1.1.0
Table Of Contents
- Lifecycle Manager Installation and Configuration Guide
- Contents
- Updated Information
- About This Book
- Understanding LCM
- LCM Installation Process
- Installing and Configuring Orchestrator
- Orchestrator System Requirements
- Install Orchestrator
- Orchestrator Components Setup Guidelines
- Configuring Orchestrator
- Check Configuration Readiness
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Configure the Network Connection
- Import the vCenter SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Change the Web View SSL Certificate
- Define the Server Log Level
- Maintenance and Recovery
- Controlling Orchestrator Access
- Installing and Configuring LCM
- Installing LCM
- Migrating to LCM 1.1
- Configuring LCM
- Check Configuration Readiness
- Initial Configuration of Lifecycle Manager
- Configure the LCM Web View
- Set Approval Requirements
- Configure Archiving Settings
- Change Authorization Groups
- Change the Naming Convention for Virtual Machines
- Enable Email Notifications
- Configure Email Notification Content
- Configure Currency and Date Formats
- Uninstall LCM and Orchestrator
- Index
3 From the LDAP client drop-down menu, select the directory server type that you are using as the LDAP
server.
The supported directory service types are: Active Directory, eDirectory, and Sun Java System Directory
Server. OpenLDAP is not supported and can only be used for testing and evaluation purposes.
NOTE If you change the LDAP server or type after you set permissions on Orchestrator objects (such as
access rights on workflows or actions), you must reset these permissions.
If you change the LDAP settings after configuring custom applications that capture and store user
information, the LDAP authentication records created in the database become invalid when used against
the new LDAP database.
4 (Optional) If you use Sun Java System Directory Server you must set objectClass to
groupOfUniqueNames when you add users, create groups, or assign group memberships. The User ID
(uid) attribute is mandatory for every user that can log in to Orchestrator.
Use Java System Directory Service Control Center from Sun Microsystems to set objectClass to
groupOfUniqueNames. When creating a new group, select Entry Type > Static Group >
groupOfUniqueNames in Java System Directory Service Control Center.
5 In the Primary LDAP host text box, enter the IP address or the DNS name of the host on which your
primary LDAP service runs.
This is the first host on which the Orchestrator configuration interface verifies user credentials.
6 (Optional) In the Secondary LDAP host text box, enter the IP address or the DNS name of the host on
which your secondary LDAP service runs.
If the primary LDAP host becomes unavailable, Orchestrator verifies user credentials on the secondary
host.
7 In the Port text box, enter the value for the look up port of your LDAP server.
NOTE Orchestrator supports Active Directory hierarchical domains structure. You can use the default
port 389 to connect to the Global Catalog server.
If your Domain Controller is not configured to use Global Catalog, you must use port 3268.
8 In the Root text box, enter the root element of your LDAP service.
If your domain name is company.org, your root LDAP is dc=company,dc=org.
This is the node used to browse your service directory after entering the appropriate credentials. For large
service directories, specifying a node in the tree narrows the search and improves performance. For
example, rather than searching in the entire directory, you can specify
ou=employees,dc=company,dc=org. This displays all the users in the Employees group.
9 (Optional) Select the Use SSL check box to activate encrypted certification for the connection between
Orchestrator and LDAP.
If your LDAP uses SSL, you must first import the SSL certificate and restart the vCO Configuration Server.
NOTE SSL capabilities are not installed as part of Microsoft Active Directory, eDirectory and Sun Java
Directory Server, and might require additional configuration.
10 (Optional) Select the Use Global Catalog check box to allow LDAP referrals when the LDAP client is
Active Directory.
The LDAP server look up port number changes to 3268. Orchestrator follows the LDAP referrals to find
users and groups in a subdomain that is part of the Active Directory tree to which Orchestrator is
connected. You can add permissions on any groups that can be accessed from your Global Catalog.
Lifecycle Manager Installation and Configuration Guide
30 VMware, Inc.