Horizon LDAP is the data repository for all VMware Horizon configuration information. Horizon LDAP is an embedded Lightweight Directory Access Protocol (LDAP) directory that is provided with the Connection Server installation

Horizon LDAP contains standard LDAP directory components that are used by VMware Horizon.

  • VMware Horizon schema definitions
  • Directory information tree (DIT) definitions
  • Access control lists (ACLs)

Horizon LDAP contains directory entries that represent VMware Horizon objects.

  • Remote desktop entries that represent each accessible desktop. Each entry contains references to the Foreign Security Principal (FSP) entries of Windows users and groups in Active Directory who are authorized to use the desktop.
  • Remote desktop pool entries that represent multiple desktops managed together
  • Virtual machine entries that represent the vCenter Server virtual machine for each remote desktop
  • VMware Horizon component entries that store configuration settings

Horizon LDAP also contains a set of VMware Horizon plug-in DLLs that provide automation and notification services for other VMware Horizon components.

LDAP Replication

When you install a replicated instance of Connection Server, VMware Horizon copies the Horizon LDAP configuration data from the existing Connection Server instance. Identical Horizon LDAP configuration data is maintained on all Connection Server instances in the replicated group. When a change is made on one instance, the updated information is copied to the other instances.

If a replicated instance fails, the other instances in the group continue to operate. When the failed instance resumes activity, its configuration is updated with the changes that took place during the outage. With VMware Horizon and later releases, a replication status check is performed every 15 minutes to determine whether each instance can communicate with the other servers in the replicated group and whether each instance can fetch LDAP updates from the other servers in the group.

You can use the dashboard in Horizon Console to check the replication status. If any Connection Server instances have a red icon in the dashboard, click the icon to see the replication status. Replication might be impaired for any of the following reasons:
  • A firewall might be blocking communication
  • The VMware VDMDS service might be stopped on a Connection Server instance
  • The VMware VDMDS DSA options might be blocking the replications
  • A network problem has occurred

By default, the replication check occurs every 15 minutes. You can use ADSI Edit on a Connection Server instance to change the interval. To set the number of minutes, connect to DC=vdi,DC=vmware,DC=int and edit the pae-ReplicationStatusDataExpiryInMins attribute on the CN=Common,OU=Global,OU=Properties object.

The pae-ReplicationStatusDataExpiryInMins attribute value should be between 10 minutes and 1440 minutes (one day). If the attribute value is less than 10 minutes, VMware Horizon treats it as 10 minutes. If the attribute value is greater than 1440, VMware Horizon treats it as 1440 minutes.