The Active Directory as an LDAP Server identity source is available for backward compatibility. Use the Active Directory (Integrated Windows Authentication) option for a setup that requires less input. The OpenLDAP Server identity source is available for environments that use OpenLDAP.
If you are configuring an OpenLDAP identity source, see VMware Knowledge Base article 2064977 for additional requirements.
|Name||Name of the identity source.|
|Base DN for users||Base Distinguished Name for users.|
|Domain name||FDQN of the domain, for example, example.com. Do not provide an IP address in this field.|
|Domain alias||For Active Directory identity sources, the domain's NetBIOS name. Add the NetBIOS name of the Active Directory domain as an alias of the identity source if you are using SSPI authentications.
For OpenLDAP identity sources, the domain name in capital letters is added if you do not specify an alias.
|Base DN for groups||The base Distinguished Name for groups.|
|Primary Server URL||Primary domain controller LDAP server for the domain.
Use the format ldap://hostname:port or ldaps://hostname:port. The port is typically 389 for ldap: connections and 636 for ldaps: connections. For Active Directory multi-domain controller deployments, the port is typically 3268 for ldap: connections and 3269 for ldaps: connections.
A certificate that establishes trust for the LDAPS endpoint of the Active Directory server is required when you use ldaps:// in the primary or secondary LDAP URL.
|Secondary server URL||Address of a secondary domain controller LDAP server that is used for failover.|
|Choose certificate||If you want to use LDAPS with your Active Directory LDAP Server or OpenLDAP Server identity source, a Choose certificate button becomes available after you type ldaps:// in the URL field. A secondary URL is not required.|
|Username||ID of a user in the domain who has a minimum of read-only access to Base DN for users and groups.|
|Password||Password of the user who is specified by Username.|