You can configure an OpenLDAP Directory connection with Directories Management.
About this task
Though there are several different LDAP protocols, OpenLDAP is the only protocol that is tested and approved for use with vRealize Automation Directories Management.
To integrate your LDAP directory, you create a corresponding Directories Management directory and sync users and groups from your LDAP directory to the Directories Management directory. You can set up a regular sync schedule for subsequent updates.
You also select the LDAP attributes that you want to sync for users and map them to Directories Management attributes.
Your LDAP directory configuration may be based on default schemas or you may have created custom schemas. You may also have defined custom attributes. For Directories Management to be able to query your LDAP directory to obtain user or group objects, you need to provide the LDAP search filters and attribute names that are applicable to your LDAP directory.
Specifically, you need to provide the following information.
LDAP search filters for obtaining groups, users, and the bind user
LDAP attribute names for group membership, UUID, and distinguished name
Prerequisites
Review the configuration on the User Attributes page and add any other attributes that you want to sync. You will map the Directories Management attributes to your LDAP directory attributes when you create the directory. These attributes will be synced for the users in the directory.
Note:When you make changes to user attributes, consider the effect on other directories in the service. If you plan to add both Active Directory and LDAP directories, ensure that you do not mark any attributes as required except for userName. The settings on the User Attributes page apply to all directories in the service. If an attribute is marked required, users without that attribute are not synced to the Directories Management service.
A Bind DN user account. Using a Bind DN user account with a non-expiring password is recommended.
In your LDAP directory, the UUID of users and groups must be in plain text format.
In your LDAP directory, a domain attribute must exist for all users and groups.
You map this attribute to the Directories Management domain attribute when you create the Directories Management directory.
User names must not contain spaces. If a user name contains a space, the user is synced but entitlements are not available to the user.
If you use certificate authentication, users must have values for userPrincipalName and email address attributes.
Procedure
Results
The connection to the LDAP directory is established and users and groups are synced from the LDAP directory to the Directories Management directory.
You can now assign user and groups to the appropriate vRealize Automation roles by selecting . See Assign Roles to Directory Users or Groups for more information.