You can integrate Data Management for VMware Tanzu with an external identity provider and import those users into an organization. The integration with Lightweight Directory Access Protocol (LDAP) enables an organization to use its existing LDAP service as a user source for Data Management for VMware Tanzu.
To take advantage of this LDAP integration, you must configure an LDAP server for your Data Management for VMware Tanzu installation. This server becomes the single LDAP user source for all organizations that are configured in Data Management for VMware Tanzu.
Before you configure an LDAP server, ensure that you can identify the server host address, domain, and the user name and password of a read-only service user.
The LDAP endpoint must be resolvable by the DNS server specified at the time of Provider VM deployment.
Perform the following procedure to configure an LDAP server:
Select Settings from the left navigation pane.
This actions displays the Settings view, Information pane.
Select the LDAP Settings tab to view and configure/update the LDAP settings.
Set or update the LDAP properties:
Property Name | Value | Required? |
---|---|---|
Host Address | The hostname or IP address of the LDAP server. | Required |
Port | The port number on which the LDAP server is listening. For LDAP, the default port number is 389. For LDAPS, the default port number is 636. | |
Username | The ID of a read-only user in the domain. | Required |
Password | The password of the user who is specified by Username. | Required |
Domain | The FQDN of the domain. | Required |
Base Dn | The base distinguished name identifies the location in the LDAP directory from which to start user searches. The default behaviour is for search to start from the root DN. | |
Search Filter | The filter that defines the criteria to restrict access. The default value is (&(objectClass=user)) . |
|
Login Attribute | The LDAP attribute to map to the Data Management for VMware Tanzu Email Id. The default value is userPrincipalName . |
|
Firstname Attribute | The LDAP attribute to map to the Data Management for VMware Tanzu First Name. | |
Lastname Attribute | The LDAP attribute to map to the Data Management for VMware Tanzu Last Name. | |
TLS Enabled | Check this box if your server is using LDAPS. | Required |
To confirm the LDAP thumbprint, click CONTINUE in the Trust LDAP Certificate dialog box.
to apply the LDAP settings, Click SAVE or UPDATE.
Data Management for VMware Tanzu validates the LDAP settings that you provide, and returns an error if validation fails.