Manualshelf

User guide

ManualsBrandsVMware ManualsComputer equipmentSOFTWARE REPOSITORY FOR WINDOWS 1.1
41424344454647484950
Considerations when adding authentication providers
When you configure ViPR to work with Active Directory, you must decide whether to
manage several domains in a single authentication provider, or to add separate
authentication providers for each domain.
The decision to add a single authentication provider, or multiple, depends on the number
of domains in the environment, and the location on the tree from which the manager user
is able to search. Authentication providers have a single search_base from which
searches are conducted. They have a single manager account who must have read access
at the search_base level and below.
Use the one-authentication-provider-for-multiple-domains if you are managing an Active
Directory forest and these conditions are present: the manager account has privileges to
search high enough in the tree to access all user entries, and the search will be
conducted throughout the whole forest from a single search base, and not just the
domains listed in the provider. Otherwise, configure an authentication provider for each
domain.
Note that even if you are dealing with a forest and you have the correct privileges, you
might not want to manage all the domains with a single authentication provider. You
would still use one authentication provider per domain when you need granularity and
tight control on each domain, especially to set the search base starting point for the
search. Since there is only one search base per configuration, it needs to include
everything that is scoped in the configuration in order for the search to work.
The search base needs to be high enough in the directory structure of the forest for the
search to correctly find all the users in the targeted domains.
u
If the forest in the configuration contains ten domains but you target only three, do
not use a single provider configuration, because the search will unnecessarily span
the whole forest, and this may adversely affect performance. In this case, use three
individual configurations.
u
If the forest in the configuration contains ten domains and you want to target ten
domains, a global configuration is a good choice, because there is less overhead to
set up.
Example of one authentication provider per domain
In environments where the whole ViPR virtual data center integrates with a single domain,
or with several individually-managed domains, use one domain per authentication
provider.
The following example creates an authentication provider for security.local.
Initial Configuration of ViPR Virtual Appliance
Considerations when adding authentication providers 45