OpenLDAP schemas supported in VMware vCloud Director 9.x
search cancel

OpenLDAP schemas supported in VMware vCloud Director 9.x


Article ID: 341315


Updated On:


VMware Cloud Director


This article provides information on OpenLDAP schemas supported in vCloud Director 9.x and the derivatives of OpenLDAP and schemas that can be used with vCloud Director 9.x when using an Open LDAP identity source.
It also provides information on the requirements for certain objectClasses and attributes and the limitations.


VMware Cloud Director for Service Provider 9.x


Currently, vCloud Director supports the use of OpenLDAP as an identity source only if it satisfies all of these requirements:
  • The OpenLDAP schema is RFC4519 compliant
  • All users have an objectClass of inetOrgPerson
  • All groups have an objectClass of groupOfUniqueNames
  • All groups have a group membership attribute of uniqueMember
  • All users and group objects have entryUUID configured (The objects have a unique GUID and should not be changing)
Note: This is required for adding users or groups from OpenLDAP to any group or role apart from vSphere.local.
In vSphere 5.5a and later, entryUUID is no longer a required attribute for OpenLDAP users to authenticate, but it still remains a requirement for users/groups to add them into vsphere.local groups.
Users or objects that are deleted and recreated in the LDAP tree without preserving entryUUID may remove the users from vsphere.local groups.

Additional Information

If any of these requirements are missing or if the schema is non-compliant, the OpenLDAP identity source is unsupported with vCenter Single Sign-On.