Red Hat Bugzilla – Bug 860044
3.4. Configuring LDAP: need to first login as admin in database mode and create LDAP admin user
Last modified: 2012-12-10 16:49:32 EST
Description of problem:
In 3.4. Configuring LDAP: there's no mention of the convoluted steps needed to establish an LDAP admin. An LDAP admin must be established while in database (local) mode before switching to LDAP mode. Otherwise LDAP users have no permissions and product cannot be used.
Additional LDAP configuration steps:
1. Configure aeolus for local database users
2. Login as admin
3. Do one or both of the following:
- 3a. Create a user whose username matches an LDAP user and add global admin permissions
- 3b. Create a user group whose username matches an LDAP group and add global admin permissions
4. Update /etc/aeolus-conductor/settings.yml to put in 'ldap' mode
5. Restart `aeolus-services restart`
6. login as LDAP user
Version-Release number of selected component (if applicable):
The "warning" box in install guide  section 3.4 doesn't quite capture the full issue: the admin username created must match an LDAP user. Otherwise the admin user will not authenticate. So the use case is this:
1. create user 'aweiteka'
2. grant 'aweiteka' global admin permissions
3. point to corporate LDAP server
4. restart services
5. login as aweiteka with kerberos password.
 Viewed Oct. 17: http://file.bne.redhat.com/~achan/CloudForms_InstallationGuide/#Configuring_LDAP_for_CloudForms_Cloud_Engine
Comment #2 applies to CFSE section 2.6 as well.
This documentation has now been dropped to translation ahead of publication. For any further issues, please open a new a bug.
This document is now publicly available on access.redhat.com. For any further issues, please raise a new bug.