Adding LDAP authentication to ESX

The ESX console and the VI Client (newly re-branded as vSphere) the two ways to get in to an ESX server.  When you have ‘multiple cooks’, it becomes a requirement to be able to track who has done what on the system, and this is where ESX can be tweaked to provide granular authentication.

span style=text-decoration: underline;strongThe ESX Console/strong/span

The ESX console, honestly, should be avoided at all costs.  It is very easy to completely disrupt your VM’s if you make a mistake in the console.  However, the console is key in the event administrative steps are necessary, like importing a VMDK to a vmfs volume, enabling ssh, enabling monitoring, etc.

To enable LDAP authentication, log on to the console and enter the following command:
ul
liesxcfg-auth –enableldap –ldapserver=your.ldap.server.com –ldapbasedn=dc=yourdomain,dc=com/li
/ul
What this does it is enables the console to get user information from ldap as well as enable user authentication via LDAP.

A few services now need to be restart in order to reflect the new authentication scheme:
ul
li/etc/init.d/sshd restart/li
lifont style=position: absolute;overflow: hidden;height: 0;width: 0a href=http://www.videnov.com/#1084;#1077;#1073;#1077;#1083;#1080; #1074;#1072;#1088;#1085;#1072;/a/font/etc/init.d/vmware-vmkauthd restart/li
li/etc/init.d/mgmt-vmware restart/li
/ul
span style=text-decoration: underline;strongVI Client / vSphere Client
/strong/span

Now that the underlying system recognizes LDAP users and passwords, you have to enable them within the GUI and provide them with an access level.
ul
liStart up the VI Client and log in as root./li
liUnder File-gt;New select Add Permission.. and a new window will pop up./li
liOn the left side of the screen, toward the bottom, select Add../li
liFollow the prompts to add users and/or groups to the list on the left./li
liOn the right side, select the permission level you wish to grant them./li
/ul

Leave a Reply