Part of your VMware Integrated OpenStack deployment configuration includes setting up authentication. You can also modify this configuration post-installation.
Before you begin
Verify that the new LDAP settings are valid.
- In vCenter, select .
- Click the Settings tab.
- Click Configure Identity Source.
The panel displays the current configuration.
- Set the VMware Integrated OpenStack identity source.
OpenStack admin user
Define the OpenStack administrative user name. This is the default administrative user name for logging in to the VMware Integrated OpenStack dashboard.
OpenStack admin password
Define the OpenStack administrative user password. This is the default administrative user password for logging in to the VMware Integrated OpenStack dashboard.
Reenter the password for confirmation.
- If you are using LDAP with your VMware Integrated OpenStack deployment, click the plus sign (+) to configure the LDAP source.
The Add Identity Source dialog appears.
Specify the full Active Directory domain name; for example, vmware.com.
Provide the user name to bind to Active Directory for LDAP requests.
Provide the password to allow the LDAP client access to the LDAP server.
(Optional) VMware Integrated OpenStack automatically chooses the existing Active Directory domain controllers. However, you can specify a list of specific domain controllers to use. To do this, select the Domain controllers radio button and then enter the IP address of one or more domain controllers, separated by commas.
(Optional) Optionally, you can limit LDAP searching to a specific deployment site within your organization; for example, sales.vmware.com. Select the Site radio button and enter the domain name of the site to search.
User Tree DN
(Optional) Enter the search base for users; for example, DC=vmware, DC=com. Defaults to the top of the user tree in most Active Directory deployments.
(Optional) Enter an LDAP search filter for users.Important:
If you use VMware Integrated OpenStack 3.0 or older and your directory contains more than 1,000 objects (users and groups), you must apply a filter to ensure that fewer than 1,000 objects are returned. For examples of filters, see https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx.
If you want to specify advanced LDAP settings, check the Advanced setting check box.
If you check the Advanced setting check box, additional LDAP configuration fields appear.Note:
Always contact the LDAP administrator to obtain correct values for advanced LDAP settings, or use tools such as ldapsearch or Apache Directory Studio to locate the settings.
From the pull-down menu, choose None, SSL, or StartTLS
Enter the hostname for the LDAP server.
Enter the port number to user on the LDAP server.
(Optional) Enter the LDAP object class for users.
User ID attribute
(Optional) Enter the LDAP attribute mapped to the user ID. Note that this value cannot be a multi-valued attribute.
User name attribute
(Optional) Enter the LDAP attribute mapped to the user name.
User mail attribute
(Optional) Enter the LDAP attribute mapped to the user email.
User password attribute
(Optional) Enter the LDAP attribute mapped to the password.
(Optional) Enter an LDAP object class for groups.
Group ID attribute
(Optional) Enter the LDAP attribute mapped to the group ID.
Group name attribute
(Optional) Enter the LDAP attribute mapped to the group name.
Group member attribute
(Optional) Enter the LDAP attribute mapped to the group member name.
Group description attribute
(Optional) Enter the LDAP attribute mapped to the group description.
- Click Save.
What to do next
To complete the LDAP configuration, you must manually modify the default OpenStack domain configuration. See Modify the Default Domain Configuration.