Create a LDAP Group
Like LDAP users you can also add LDAP groups to vCenter Chargeback.
You must have the Super User role or the Administrator role to perform this task.
N
OTE
Only a user with the Super User role can assign a role when creating a user.
Prerequisites
Before you add a LDAP group, ensure that the LDAP server is configured in the application. If no LDAP Server
is configured in vCenter Chargeback, an error message stating the same is displayed when adding a LDAP
group.
Procedure
1
In the Users & Roles tab, click Users.
A table listing all the users created in the application is displayed.
2
Click Create.
The Add User Account screen is displayed.
3
Select LDAP Group from the User Type list.
4
Select the required LDAP Server.
The LDAP Groups section of the screen displays a table listing the Active Directory groups defined in the
selected LDAP server. The number of groups listed in this table is limited by the LDAP Limit set in the
LDAP Server configuration.
5
Select the required group from the LDAP Groups section.
You can add multiple groups at the same time by selecting each of the required groups from the LDAP
Groups section. You can select more than one group by pressing the Ctrl button and clicking the required
group names.
You can also search for a group by specifying the group name or a search string in the LDAP Groups
section and clicking Search. The application searches all the Unique Name (samAccountName in
Windows Active Directory) and Common Name values in the Windows Active Directory and return all
the groups that match the search string.
6
Select the required option from the Role section.
The default is not to assign any role. You can alternately assign the Administrator role to the group on
vCenter Chargeback. An LDAP group cannot be assigned the Super User role.
7
Click Add.
The newly added LDAP groups are added to the table displaying the users and groups added to the application
on the Users page.
After a LDAP group is added, a user belonging to that group can log in to the application. This LDAP user
need not be explicitly added to the application. The LDAP user will have the same role as that set on the LDAP
group.
What to do next
The role assigned to the group defines the permission that the group has in the application. You must, however,
assign roles to the group on the individual resources for granting access on those resources.
Chapter 4 Authenticating and Managing Users, Roles, and Permissions
VMware, Inc.
69