4.0
Table Of Contents
- vCenter Orchestrator Installation and Configuration Guide
- Contents
- Updated Information
- About This Book
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup Guidelines
- Installing Orchestrator
- Upgrade Orchestrator with vCenter Server
- Upgrade Orchestrator Standalone
- Upgrading Orchestrator Applications After Upgrading vCenter Server
- Uninstall Orchestrator
- Configuring Orchestrator
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Revert to the Default Password for Orchestrator Configuration
- Configure the Network Connection
- Change the Default Configuration Ports on the Orchestrator Client Side
- Import the vCenter SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Access Rights to Orchestrator Server
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Install an Application
- Start a Published Web View
- Change the Web View SSL Certificate
- Define the Server Log Level
- Where to Go From Here
- Index
3 Specify the Browsing Credentials on page 42
Orchestrator must read your LDAP structure to inherit its properties. You can specify the credentials
that Orchestrator uses to connect to an LDAP server.
4 Define the LDAP Lookup Paths on page 43
You can define the users and groups lookup information.
5 Define the LDAP Search Options on page 44
You can customize the LDAP search queries and make searching in LDAP more effective.
6 Common Active Directory LDAP Errors on page 44
When you encounter the LDAP:error code 49 error message and experience problems connecting to your
LDAP authentication server, you can check which LDAP function is causing the problem.
Generate the LDAP Connection URL
The LDAP service provider uses a URL address to configure the connection to the directory server. To generate
the LDAP connection URL, you must specify the LDAP host, port, and root.
The supported directory service types are: Active Directory, eDirectory, and Sun Java System Directory Server.
OpenLDAP is not supported and can only be used for testing and evaluation purposes.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click LDAP.
3 From the LDAP client drop-down menu, select the directory server type that you are using as the LDAP
server.
NOTE If you change the LDAP server or type after you set permissions on Orchestrator objects (such as
access rights on workflows or actions), you must reset these permissions.
If you change the LDAP settings after configuring custom applications that capture and store user
information, the LDAP authentication records created in the database become invalid when used against
the new LDAP database.
4 (Optional) If you use Sun Java System Directory Server you must set objectClass to
groupOfUniqueNames when you add users, create groups, or assign group memberships. The User ID
(uid) attribute is mandatory for every user that can log in to Orchestrator.
Use Java System Directory Service Control Center from Sun Microsystems to set objectClass to
groupOfUniqueNames. When creating a new group, select Entry Type > Static Group >
groupOfUniqueNames in Java System Directory Service Control Center.
5 In the Primary LDAP host text box, type the IP address or the DNS name of the host on which your primary
LDAP service runs.
This is the first host on which the Orchestrator configuration interface verifies user credentials.
6 (Optional) In the Secondary LDAP host text box, type the IP address or the DNS name of the host on
which your secondary LDAP service runs.
If the primary LDAP host becomes unavailable, Orchestrator verifies user credentials on the secondary
host.
vCenter Orchestrator Installation and Configuration Guide
40 VMware, Inc.