How to Add AD/LDAP to VMware NSX-T 3.2

Posted by

NSX-T-T now allows LDAP/AD as an alternative to using the VMware identity manager solution.  This is perfect for environments that only need to control authentication of the NSX-T environment.

When integrating with Active Directory, NSX Manager allows users to log in using their samAccountName, or userPrincipalName. If the @domain portion of the userPrincipalName does not match the domain of the Active Directory instance, then you should also configure an alternative domain in the LDAP configuration for NSX.

How to integrate:

System > Setting > Users and Roles > LDAP

Add Identity Source

You need to provide the name


AD over LDAP

Base DN

Then click Set for LDAP Server

**To add an Active Directory domain, a base distinguished name (Base DN) is needed. A Base DN is the starting point that an LDAP server uses when searching for users authentication within an Active Directory domain. For example, if your domain name is corp.local the DN for the Base DN for Active Directory is “DC=corp,DC=local”.

All of the user and group entries you intend to use to control access to NSX-T Data Center must be contained within the LDAP directory tree rooted at the specified Base DN. If the Base DN is set to something too specific, such as an Organizational Unit deeper in your LDAP tree, NSX may not be able to find the entries it needs to locate users and determine group membership. Selecting a broad Base DN is a best practice if you are unsure.

Add LDAP Server

Provide your AD servers information

Wait till the connection status turns successful

Confirm AD has been added

Leave a Reply