Hide Forgot
Description of problem: I've set up ldap as auth provider and I can see users by calling "externalusers" function. I was not able to authenticate as ldap user into USM UI and API. I expect that after configuring ldap, users can login without any importing, please see MVP-042. Version-Release number of selected component (if applicable): rhscon-ui-0.0.6-0.1.alpha1.el7.noarch rhscon-core-0.0.6-0.1.alpha1.el7.x86_64 rhscon-ceph-0.0.4-0.1.alpha1.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. configure ldap auth provider 2. try to log in as one of ldap users Actual results: ldap user cannot log in. Expected results: ldap users can log in and have proper role.
This is not a bug. By design and based on the grooming/UX discussions, user must be imported to USM. If the user is not imported, USM treat the user as invalid and will not continue with login.
So according to my expectation an external LDAP could potentially have 1000's of users. Obviously only a small subset would need to log into USM. Is the term "import" meant to allow this type of access? i.e. although the authentication is delegated to the ldap system, the "import" allows that person access to USM? If so then I would say this bug is invalid, but the use of the word "import" might be confusing to some users. Perhaps this is only a documentation issue.
That is right Jeff. Import means adding a subset of users who can access USM from LDAP
User import tested with rhscon-core-0.0.29-1.el7scon.x86_64 rhscon-ui-0.0.43-1.el7scon.noarch and it works. --> Verified I agree that current implementation is more logical than fuzzy Requirement.