Description of problem: LDAP group retrieval is failing without any exception after configuring IBM directory server as LDAP Version-Release number of selected component (if applicable): Cloudforms 4.6 How reproducible: Always at customer's environment Steps to Reproduce: 1.LDAP authentication in Settings > Authentication is tested to work fine, Validate button says LDAP Settings validation was successful. 2.Issue is in Access Control > Groups > Add a new Group., when you do an LDAP Group lookup, enter a user to lookup, then a system account username and password. When you hit retrieve, nothing comes back. No group selection options, no error messages, nothing. If you hit save and then go back into the group, it's empty as if it was a generic internal group without LDAP Actual results: LDAP Group retrieval is failing. Expected results: Group retrieval should be successful. Additional info:
From the provided logs and ldapsearch output it appears that the memberOf overly, which is required for authentication "mode: LDAP", is not setup on the LDAP server. If the memberof overlay can not be configured converting to external authentication would be a possible avenue to explore. As stated in comment 3 doing this did not work: > http://manageiq.org/docs/reference/latest/auth/ldap Response: As previously tried, this does not work this is the same link as before. Perhaps it would be good to explore why this did not work. In summary there are 2 options to pursue: 1. Configure the memberof overlay. To prove it is correctly configured the ldapsearch command should return lines that being with "memberOf:" If ldapsearh output is passed through " | grep -i memberof" you should see results.: ldapsearch -x -H ldap://<LDAP server>:389 -LLL -b "<your base dn>" -s sub -D "<your bind dn>" -w <your pw> | grep -i memberof 2. Convert to external auth following these instructions: http://manageiq.org/docs/reference/latest/auth/ldap and diagnose why it did not work, as reported: https://bugzilla.redhat.com/show_bug.cgi?id=1575831#c3 I'd be glad to get on a video conf. call with the customer to help resolve this, if that can be arranged.
Thanks Joe for the update. I have updated the same with the customer and looking for their response and If required, will arrange the remote session for further troubleshooting purpose. Regards, Neha Chugh