VMware NSX Network Detection and Response LDAP Integration
• auth_method — Method of authentication. Must be "account".
•
username — User Portal account username.
•
password — User Portal account password.
• verify_ssl — Defines whether to perform SSL certificate validation. Set this to "false" if you
are using a self-signed certificate.
• timeout — HTTP request timeout in seconds. "20" is recommended.
Step 3: Add a new configuration
Use the add sub-command of the lastline_configure_ldap_integration.py script to add a new
directory configuration for an Active Directory server, example.com:
lastline@lastline-manager:~$ lastline_configure_ldap_integration.py -c config.ini add \
--name "Example Directory" --server example.com --user-search-base DC=example,DC=com \
The add sub-command returns the UUID of the LDAP directory configuration which is used in the
following step.
Step 4: Add user groups to the configuration
Populate the map from LDAP groups to VMware account roles through multiple uses of the add-
group sub-command:
lastline@lastline-manager:~$ lastline_configure_ldap_integration.py -c config.ini add-group \
d41d8cd98f00b204e9800998ecf8427e Reviewers read_only
lastline@lastline-manager:~$ lastline_configure_ldap_integration.py -c config.ini add-group \
d41d8cd98f00b204e9800998ecf8427e Analysts analyst
In the above example:
• The values of d41d8cd98f00b204e9800998ecf8427e and d41d8cd98f00b204e9800998ecf8427e
refer to the UUID that was returned in the previous step.
• The values of Reviewers and Analysts refer to the LDAP group name.
• The values of read_only and analyst refer to the VMware NSX Network Detection and
Response role.
Note:
If the group name attribute is not configured (--group-name-attribute ""), LDAP groups
are specified by FDN rather than by name in the group-to-role map.
VMware, Inc. 4