Part of your VMware Integrated OpenStack deployment configuration includes setting up authentication. You can also modify this configuration post-installation.

Before you begin

Verify that the new LDAP settings are valid.

Procedure

  1. In vCenter, select Home > VMware Integrated OpenStack > Manage.
  2. Click the Settings tab.
  3. Click Configure Identity Source.

    The panel displays the current configuration.

  4. Set the VMware Integrated OpenStack identity source.

    Option

    Description

    OpenStack admin user

    Define the OpenStack administrative user name. This is the default administrative user name for logging in to the VMware Integrated OpenStack dashboard.

    OpenStack admin password

    Define the OpenStack administrative user password. This is the default administrative user password for logging in to the VMware Integrated OpenStack dashboard.

    Confirm password

    Reenter the password for confirmation.

  5. If you are using LDAP with your VMware Integrated OpenStack deployment, click the plus sign (+) to configure the LDAP source.

    The Add Identity Source dialog appears.

    Option

    Description

    Domain Name

    Specify the full Active Directory domain name; for example, vmware.com.

    Bind user

    Provide the user name to bind to Active Directory for LDAP requests.

    Bind password

    Provide the password to allow the LDAP client access to the LDAP server.

    Domain controllers

    (Optional) VMware Integrated OpenStack automatically chooses the existing Active Directory domain controllers. However, you can specify a list of specific domain controllers to use. To do this, select the Domain controllers radio button and then enter the IP address of one or more domain controllers, separated by commas.

    Site

    (Optional) Optionally, you can limit LDAP searching to a specific deployment site within your organization; for example, sales.vmware.com. Select the Site radio button and enter the domain name of the site to search.

    User Tree DN

    (Optional) Enter the search base for users; for example, DC=vmware, DC=com. Defaults to the top of the user tree in most Active Directory deployments.

    User Filter

    (Optional) Enter an LDAP search filter for users.

    Important:

    If you use VMware Integrated OpenStack 3.0 or older and your directory contains more than 1,000 objects (users and groups), you must apply a filter to ensure that fewer than 1,000 objects are returned. For examples of filters, see https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx.

    Advanced setting

    If you want to specify advanced LDAP settings, check the Advanced setting check box.

    If you check the Advanced setting check box, additional LDAP configuration fields appear.

    Note:

    Always contact the LDAP administrator to obtain correct values for advanced LDAP settings, or use tools such as ldapsearch or Apache Directory Studio to locate the settings.

    Option

    Description

    Encryption

    From the pull-down menu, choose None, SSL, or StartTLS

    Hostname

    Enter the hostname for the LDAP server.

    Port

    Enter the port number to user on the LDAP server.

    User objectclass

    (Optional) Enter the LDAP object class for users.

    User ID attribute

    (Optional) Enter the LDAP attribute mapped to the user ID. Note that this value cannot be a multi-valued attribute.

    User name attribute

    (Optional) Enter the LDAP attribute mapped to the user name.

    User mail attribute

    (Optional) Enter the LDAP attribute mapped to the user email.

    User password attribute

    (Optional) Enter the LDAP attribute mapped to the password.

    Group objectclass

    (Optional) Enter an LDAP object class for groups.

    Group ID attribute

    (Optional) Enter the LDAP attribute mapped to the group ID.

    Group name attribute

    (Optional) Enter the LDAP attribute mapped to the group name.

    Group member attribute

    (Optional) Enter the LDAP attribute mapped to the group member name.

    Group description attribute

    (Optional) Enter the LDAP attribute mapped to the group description.

    Figure 1. Add identity source dialog
    Figure 2. Advanced LDAP settings
  6. Click Save.

What to do next

To complete the LDAP configuration, you must manually modify the default OpenStack domain configuration. See Modify the Default Domain Configuration.