Bug 1475887 - [Docs][Config] LDAP roles and groups descriptions
Summary: [Docs][Config] LDAP roles and groups descriptions
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Documentation
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: GA
: cfme-future
Assignee: Dayle Parker
QA Contact: Suyog Sainkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-27 14:35 UTC by Tsai Li Ming
Modified: 2017-09-20 07:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-20 07:07:29 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Tsai Li Ming 2017-07-27 14:35:37 UTC
Document URL: 
https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html-single/general_configuration/#ldap_settings

Section Number and Name: 
4.1.4.2.4. Assigning Red Hat CloudForms Account Roles Using LDAP Groups

Describe the issue: 
"LDAPuser1 attempts to log into Red Hat CloudForms, so Red Hat CloudForms queries the LDAP server to verify it knows LDAPuser1. The LDAP server then confirms that it knows LDAPuser1, and provides information about the LDAP groups LDAPuser1 belongs to: Group1. Red Hat CloudForms then looks up Group1 and discovers that Group1 has several roles: Role1, Role2 and Role3. Red Hat CloudForms then associates LDAPuser1 with Group1 in Red Hat CloudForms, and then allows the user to perform tasks allowable by those roles."

Suggestions for improvement: 
Is it correct to say that "Red Hat CloudForms then looks up Group1 and discovers that Group1 has several roles: Role1, Role2 and Role3." I believe there is 1-1 relationship between Group and Role? A group in CloudForms can only be associated with 1 role?

Comment 2 Andrew Dahms 2017-08-29 01:57:33 UTC
Assigning to Dayle for review.

Dayle - see the above for a query about authentication in CloudForms. You might already know the answer to this, otherwise it looks like we might need to provide some added clarification.

Comment 7 Dayle Parker 2017-09-18 00:42:55 UTC
Hi Suyog,

I've corrected the LDAP/groups/roles example in the General Configuration guide.

While I was editing, I also broke down the example into steps so it's more readable, and changed the {product-title} entity to {product-title_short} throughout the Authentication section for improved readability.

Please let me know if you spot anything needing fixing, or if you want a preview (I didn't create one as it's mostly line edits).

https://github.com/ManageIQ/manageiq_docs/pull/506

Many thanks,
Dayle

Comment 9 Dayle Parker 2017-09-20 07:07:29 UTC
This update is now live in the 4.5 and 4.2 General Configuration guides in the "4.1.4.2. Authentication" section:

https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html-single/general_configuration/ 

https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.2/html-single/general_configuration/


Note You need to log in before you can comment on or make changes to this bug.