Bug 1475891 - [Authentication] Rename Get Roles from Home Forest
[Authentication] Rename Get Roles from Home Forest
Status: NEW
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS (Show other bugs)
Unspecified Unspecified
medium Severity medium
: GA
: cfme-future
Assigned To: Dan Clarizio
Matt Pusateri
Depends On:
  Show dependency treegraph
Reported: 2017-07-27 10:40 EDT by Tsai Li Ming
Modified: 2018-02-26 01:48 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tsai Li Ming 2017-07-27 10:40:41 EDT
Description of problem:
It is confusing when there are 2 similar options:
Get User Groups from LDAP ==> LDAP
Get Roles from Home Forest ==> This only applies to AD

What happens if the user checks both? 

Is this really "Get Roles from Home Forest" or "Get User Groups from Home Forest"?

Are both check boxes mutually exclusive? Can we improve the UI? 

Documentation is confusing too:
1. Check Get User Groups from LDAP to retrieve the user’s group membership from LDAP. This is used for mapping a user’s authorization to a Red Hat CloudForms role. This requires group names on the LDAP server to match Red Hat CloudForms group names.

2. Check Get Roles from Home Forest to use the LDAP roles from the LDAP user’s home forest. This will allow you to discover groups on your LDAP server and create Red Hat CloudForms groups based on your LDAP server’s group names. Any user logging in will be assigned to that group. This option is only displayed when Get User Groups from LDAP is checked.

Version-Release number of selected component (if applicable):
CF 4.5
Comment 4 Matt Pusateri 2017-09-06 10:15:20 EDT
Actually, CFME, uses the term "Forest" to mean another LDAP domain, regardless of LDAP provider and it's not specific to AD. Or at least that is what Development has told me.  I want to open a bug to reword the use of the term "Forest"  Also in this check box seems to have disappeared, which I may be writing a bug on as soon as I debug it more.
Comment 5 Joe Vlcek 2017-11-15 10:05:18 EST
The term "Forest", although a bit misleading to AD purists, was likely chosen initially due to the similarity to the functionality.

Because MiqLdap (mode: LDAPs) is being deprecated the auth team does not see a lot of value from updating the long standing wording used by the UI.

Note You need to log in before you can comment on or make changes to this bug.