The first step toward configuring Hybrid Linked Mode from your SDDC is to add your on-premises LDAP domain as an identity source for the SDDC vCenter Server .
You can configure Hybrid Linked Mode from your SDDC if your on-premises LDAP service is provided by a native Active Directory (Integrated Windows Authentication) domain or an OpenLDAP directory service.
This step is optional when configuring Hybrid Linked Mode from the VMware Cloud Gateway, but adding an identity source does allow you to configure users or groups with a lesser level of access than the Cloud Administrator.
If you are using OpenLDAP as the identity source, see the VMware knowledge base article at http://kb.vmware.com/kb/2064977 for additional requirements.
Prerequisites
Take a look at Identity Sources for vCenter Server with vCenter Single Sign-On in the VMware vSphere Product Documentation for additional information about configuring and using identity sources and certificates.
Procedure
Results
When the identity source is added, on-premises users can authenticate to the SDDC, but have the No access role. Add permissions for a group of users to give them the Cloud Administrator role.