Bug 1572387
Summary: | Documents for integrating LDAP or AD with External Auth have issues | ||
---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Jeffrey Cutter <jcutter> |
Component: | Documentation | Assignee: | Dayle Parker <dayleparker> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Shriver <mshriver> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.9.0 | CC: | brant.evans, hhudgeon, mpusater, obarenbo |
Target Milestone: | GA | ||
Target Release: | cfme-future | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | auth:externalauth | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-01-09 06:28:17 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jeffrey Cutter
2018-04-26 22:46:27 UTC
The instructions for having to join the domain for the AD instructions are different than what is done if the miqldap_to_sssd tool is used to convert from the integrated LDAP auth to SSSD. The miqldap_to_sssd tool does not cause the appliance to be joined to the AD domain. Hi Jeff, Thanks for raising this bug. The docs team is aware of the inconsistencies; I created a separate guide for 4.6 [1] and reorganized all the authentication topics there to make it easier to find for CloudForms users. I'd love any feedback if you have time to give it a quick look. The Kbase solution content has been edited and pulled into this new title (in "4.2. Configuring Authentication with Active Directory"), so I think we should be OK to deprecate the article -- I'll take care of that. I will also make the corrections you've mentioned, thanks for listing those! As for the differences in the MIQ and CF docs, we are working on syncing the upstream/downstream auth content better, so I'll keep you updated on that effort. Please let me know if you spot anything else related to the authentication docs in the meantime. Cheers, Dayle [1] https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html-single/managing_authentication_for_cloudforms/ More work has happened on this downstream content over the last while in several bugs, in particular: https://bugzilla.redhat.com/show_bug.cgi?id=1535271 - adds the Kbase content into the new Managing Authentication guide https://bugzilla.redhat.com/show_bug.cgi?id=1591079 - tested and edited the Active Directory integration with SMEs from the customer support team. We also found in our testing that the docs were missing a key part of this procedure, now contained in "4.2.2. Mapping Active Directory Users to CloudForms User Roles". The content in the Red Hat documentation is up to date and should be referred to over other sources. As a team, we decided it wasn't best to deprecate the Kbase article (https://access.redhat.com/solutions/2751431) as it's been well-trafficked and bookmarked over time. It is still available online, but I've added notes throughout referring readers to the most up-to-date, maintained version of this procedure, which is contained in the Managing Auth guide. The source content upstream (ManageIQ) is maintained in a separate repo and structure --> https://github.com/ManageIQ/manageiq_docs/tree/master/auth . For any concerns, it would be best to raise a GitHub issue. I've also made a few edits to the Managing Auth guide section to include points listed above. This is now live in the 4.6 and 4.7 (beta) docs: https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.7-beta/html-single/managing_authentication_for_cloudforms/#external_active_directory https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html-single/managing_authentication_for_cloudforms/#external_active_directory |