Description of problem:
The Satellite 6.0 release added the option to use --foreman-ipa-authentication=true to enable external authentication via Apache modules, currently only documented at http://theforeman.org/manuals/1.6/index.html#5.7ExternalAuthentication.
Recently, additional setups were requested: direct AD integration using sssd but without cross-realm trust, or using sssd with ldap providers to allow for LDAP failover that sssd supports. In those cases, the assumption of the --foreman-ipa-authentication=true approach are not met -- the /etc/ipa/default.conf does not exist, for example.
It is possible to fake the system being IPA-enrolled for the installer to pass but it is cumbersome.
It'd be useful to have additional external authentication setups (especially with sssd) supported.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Use realm join to join the Satellite machine directly to AD.
2. Or manually configure sssd to use LDAP server.
3. Try to run katello-installer to have Satellite 6 configured to use this external authentication.
It is possible.
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Created redmine issue http://projects.theforeman.org/issues/15900 from this bug
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in product in the forseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.