VMware Data Services Manager user type accounts can originate from two different identity sources. User type accounts can originate from the local database (Local user) or a configured LDAP server (LDAP user). VMware Data Services Manager manages Local users and LDAP users independently and differently.
Local Users
The first Local user account created by VMware Data Services Manager is the DSM administrator user created during deployment of the DSM plugin VM. This user is mandatory and cannot be deleted.
A vSphere administrator and a DSM administrator can later create local users through the vSphere Client or the VMware Data Services Manager console. For infromation, see:
VMware Data Services Manager uses the Email ID of a Local user as their account identifier. The Email ID of a user must be unique. ( VMware Data Services Manager does not send an email validation to verify the validity of the supplied email.)
LDAP Users
An LDAP user is a user imported into VMware Data Services Manager from an existing LDAP identity provider. A vSphere administrator or a DSM administrator must first configure a directory service for the VMware Data Services Manager installation before LDAP users can be imported.
For information, see:
- Configuring a Directory Service in VMware Data Services Manager
- Import LDAP Users from the vSphere Client
- Import LDAP Users from the DSM Console
VMware Data Services Manager uses the configured directory service for both authentication and authorization.
The VMware Data Services Manager permissions assigned to an LDAP user depends on the LDAP groups in which they are a member.
Login Process
For a given login, VMware Data Services Manager first attempts to authenticate a user as a Local user.
If the Email ID used to log in to VMware Data Services Manager matches that of a Local user and the correct password is provided, authentication succeeds. VMware Data Services Manager performs no further authentication or processing with LDAP.