An organization can define an LDAP configuration that it shares with other organizations. This shared configuration can support federation using LDAP as a directory service, an authentication service, or both.
When several organizations use the same LDAP service as their source for imported users and groups, they enable a simple model of federation in which users in all the participating organizations can be managed by a single LDAP service. In this kind of configuration, user credentials are imported into the vCloud Director database, and vCloud Director is responsible for authenticating users. If all of the organizations also configure the AuthenticationMechanism contained by CustomOrgLdapSettings to specify a shared Kerberos or SSPI service, authentication can be managed by an external Kerberos or SSPI provider. For more information about Setting up Kerberos authentication for vCloud Director, see http://kb.vmware.com/kb/2015986
This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.
1 | Retrieve the organization LDAP settings. GET https://vcloud.example.com/api/admin/org/26/settings/ldap |
2 | Modify the retrieved OrgLdapSettings element. You can set the value of OrgLdapMode to SYSTEM to specify that this organization uses the system LDAP configuration. When you do this, you can also specify a CustomUsersOu value so that only users in a specific LDAP organizational unit can be imported into this organization. See Example: Update Organization LDAP Settings. To configure an LDAP service for the exclusive use of this organization, set the value of OrgLdapMode to CUSTOM and include a CustomOrgLdapSettings element in the modified OrgLdapSettings. |
3 | Update the OrgLdapSettings with your modifications. Find the Link element in the settings element where rel="edit". Make a PUT request to the URL in that link's href attribute value, and supply the modified section as the request body. See Example: Update Organization LDAP Settings. |
This example updates the OrgLdapSettings of the organization created in Example: Create an Organization. The update sets the value of the CustomUsersOu element to specify that only LDAP users whose OU attribute has a value of Finance are imported into this organization.
PUT https://vcloud.example.com/api/admin/org/26/settings/ldap Content-Type: application/vnd.vmware.admin.organizationLdapSettings+xml ... <?xml version="1.0" encoding="UTF-8"?> <OrgLdapSettings ... > <OrgLdapMode>SYSTEM</OrgLdapMode> <CustomUsersOu>OU=Finance</CustomUsersOu> </OrgLdapSettings>