To provide Active Directory authentication services to NSX Manager, you configure an Active Directory over LDAP identity provider so that you can assign access to users and groups.
For an environment with NSX Federation, you must use the components' user interfaces to configure an LDAP identity source in the NSX Global Manager instances. The PowerShell module does not support configuring the authentication service for an NSX Global Manager instance.
UI Procedure
- Log in to NSX Manager at https://<nsx_manager_fqdn>/login.jsp?local=true as admin.
- On the main navigation bar, click System.
In the left pane, click Authentication providers tab.
and click theClick the LDAP tab and click Add identity source.
In the Add identity source dialog box, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Save.
Setting
Value
Type
Active Directory over LDAP
Under LDAP servers, click Set.
In the Set LDAP server dialog box, click Add LDAP server.
Configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Add.
Setting
Value
LDAP Protocol
LDAPS
Port
636
Click Apply.
Click Save.
Repeat the procedure for each NSX Local Manager in each workload domain.
Repeat the procedure for the NSX Global Managers of the management domain and each workload domain.
PowerShell Procedure
Start PowerShell.
Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $sddcDomainName = "sfo-m01" $domainFqdn = "sfo.rainpole.io" $domainBindUserNsx = "svc-nsx-ad" $domainBindPassNsx = "VMw@re1!" $domainControllerMachineName = "sfo-dc01" $baseDn = "dc=sfo,dc=rainpole,dc=io"
Perform the configuration by running the command in the PowerShell console.
Add-NsxtIdentitySource -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUserNsx -domainBindPass $domainBindPassNsx -dcMachineName $domainControllerMachineName -baseDn $baseDn -protocol ldaps
Navigate to the Root CA.cer certificate file and click Open.
Repeat the procedure for each NSX Local Manager in each workload domain.
Repeat the procedure for the NSX Global Managers of the management domain and each workload domain.