backward compatibility
Active Directory as LDAP server
When adding Identity Source in Vmware Vcenter, there is an option : The Active Directory as an LDAP Server
Vmware website stated:
I am not sure what they mean by backward compatibility.
Any clarification on that ?
Thank you
When adding Identity Source in Vmware Vcenter, there is an option : The Active Directory as an LDAP Server
Vmware website stated:
The Active Directory as an LDAP Server identity source is available for backward compatibility. Use the Active Directory (Integrated Windows Authentication) option for a setup that requires less input
I am not sure what they mean by backward compatibility.
Any clarification on that ?
Thank you
ASKER
but what do they mean by :
Active Directory as LDAP server and Active Directory (Integrated Windows Authentication)
to my understand if you have Active Directory then it is you LDAP server and it offers Integrated Windows Authentication.
Why it is 2 separate options if the meaning is the same ?
Thanks
Active Directory as LDAP server and Active Directory (Integrated Windows Authentication)
to my understand if you have Active Directory then it is you LDAP server and it offers Integrated Windows Authentication.
Why it is 2 separate options if the meaning is the same ?
Thanks
They do not mean the same.
Microsoft Active Directory also provides a LDAP server function.
it can also provide a Microsoft Active Directory function.
They are two different services, because some applications do not support Active Directory directly, but you still may want to use Active Directory as an authentication source, and therefore you can do this via LDAP.
Microsoft Active Directory also provides a LDAP server function.
it can also provide a Microsoft Active Directory function.
They are two different services, because some applications do not support Active Directory directly, but you still may want to use Active Directory as an authentication source, and therefore you can do this via LDAP.
ASKER
There is Active Directory Lightweight Directory Services (AD LDS) and the full blown Microsoft Active Directory
two methods of using Authentication.
LDAP and Microsoft Active Directory.
LDAP is the protocol used to Access AD information. (useful for applications which do not have full Windows Active Directory functionality, but still what to single sign on, authenticate to something).
(Active Directory Lightweight Directory Services - additional!)
LDAP can be used against other Authentication systems which are not related to Microsofts.
LDAP and Microsoft Active Directory.
LDAP is the protocol used to Access AD information. (useful for applications which do not have full Windows Active Directory functionality, but still what to single sign on, authenticate to something).
(Active Directory Lightweight Directory Services - additional!)
LDAP can be used against other Authentication systems which are not related to Microsofts.
ASKER
LDAP is the protocol , used talk to Active Directory or other open source for authentication
if you look again at the snapshot,
option 1 : that 's Windows AD
Option 2: ???
Option 3: Open Source AUthentication using LDAP protocol
Option 4 : Local OS...which means there is no centralized authenication database
So Option 2 is not clear ....it sounds the same as Option 1 as they both mention Active Directory, so they are both Windows...
The only Windows Active Directory Authentication that I am aware of are the full blown Windows Active directory also called ADDS
where you install Domain Controller ..
There is ADAM now called AD LDS, it does not need to be installed on a Domain Controller
if you look again at the snapshot,
option 1 : that 's Windows AD
Option 2: ???
Option 3: Open Source AUthentication using LDAP protocol
Option 4 : Local OS...which means there is no centralized authenication database
So Option 2 is not clear ....it sounds the same as Option 1 as they both mention Active Directory, so they are both Windows...
The only Windows Active Directory Authentication that I am aware of are the full blown Windows Active directory also called ADDS
where you install Domain Controller ..
There is ADAM now called AD LDS, it does not need to be installed on a Domain Controller
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess what they meant on the screenshot I posted depends on where you are installing and configuring VCenter.
If you are installing Vcenter on Windows Server then the first option can be selected .Integrated windows authentication means Vcenter can take the credentials that the user has used to login to windows server where Vcenter is installed on and login automatically to Vcenter without re-intering them again
Option 2: If you are installing Vcenter on Linux you still can use Active DIrectory for Authentication but you have explicitely to enter user name and password since credentials you used to login with to Linux will not automatically apply to AD authentication.
If you are installing Vcenter on Windows Server then the first option can be selected .Integrated windows authentication means Vcenter can take the credentials that the user has used to login to windows server where Vcenter is installed on and login automatically to Vcenter without re-intering them again
Option 2: If you are installing Vcenter on Linux you still can use Active DIrectory for Authentication but you have explicitely to enter user name and password since credentials you used to login with to Linux will not automatically apply to AD authentication.
It gives you a choice of how you want to setup your Authentication.
Your vCenter Server maybe at the end of a WAN link, and you have firewalls in place, but opening a single port 389 TCP LDAP will provide the authentication you need.
Again it's based on your design and gives your options for deployment.
Your vCenter Server maybe at the end of a WAN link, and you have firewalls in place, but opening a single port 389 TCP LDAP will provide the authentication you need.
Again it's based on your design and gives your options for deployment.
ASKER
Thank you
I guess what they meant on the screenshot I posted depends on where you are installing and configuring VCenter.
If you are installing Vcenter on Windows Server then the first option can be selected .Integrated windows authentication means Vcenter can take the credentials that the user has used to login to windows server where Vcenter is installed on and login automatically to Vcenter without re-intering them again
Option 2: If you are installing Vcenter on Linux you still can use Active DIrectory for Authentication but you have explicitely to enter user name and password since credentials you used to login with to Linux will not automatically apply to AD authentication.
if you are using this (LDAP) see the Microsoft announcements about LDAP changes!
(you may not be using Microsoft as a Directory Structure), and just may need an "open" LDAP authentication source.
(they may also mean Active Directory may not work with Windows 2003!)
see here for definitions
https://www.varonis.com/blog/the-difference-between-active-directory-and-ldap/
BUT there was a recent issue with LDAP and Microsoft Server last year...
see here
https://redmondmag.com/articles/2019/09/11/ldap-fix-for-windows-systems.aspx?m=1