As a DSM administartor, you can configure VMware Data Services Manager to use an LDAP server for both authentication and authorization.

Importing Users from LDAP

You can import users from an LDAP identity provider configured by a vSphere administrator and assign them the DSM Admin and DSM User roles in VMware Data Services Manager.

Procedure

Perform the following procedure to import users from LDAP and assign them an appropriate role:

  1. Click Permissions in the left navigation pane.

    This actions displays the Permissions view that you use to create and manage the users.

    This action displays the Permissions view that you use to create and manage the users.

  2. Click LDAP GROUPS.

    This action displays a table that lists the configured users.

  3. Click Create.

    The Create Permission form opens.

  4. Specify the LDAP group to the role mapping:

    Property Name Value
    Role The user's role in the organization. You can select one of the following options:
    • DSM Admin - Super user that is able to watch and help maintain all of the data services created.
    • DSM User - Creates and maintains individual databases for their application or other purpose.
    LDAP Group The LDAP groups whose users you want VMware Data Services Manager to assign the specified role.

  5. Click CREATE

    The LDAP user group is added to the table.

    Note: Users that belong to this group can access the DSM console. After they perform this operation, their name appears on the list of local DSM users with LDAP as a user type. Unlike regular local DSM users, the imported LDAP users cannot be deleted from this list.

You can later change the role assignment for the user group, or delete the group.

Deleting LDAP Users

You can delete an LDAP user that you have created. The user that you want to delete must not own any active VMware Data Services Manager objects (database, backups, and log bundles).

While you can delete an LDAP user, you must update their LDAP group assignments or delete the user from LDAP to permanently revoke their access to VMware Data Services Manager.

If you want to keep the databases that belong to an LDAP user in the DSM user role running, a user with the DSM role has the permissions required to continue managing the databases.

Note: The LDAP group must include at least one member assigned the DSM administrator role for VMware Data Services Manager to continue to manage the LDAP user's databases.
check-circle-line exclamation-circle-line close-line
Scroll to top icon