9

Can vCenter authenticate against FreeIPA instead of Active Directory? If so, how would you set it up?

We have a pure Linux environment (CentOS) and need to have vCenter and our VM's have the same users. vCenter is deployed as a Linux appliance. Would prefer not to have a Windows machine in our environment.

ewwhite
  • 194,921
  • 91
  • 434
  • 799
Luke
  • 1,892
  • 4
  • 22
  • 27
  • I suspect some pretty heavy modification would be needed on one side or another. vCenter's use of AD LDS glues it to Microsoft AD pretty closely, I think. – Shane Madden Aug 01 '12 at 03:57
  • I'd say that this is probably a NO, but VMWare can confirm it for you. – ewwhite Aug 15 '12 at 20:26

2 Answers2

6

The VMware vCenter appliance (SuSE Linux-based) uses Likewise (open?) for Active Directory authentication. See the notes on joining AD here.

That would be your starting point; examining interoperability between Likewise and FreeIPA...

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • Looks like I'll probably have to setup an AD server and synchronize with IPA. I'm hoping that version 3.0 (current in beta) will allow Likewise to authenticate against AD directly. I'll follow up later on what we ended up doing. – Luke Sep 15 '12 at 18:15
  • Anyone know if anything has changed with vCenter 5.1? – Luke Oct 02 '12 at 00:04
  • @Luke The appliance hasn't changed much. However, you may be able to get away from the Active Directory requirement. You'll want Windows, though. Look up *vCenter Single Sign-On Server* in the [5.1 Technical Guide](http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vCenter-Server-51-Technical-Whitepaper.pdf). *Administrators can utilize additional identity sources to maintain their current identity solution(s) of choice and provide user and solution authentication without a Microsoft Active Directory server*. – ewwhite Oct 02 '12 at 01:59
3

I've just went through coupling Vcenter 5.5 and FreeIPA. You can add it as OpenLDAP identity source and add individual users to a vcenter roles. unfortunately I couldn't operate groups, can't even see them in the list.

stimur
  • 894
  • 5
  • 11