Hide Forgot
Document URL: https://access.redhat.com/documentation/en/red-hat-cloudforms/4.1/single/general-configuration Section Number and Name: 4.1.4.2.2. - LDAP Settings Describe the issue: Active Directory is a very common authentication mechanism; as such, many of our customers are faced with configuring CloudForms to work with Active Directory. We should use AD as the prime example for configuring LDAP authentication so that users have a guide to follow. Suggestions for improvement: Use screenshots in Active Directory, explain how groups in AD must map to groups/roles in CF, basically expose a step-by-step example on using AD for LDAP(S) authentication in CF. Additional information: Make note of certain gotchas that will prevent authentication from working. For example, if Display Name is not set in Active Directory, CloudForms will error out with the following message: [----] W, [2016-11-22T15:00:00.730709 #3278:123f1f8] WARN -- : <AuditFailure> MIQ(Authenticator.rescue in block in authorize) userid: [xxxxxxxxxx] - Validation failed: Name can't be blank
Hi David, Sorry for the delay on this, and thanks for raising this issue. We've been improving the LDAP content over a few releases, and in the 4.6 release, we moved the authentication instructions to its own guide (it was a bit buried in the General Configuration guide), where I added a new section for Active Directory for External authentication [1] also. I would also love to have your review on the LDAP section (and the guide in general) -- please let me know if you spot anything needing fixing/clarifying, or if you think we're good to close this RFE. LDAP: https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html-single/managing_authentication_for_cloudforms/#ldap_settings AD/External auth: https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html-single/managing_authentication_for_cloudforms/#external_active_directory Thank you, Dayle [1] https://bugzilla.redhat.com/show_bug.cgi?id=1535271
(In reply to Dayle Parker from comment #2) > Hi David, > > Sorry for the delay on this, and thanks for raising this issue. > > We've been improving the LDAP content over a few releases, and in the 4.6 > release, we moved the authentication instructions to its own guide (it was a > bit buried in the General Configuration guide), where I added a new section > for Active Directory for External authentication [1] also. > > I would also love to have your review on the LDAP section (and the guide in > general) -- please let me know if you spot anything needing > fixing/clarifying, or if you think we're good to close this RFE. > > LDAP: > https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html- > single/managing_authentication_for_cloudforms/#ldap_settings > > AD/External auth: > https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html- > single/managing_authentication_for_cloudforms/#external_active_directory > > Thank you, > Dayle > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1535271 Hi Dayle- Likewise, sorry for the delay in my reply! The docs look great--thanks for this! One question: there is no mention of what Domain Prefix is or what it's for. If it's optional, maybe we should state that just like other fields do. Great work :-)
Hi David, Many thanks for having a look through the doc! Good catch about defining the Domain Prefix too. I've been looking around for some info, but with no luck so far. I am hoping Joe Vlcek might be able to provide some idea about this field. @Joe, can you share some info on what "Domain Prefix" is (for LDAP configuration), if it's optional, and what it does? https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html-single/managing_authentication_for_cloudforms/#ldap_config Thanks so much, Dayle
(In reply to Dayle Parker from comment #4) > Hi David, > > Many thanks for having a look through the doc! Good catch about defining the > Domain Prefix too. I've been looking around for some info, but with no luck > so far. I am hoping Joe Vlcek might be able to provide some idea about this > field. > > @Joe, can you share some info on what "Domain Prefix" is (for LDAP > configuration), if it's optional, and what it does? > > https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html- > single/managing_authentication_for_cloudforms/#ldap_config > > Thanks so much, > Dayle The Domain Prefix is only used when the LDAP Host is Active Directly. It represents the prefix name in the Active Directory Domain. When SAM Account Name is specified for the user type the Domain Prefix is used to construct the fully qualified user name: <domain prefix>\<user> So Domain Prefix only needs to be entered when the LDAP directory is an AD and when SAM Account Name is specified for the user type. Hope this helps. JoeV
Thank you, Joe! That's super helpful :) Chris, I have added an entry for Domain Prefix to the LDAP part of the authentication guide -- would you mind reviewing? Please let me know if you think it needs any corrections/edits. I also removed a few steps that I just noticed were duplicated. https://github.com/ManageIQ/manageiq_docs/pull/810 Thank you, Dayle
Created attachment 1423929 [details] edited LDAP options and domain prefix Here's a preview of the built revision.
These updates are now live in the 4.5 and 4.6 docs: https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html-single/general_configuration/#ldap_settings https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html-single/managing_authentication_for_cloudforms/#ldap_config