November 2013 Archives

Fri Nov 22 15:06:25 ICT 2013

Active Directory

On August 22nd, 2013, I added a Samba4 server (active.cs.ait.ac.th) to run Active Directory. This is the only way to integrate VMware authentication with CSIM authentication.

The Active Directory (AD) is kept in synch with the normal LDAP server, all the scripts have been modified to create/update/delete the accounts on both servers at the same time

In LDAP, the attribute csimAccountPermission must have the value active directory for a user to be listed in the AD server.

Note: when undeleting a user's account that was deleted before AD was installed, the user will not have the active directory value and will not be allowed to use AD!
Then you should consider adding the value active directory to the LDAP attribute csimAccountPermission of the undeleted account.

When AD was introduced in August 2013, I updated existing users' account to allow the use of AD, but I could not synch their passwords.

Note: a user whose account was created before August 2013 must change his password before he can use AD authentication and access VMware.

Posted by Olivier | Permanent link | File under: administration