{"id":265,"date":"2013-05-30T09:25:56","date_gmt":"2013-05-30T14:25:56","guid":{"rendered":"https:\/\/www.softwareab.net\/wordpress\/?p=265"},"modified":"2013-06-05T10:24:06","modified_gmt":"2013-06-05T15:24:06","slug":"vcloud-director-delete-ldap-user-group-prevents-adding-again","status":"publish","type":"post","link":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/","title":{"rendered":"vCloud Director: Delete LDAP user \/ group prevents adding again&#8230;"},"content":{"rendered":"<p>Hi All&#8230;as part of vCloud Director proof-of-concept I discovered this troubling problem: It is impossible to switch LDAP from Simple to Kerberos and allow existing vCloud Director admin users \/ groups to login. See below for the gory details:<\/p>\n<p><!--more--><\/p>\n<p><strong>UPDATE as of 5 JUN 2013:<\/strong>\u00c2\u00a0I could not figure a way to workaround this problem and I cannot open a VMware support ticket (I&#8217;m just evaluating this software). So the final answer is&#8230;be Very Careful how you setup vCloud Director authentication.<\/p>\n<p>I have a VMware Communities post on this at <a href=\"http:\/\/communities.vmware.com\/thread\/447657\">http:\/\/communities.vmware.com\/thread\/447657<\/a> &#8211; see that for replies and comments.<\/p>\n<p>Also I&#8217;ve attached a PDF that has all the below information as well as lots of screenshots&#8230;just open it using this link: <a href=\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2013\/05\/Documentation-for-reported-error-where-LDAP-cannot-be-switched-from-Simple-to-Kerberos.pdf\">Documentation for reported error where LDAP cannot be switched from Simple to Kerberos<\/a>.<\/p>\n<p>Requirements:<\/p>\n<ul>\n<li>vCD 5.1.2 (latest patches) with simple LDAP authentication and AD usersimported.<\/li>\n<li>Two brand-new test Active Directory users TestAccount1 and TestAccount2 that have *not* ever been entered into vCloud Director as owning any objects<\/li>\n<\/ul>\n<p>Procedure:<\/p>\n<ul>\n<li>Set LDAP to Simple.<\/li>\n<li>Under Admin \/ Users: Import AD TestAccount1. Displays with sAMAccountName.<\/li>\n<li>Validate TestAccount1 login (using sAMAccountName).<\/li>\n<li>Change LDAP authentication from Simple to Kerberos.<\/li>\n<li>Under Admin \/ Users: Import AD TestAccount2. Displays with userPrincipalName.<\/li>\n<li>Validate TestAccount2 login (using userPrincipalName).<\/li>\n<li>Verify TestAccount1 login no longer works.<\/li>\n<li>Under Admin \/ Users: Disable and Delete AD TestAccount1.<\/li>\n<li>Under Admin \/ Users: Import AD TestAccount1 user again. Verify that \u00e2\u20ac\u201c although Kerberos is in effect \u00e2\u20ac\u201c user continues to display with sAMAccountName.<\/li>\n<li>Verify that TestAccount1 longer continues not to work.<\/li>\n<\/ul>\n<p>If I get a solution I&#8217;ll update this post. Until then&#8230;*choose carefully* your LDAP integration mechanism because &#8211; once chosen &#8211; you cannot change it!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi All&#8230;as part of vCloud Director proof-of-concept I discovered this troubling problem: It is impossible to switch LDAP from Simple to Kerberos and allow existing vCloud Director admin users \/ groups to login. See below for the gory details:<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,11],"tags":[28,20],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>vCloud Director: Delete LDAP user \/ group prevents adding again... - softwareab<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"vCloud Director: Delete LDAP user \/ group prevents adding again... - softwareab\" \/>\n<meta property=\"og:description\" content=\"Hi All&#8230;as part of vCloud Director proof-of-concept I discovered this troubling problem: It is impossible to switch LDAP from Simple to Kerberos and allow existing vCloud Director admin users \/ groups to login. See below for the gory details:\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/\" \/>\n<meta property=\"og:site_name\" content=\"softwareab\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cloudraticsolutions\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/cloudraticsolutions\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-05-30T14:25:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-06-05T15:24:06+00:00\" \/>\n<meta name=\"author\" content=\"Andrew Bruce\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@realcloudratics\" \/>\n<meta name=\"twitter:site\" content=\"@realcloudratics\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Bruce\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/\"},\"author\":{\"name\":\"Andrew Bruce\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"headline\":\"vCloud Director: Delete LDAP user \/ group prevents adding again&#8230;\",\"datePublished\":\"2013-05-30T14:25:56+00:00\",\"dateModified\":\"2013-06-05T15:24:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/\"},\"wordCount\":288,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"keywords\":[\"vcloud\",\"vmware\"],\"articleSection\":[\"Teknocratica\",\"VMware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/\",\"name\":\"vCloud Director: Delete LDAP user \/ group prevents adding again... - softwareab\",\"isPartOf\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#website\"},\"datePublished\":\"2013-05-30T14:25:56+00:00\",\"dateModified\":\"2013-06-05T15:24:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.softwareab.net\/wordpress\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"vcloud\",\"item\":\"https:\/\/www.softwareab.net\/wordpress\/tag\/vcloud\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"vCloud Director: Delete LDAP user \/ group prevents adding again&#8230;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#website\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/\",\"name\":\"softwareab\",\"description\":\"Technocratica, Technopolitik, Technophobia\",\"publisher\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.softwareab.net\/wordpress\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600\",\"name\":\"Andrew Bruce\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg\",\"contentUrl\":\"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg\",\"width\":400,\"height\":330,\"caption\":\"Andrew Bruce\"},\"logo\":{\"@id\":\"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/\"},\"description\":\"Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!\",\"sameAs\":[\"http:\/\/cloudraticsolutions.net\/\",\"https:\/\/www.facebook.com\/cloudraticsolutions\/\",\"https:\/\/twitter.com\/realcloudratics\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"vCloud Director: Delete LDAP user \/ group prevents adding again... - softwareab","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/","og_locale":"en_US","og_type":"article","og_title":"vCloud Director: Delete LDAP user \/ group prevents adding again... - softwareab","og_description":"Hi All&#8230;as part of vCloud Director proof-of-concept I discovered this troubling problem: It is impossible to switch LDAP from Simple to Kerberos and allow existing vCloud Director admin users \/ groups to login. See below for the gory details:","og_url":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/","og_site_name":"softwareab","article_publisher":"https:\/\/www.facebook.com\/cloudraticsolutions\/","article_author":"https:\/\/www.facebook.com\/cloudraticsolutions\/","article_published_time":"2013-05-30T14:25:56+00:00","article_modified_time":"2013-06-05T15:24:06+00:00","author":"Andrew Bruce","twitter_card":"summary_large_image","twitter_creator":"@realcloudratics","twitter_site":"@realcloudratics","twitter_misc":{"Written by":"Andrew Bruce","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/#article","isPartOf":{"@id":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/"},"author":{"name":"Andrew Bruce","@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"headline":"vCloud Director: Delete LDAP user \/ group prevents adding again&#8230;","datePublished":"2013-05-30T14:25:56+00:00","dateModified":"2013-06-05T15:24:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/"},"wordCount":288,"commentCount":1,"publisher":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"keywords":["vcloud","vmware"],"articleSection":["Teknocratica","VMware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/","url":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/","name":"vCloud Director: Delete LDAP user \/ group prevents adding again... - softwareab","isPartOf":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#website"},"datePublished":"2013-05-30T14:25:56+00:00","dateModified":"2013-06-05T15:24:06+00:00","breadcrumb":{"@id":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.softwareab.net\/wordpress\/vcloud-director-delete-ldap-user-group-prevents-adding-again\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.softwareab.net\/wordpress\/"},{"@type":"ListItem","position":2,"name":"vcloud","item":"https:\/\/www.softwareab.net\/wordpress\/tag\/vcloud\/"},{"@type":"ListItem","position":3,"name":"vCloud Director: Delete LDAP user \/ group prevents adding again&#8230;"}]},{"@type":"WebSite","@id":"https:\/\/www.softwareab.net\/wordpress\/#website","url":"https:\/\/www.softwareab.net\/wordpress\/","name":"softwareab","description":"Technocratica, Technopolitik, Technophobia","publisher":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.softwareab.net\/wordpress\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/1337443eaeb75104e0410b508e67f600","name":"Andrew Bruce","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/","url":"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg","contentUrl":"https:\/\/www.softwareab.net\/wordpress\/wp-content\/uploads\/2024\/03\/andy-cartoon.jpg","width":400,"height":330,"caption":"Andrew Bruce"},"logo":{"@id":"https:\/\/www.softwareab.net\/wordpress\/#\/schema\/person\/image\/"},"description":"Team-oriented systems mentor with deep knowledge of numerous software methodologies, technologies, languages, and operating systems. Excited about turning emerging technology into working production-ready systems. Focused on moving software teams to a higher level of world-class application development. Specialties:Software analysis and development...Product management through the entire lifecycle...Discrete product integration specialist!","sameAs":["http:\/\/cloudraticsolutions.net\/","https:\/\/www.facebook.com\/cloudraticsolutions\/","https:\/\/twitter.com\/realcloudratics"]}]}},"_links":{"self":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/265"}],"collection":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/comments?post=265"}],"version-history":[{"count":4,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/265\/revisions"}],"predecessor-version":[{"id":269,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/posts\/265\/revisions\/269"}],"wp:attachment":[{"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/media?parent=265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/categories?post=265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.softwareab.net\/wordpress\/wp-json\/wp\/v2\/tags?post=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}