To provide Active Directory authentication services to NSX Manager, you configure an Active Directory over LDAP identity provider so that you can assign access to users and groups.

Attention:

For an environment with NSX Federation, you must use the components' user interfaces to configure an LDAP identity source in the NSX Global Manager instances. The PowerShell module does not support configuring the authentication service for an NSX Global Manager instance.

UI Procedure

  1. Log in to NSX Manager at https://<nsx_manager_fqdn>/login.jsp?local=true as admin.
  2. On the main navigation bar, click System.

  3. In the left pane, click Settings > User management and click the Authentication providers tab.

  4. Click the LDAP tab and click Add identity source.

  5. In the Add identity source dialog box, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Save.

    Setting

    Value

    Type

    Active Directory over LDAP

  6. Under LDAP servers, click Set.

  7. In the Set LDAP server dialog box, click Add LDAP server.

  8. Configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Add.

    Setting

    Value

    LDAP Protocol

    LDAPS

    Port

    636

  9. Click Apply.

  10. Click Save.

  11. Repeat the procedure for each NSX Local Manager in each workload domain.

  12. Repeat the procedure for the NSX Global Managers of the management domain and each workload domain.

PowerShell Procedure

  1. Start PowerShell.

  2. Replace the values in the sample code with values from your VMware Cloud Foundation Planning and Preparation Workbook and run the commands in the PowerShell console.

    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "[email protected]"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"

$domainFqdn = "sfo.rainpole.io"
$domainBindUserNsx = "svc-nsx-ad"
$domainBindPassNsx = "VMw@re1!"
$domainControllerMachineName = "sfo-dc01"
$baseDn = "dc=sfo,dc=rainpole,dc=io"

  3. Perform the configuration by running the command in the PowerShell console.

    Add-NsxtIdentitySource -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -domainBindUser $domainBindUserNsx -domainBindPass $domainBindPassNsx -dcMachineName $domainControllerMachineName -baseDn $baseDn -protocol ldaps

  4. Navigate to the Root CA.cer certificate file and click Open.

  5. Repeat the procedure for each NSX Local Manager in each workload domain.

  6. Repeat the procedure for the NSX Global Managers of the management domain and each workload domain.