Bug 1475887 - [Docs][Config] LDAP roles and groups descriptions
[Docs][Config] LDAP roles and groups descriptions
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Documentation (Show other bugs)
Unspecified Unspecified
medium Severity medium
: GA
: cfme-future
Assigned To: Dayle Parker
Suyog Sainkar
Depends On:
  Show dependency treegraph
Reported: 2017-07-27 10:35 EDT by Tsai Li Ming
Modified: 2017-09-20 03:07 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-09-20 03:07:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tsai Li Ming 2017-07-27 10:35:37 EDT
Document URL: 

Section Number and Name: Assigning Red Hat CloudForms Account Roles Using LDAP Groups

Describe the issue: 
"LDAPuser1 attempts to log into Red Hat CloudForms, so Red Hat CloudForms queries the LDAP server to verify it knows LDAPuser1. The LDAP server then confirms that it knows LDAPuser1, and provides information about the LDAP groups LDAPuser1 belongs to: Group1. Red Hat CloudForms then looks up Group1 and discovers that Group1 has several roles: Role1, Role2 and Role3. Red Hat CloudForms then associates LDAPuser1 with Group1 in Red Hat CloudForms, and then allows the user to perform tasks allowable by those roles."

Suggestions for improvement: 
Is it correct to say that "Red Hat CloudForms then looks up Group1 and discovers that Group1 has several roles: Role1, Role2 and Role3." I believe there is 1-1 relationship between Group and Role? A group in CloudForms can only be associated with 1 role?
Comment 2 Andrew Dahms 2017-08-28 21:57:33 EDT
Assigning to Dayle for review.

Dayle - see the above for a query about authentication in CloudForms. You might already know the answer to this, otherwise it looks like we might need to provide some added clarification.
Comment 7 Dayle Parker 2017-09-17 20:42:55 EDT
Hi Suyog,

I've corrected the LDAP/groups/roles example in the General Configuration guide.

While I was editing, I also broke down the example into steps so it's more readable, and changed the {product-title} entity to {product-title_short} throughout the Authentication section for improved readability.

Please let me know if you spot anything needing fixing, or if you want a preview (I didn't create one as it's mostly line edits).


Many thanks,
Comment 9 Dayle Parker 2017-09-20 03:07:29 EDT
This update is now live in the 4.5 and 4.2 General Configuration guides in the " Authentication" section:



Note You need to log in before you can comment on or make changes to this bug.