4.0
Table Of Contents
- vCenter Orchestrator Installation and Configuration Guide
- Contents
- Updated Information
- About This Book
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup Guidelines
- Installing Orchestrator
- Upgrade Orchestrator with vCenter Server
- Upgrade Orchestrator Standalone
- Upgrading Orchestrator Applications After Upgrading vCenter Server
- Uninstall Orchestrator
- Configuring Orchestrator
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Revert to the Default Password for Orchestrator Configuration
- Configure the Network Connection
- Change the Default Configuration Ports on the Orchestrator Client Side
- Import the vCenter SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Access Rights to Orchestrator Server
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Install an Application
- Start a Published Web View
- Change the Web View SSL Certificate
- Define the Server Log Level
- Where to Go From Here
- Index
Define the LDAP Lookup Paths
You can define the users and groups lookup information.
Two global roles are identified in Orchestrator: Developers and Administrators. The users in the Developers
role have editing privileges on all elements. The users in the Administrators role have unrestricted privileges.
Administrators can manage permissions, or discharge administration duties on a selected set of elements to
any other group or user. These two groups must be contained in the Group lookup base.
Prerequisites
You must have a working LDAP service on your infrastructure.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click LDAP.
3 Define the User lookup base.
This is the LDAP container (the top level domain name or organizational unit) where Orchestrator searches
for potential users.
a Click Search and type the top-level domain name or organizational unit.
Searching for company returns dc=company,dc=org and other common names containing the search
term. If you type dc=company,dc=org as a search term, no results are found.
b Click the LDAP connection string for the discovered branch to insert it in the User lookup base text
box.
If no matches are found, check your LDAP connection string in the main LDAP page.
NOTE You can connect to the Global Catalog Server through port 3268. It issues LDAP referrals which
Orchestrator follows to find the account or group in a subdomain.
4 Define the Group lookup base.
This is the LDAP container where Orchestrator looks up groups.
a Click Search and type the top-level domain name or organizational unit.
b Click the LDAP string for the discovered branch to insert it in the Group lookup base text box.
5 Define the vCO Admin group.
This must be an LDAP group (like Domain Users) to which you grant administrative privileges for
Orchestrator.
a Click Search and type the top-level group name.
b Click the LDAP string for the discovered branch to insert it in the vCO Admin group text box.
IMPORTANT In eDirectory installations, only the eDirectory administrator can see users or user groups that
have administration rights. If you are using an eDirectory LDAP server, and you log into Orchestrator as
a member of the vCO Admin group but you are not the eDirectory administrator, you can create users or
user groups with administration rights, but you cannot see those users using their own rights and
permissions. This issue does not apply to other LDAP servers.
6 Click the Test Login tab and type credentials for a user to test whether they can access the Orchestrator
smart client.
After a successful login, the system checks if the user is in the Orchestrator Administrator group.
Chapter 9 Configuring Orchestrator
VMware, Inc. 43