You can give users from AD or LDAP administrator access to vRealize Operations. To do this, you must log in as the local vRealize Operations administrator. Assigning users from AD or LDAP administrative rights will help you distribute the workload among domain users. Once AD or LDAP users get administrative rights, they cannot see the local administrator password, but they can reset it.
Before You Proceed
- Know the credentials of the AD or LDAP account.
- Create the group of users who will get adminsitrative acces in AD or LDAP. From vRealize Operations, you cannot add or remove any user from the group or view the list of users.
Procedure
- In a Web browser, navigate to the master node administration interface. https://master-node-name-or-ip-address/admin.
- Enter the vRealize Operations Manager username of the local administrator. [email protected].
Note: AD or LDAP integration in vRealize Operations supports all three formats "DOMAIN\user_name", "CN=username,DC=domain,DC=com" and "[email protected]". But the Admin UI only supports the email format.
- Enter the vRealize Operations Manager local administrator password and click Log In.
- Click Administrator Settings.
- Click the chevron to expand the Active Directory/Open LDAP Integration section.
- Click the Enable AD/Open LDAP button to activate the setting.
- In the Domain/Subdomain setting, provide the FQDN of the domain name, for example, mydomain.com. Do not provide an IP address. This domain name must be DNS-resolvable.
- Click the chevron to open Advanced Settings and change the default settings.
Table 1. Advanced Settings Property Description Host The host name is populated to Auto by default. You can select a host from the drop-down list. Port The port number is populated depending on the Use SSL/TLS selection in the domain name. Base DN The Base Distinguished Name for users is populated based on the domain. Optionally, enter the DN from which to start user searches. For example, cn=Users,dc=myCorp,dc=com. Common Name The common name is populated to userPrincipalName
by default. You can change this value from the drop-down menu. - Click the chevron to open Search Criteria and change the default settings.
Table 2. Property Description Group Search Criteria The group search criteria is populated to (|(objectclass=group)(objectclass=groupofnames)(objectclass=groupOfUniqueNames))
by default.User Search Criteria The user search criteria is populated to (|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))
by default.Member Attribute The member attribute is populated to member by default. - Import the SSL certificate. You can import only one SSL certificate PEM file. The imported SSL certifcate PEM file can contain more than one certificate. For more details, see KB 2046591.
- Click Select User Group. A new dialog box opens.
Table 3. Select User Group Settings Enter the AD/LDAP username. Enter the AD/LDAP password. Search box Search for the user group name or distinguished name. Select Select for the user group name or distinguished name to give administrative access to its users. - Click TEST to test if the AD or LDAP connection works.
- Click SAVE.