMware Tanzu validates the LDAP settings that you provide, and returns an error if validation fails.

    Note: It may take a few minutes for Data Management for VMware Tanzu to synchronize with LDAP.

check-circle-line exclamation-circle-line close-line
Scroll to top icon