You can configure NSX Manager to authenticate users using a directory service such as Active Directory over LDAP or OpenLDAP.
If you are using Active Directory (AD), and your AD forest is comprised of multiple subdomains, you should point NSX-T Data Center at your AD Global Catalog (GC) and configure each subdomain as an alternative domain name in NSX. The Global Catalog service usually runs on your primary AD domain controllers, and is a read-only copy of the most important information from all the primary and secondary domains. The GC service runs on port 3268 (plaintext), and 3269 (LDAP over TLS, encrypted).
- Configure NSX to use either the LDAP protocol on port 3268 or the LDAPS protocol on port 3269.
- Add alternative domain names "americas.example.com" and "emea.example.com" in the NSX LDAP configuration.
LDAP support on a Global Manager (NSX Federation) is identical to a Local Manager. LDAP configuration is not synchronized from Global Manager to Local Managers. Each NSX cluster should be configured separately for LDAP.