vRNI – AD Integration

Before moving on to the topic of integrating vRealise Log Insight and vRealize Operations  I usually integrate Active Directory to make the management a bit simpler.

This is done from the Platform controller and under Settings –> Identity & Access Management:

ID-Access-Management

You can chose from LDAP, VMware Identity Manager or the build in User Management.

To Configure LDAP you need to have the following info up front:

  1. Domain
  2. LDAP Hosts Urls (These can be comma separated so you have more redundancy). This should be ldap or ldaps of the domain controllers and then port 389 or 636.
  3. Username Password of an ldap user.
  4. IF you need Group Based access control, then you also need a Base DN, search attribute (sAMAccountName is default) and Group DN.
    • For BaseDN: This is usually your sample.com in domain: DC=sample,DC=com
    • For GroupDN: Do a dsquery  group -name <name of group>

The groups can be set to either Member. In my case that will be RO users, or Administrator, which will be my Admin group.

Once done, try to login with a user from each group. The first sign of that you are ok is that you get the choice of local users or AD in the login screen. User should be user@domain.

There we are, fairly short. Now we should be able to integrate vRealize Operations and vRealize Log Insight to get more overview.