Bug 860044 - 3.4. Configuring LDAP: need to first login as admin in database mode and create LDAP admin user
3.4. Configuring LDAP: need to first login as admin in database mode and crea...
Product: CloudForms Common
Classification: Red Hat
Component: Docs Installation Guide (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: beta6
: ---
Assigned To: Dan Macpherson
Depends On:
  Show dependency treegraph
Reported: 2012-09-24 14:06 EDT by Aaron Weitekamp
Modified: 2012-12-10 16:49 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Instance Name: Not Defined Build: CSProcessor Builder Version 1.6 Build Filter: null Build Name: Build Date: 15-09-2012 05:19:27
Last Closed: 2012-12-10 16:49:32 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Aaron Weitekamp 2012-09-24 14:06:07 EDT
Description of problem:
In 3.4. Configuring LDAP: there's no mention of the convoluted steps needed to establish an LDAP admin. An LDAP admin must be established while in database (local) mode before switching to LDAP mode. Otherwise LDAP users have no permissions and product cannot be used.

Additional LDAP configuration steps:
1. Configure aeolus for local database users
2. Login as admin
3. Do one or both of the following:
 - 3a. Create a user whose username matches an LDAP user and add global admin permissions
 - 3b. Create a user group whose username matches an LDAP group and add global admin permissions
4. Update /etc/aeolus-conductor/settings.yml to put in 'ldap' mode
5. Restart `aeolus-services restart`
6. login as LDAP user

Version-Release number of selected component (if applicable):
CFCE v1.1
Comment 2 Aaron Weitekamp 2012-10-17 16:57:59 EDT
The "warning" box in install guide [1] section 3.4 doesn't quite capture the full issue: the admin username created must match an LDAP user. Otherwise the admin user will not authenticate. So the use case is this:
1. create user 'aweiteka'
2. grant 'aweiteka' global admin permissions
3. point to corporate LDAP server
4. restart services
5. login as aweiteka with kerberos password.

[1] Viewed Oct. 17: http://file.bne.redhat.com/~achan/CloudForms_InstallationGuide/#Configuring_LDAP_for_CloudForms_Cloud_Engine
Comment 3 Aaron Weitekamp 2012-10-17 17:02:24 EDT
Comment #2 applies to CFSE section 2.6 as well.
Comment 6 Lana Brindley 2012-11-18 21:38:06 EST
This documentation has now been dropped to translation ahead of publication. For any further issues, please open a new a bug.

Comment 7 Lana Brindley 2012-12-10 16:49:32 EST
This document is now publicly available on access.redhat.com. For any further issues, please raise a new bug.


Note You need to log in before you can comment on or make changes to this bug.