Configuring LDAPS fails with identity provider type not supported via vCenter REST API
search cancel

Configuring LDAPS fails with identity provider type not supported via vCenter REST API

book

Article ID: 438710

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Unable to configure Active Directory over LDAP (LDAPS) using the vCenter REST API endpoint
    POST /api/vcenter/identity/providers.
  • Attempts to use this API result in the following error messages:
    Structure com.vmware.vcenter.identity.providers.create_spec has a union that is missing a required field for this case: oauth2
  • After payload correction, the following error is returned:
    "args": ["Provided Identity provider type ACTIVE_DIRECTORY_OVER_LDAP is not supported yet."]

Environment

vCenter Server

Cause

The vCenter REST API endpoint POST /api/vcenter/identity/providers does not currently support configuring the ACTIVE_DIRECTORY_OVER_LDAP identity provider type.

Resolution

There is currently no official REST API method to configure LDAPS. To resolve this issue, configure the LDAPS identity source using one of the following supported methods:

  1. Configure the identity source manually via the vSphere Client UI.

  2. Use the sso-config command-line utility as documented in Broadcom KB 319662.

Alternative Workaround (Community Module): An unofficial, open-source PowerCLI module (VMware.vSphere.SsoAdmin) can be utilized to automate this configuration.

Note: VMware by Broadcom does not take any responsibility for any issues that arise as a result of using this unofficial module. 

 

Additional Information

PowerCLI module for managing vSphere SSO Admin - Support team limitations

Powered by Wolken Software