4.0
Table Of Contents
- vCenter Orchestrator Installation and Configuration Guide
- Contents
- Updated Information
- About This Book
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup Guidelines
- Installing Orchestrator
- Upgrade Orchestrator with vCenter Server
- Upgrade Orchestrator Standalone
- Upgrading Orchestrator Applications After Upgrading vCenter Server
- Uninstall Orchestrator
- Configuring Orchestrator
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Revert to the Default Password for Orchestrator Configuration
- Configure the Network Connection
- Change the Default Configuration Ports on the Orchestrator Client Side
- Import the vCenter SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Access Rights to Orchestrator Server
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Install an Application
- Start a Published Web View
- Change the Web View SSL Certificate
- Define the Server Log Level
- Where to Go From Here
- Index
7 In the Port text box, type the value for the look up port of your LDAP server.
NOTE Orchestrator supports Active Directory hierarchical domains structure. If your Domain Controller
is configured to use Global Catalog, you must use port 3268. You cannot use the default port 389 to connect
to the Global Catalog server.
8 In the Root text box, type the root element of your LDAP service.
If your domain name is company.org, your root LDAP is dc=company,dc=org.
This is the node used to browse your service directory after typing the appropriate credentials. For large
service directories, specifying a node in the tree narrows the search and improves performance. For
example, rather than searching in the entire directory, you can specify
ou=employees,dc=company,dc=org. This displays all the users in the Employees group.
9 (Optional) Select the Use SSL check box to activate encrypted certification for the connection between
Orchestrator and LDAP.
If your LDAP uses SSL, you must first import the SSL certificate and restart the Orchestrator Configuration
service. See “Import the LDAP Server SSL Certificate,” on page 41.
10 (Optional) Select the Use Global Catalog check box to allow LDAP referrals when the LDAP client is
Active Directory.
The LDAP server look up port number changes to 3268. Orchestrator follows the LDAP referrals to find
users and groups in a subdomain that is part of the Active Directory tree to which Orchestrator is
connected. You can add permissions on any groups that can be accessed from your Global Catalog.
Example: Example Values and Resulting LDAP Connection URL Addresses
n
LDAP host: DomainController
n
Port: 389
n
Root: ou=employees,dc=company,dc=org
Connection URL: ldap://DomainController:389/ou=employees,dc=company,dc=org
n
LDAP host using Global Catalog: 10.23.90.130
n
Port: 3268
n
Root: dc=company,dc=org
Connection URL: ldap://10.23.90.130:3268/dc=company,dc=org
What to do next
Assign credentials to Orchestrator to ensure its access to the LDAP server. See “Specify the Browsing
Credentials,” on page 42.
Import the LDAP Server SSL Certificate
If your LDAP server uses SSL, you can import the SSL certificate file to the Orchestrator configuration interface
and activate secure connection between Orchestrator and LDAP.
SSL capabilities are not installed as part of Microsoft Active Directory, eDirectory, and Sun Java Directory
Server, and require more configuration. For instructions about configuring your LDAP server for SSL access,
see third-party documentation.
Chapter 9 Configuring Orchestrator
VMware, Inc. 41