Red Hat Bugzilla – Bug 1475891
[Authentication] Rename Get Roles from Home Forest
Last modified: 2018-02-26 01:48:20 EST
Description of problem:
It is confusing when there are 2 similar options:
Get User Groups from LDAP ==> LDAP
Get Roles from Home Forest ==> This only applies to AD
What happens if the user checks both?
Is this really "Get Roles from Home Forest" or "Get User Groups from Home Forest"?
Are both check boxes mutually exclusive? Can we improve the UI?
Documentation is confusing too:
1. Check Get User Groups from LDAP to retrieve the user’s group membership from LDAP. This is used for mapping a user’s authorization to a Red Hat CloudForms role. This requires group names on the LDAP server to match Red Hat CloudForms group names.
2. Check Get Roles from Home Forest to use the LDAP roles from the LDAP user’s home forest. This will allow you to discover groups on your LDAP server and create Red Hat CloudForms groups based on your LDAP server’s group names. Any user logging in will be assigned to that group. This option is only displayed when Get User Groups from LDAP is checked.
Version-Release number of selected component (if applicable):
Actually, CFME, uses the term "Forest" to mean another LDAP domain, regardless of LDAP provider and it's not specific to AD. Or at least that is what Development has told me. I want to open a bug to reword the use of the term "Forest" Also in 18.104.22.168 this check box seems to have disappeared, which I may be writing a bug on as soon as I debug it more.
The term "Forest", although a bit misleading to AD purists, was likely chosen initially due to the similarity to the functionality.
Because MiqLdap (mode: LDAPs) is being deprecated the auth team does not see a lot of value from updating the long standing wording used by the UI.