The following limitations currently apply to the LDAP directory integration feature.

  • You can only integrate a single-domain LDAP directory.

    To integrate multiple domains from an LDAP directory, you create multiple VMware Workspace ONE Access directories, one for each domain.

  • The following authentication methods are not supported for VMware Workspace ONE Access directories of type LDAP directory.
    • Kerberos authentication
    • SecurID
    • RADIUS
  • You cannot join an LDAP domain.
  • Integration with Horizon or Citrix-published resources is not supported for VMware Workspace ONE Access directories of type LDAP directory.
  • User names must not contain spaces. If a user name contains a space, the user is synced but entitlements are not available to the user.
  • If you plan to add both Active Directory and LDAP directories, ensure that you do not mark any attributes as Required in the User Attributes page. The UserName attribute is the exception and can be marked as Required. The settings mapped in the User Attributes page apply to all directories in the service. If an attribute is marked as Required, users without that attribute are not synced to the VMware Workspace ONE Access service.
  • If you have multiple groups with the same name in your LDAP directory, you must specify unique names for them in the VMware Workspace ONE Access service. You can specify the names when you select the groups to sync.

  • The option to allow users to reset expired passwords is not available.