Hi,
Just installed Foreman for Puppet. I would like to authenticate users by
Active Directory (WS 2012 R2).
This is my Foreman configuration:
Is it correct? User can read OU=ADM,OU=IT,dc=domain,dc=company,dc=com,
that includes this user and Group "foreman".
Then i created user and set him Viewer role:
But i can't login as user. Why?
Thanks.
At first glance everything looks correct, perhaps the tab 'Attribute
mappings' is not set properly.
What do you see on /var/log/foreman/production.log when you try to
login through the LDAP user?
–
Daniel Lobato Garcia
@dLobatog
blog.daniellobato.me
daniellobato.me
GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato
>> At first glance everything looks correct, perhaps the tab 'Attribute
mappings' is not set properly.
this tab is empty, i don't needed to map any Attributes. Or is it necessary?
>> What do you see on /var/log/foreman/production.log when you try to login
through the LDAP user?
2016-01-19T13:06:00 [app] [I] Started POST "/users/login" for
192.168.111.25 at 2016-01-19 13:06:00 +0100
2016-01-19T13:06:00 [app] [I] Processing by UsersController#login as HTML
2016-01-19T13:06:00 [app] [I] Parameters: {"utf8"=>"✓",
"authenticity_token"=>"blablablablablablablablablablablablablablabla",
"login"=>{"login"=>"user", "password"=>"[FILTERED]"}, "commit"=>"Anmeldung"}
2016-01-19T13:06:00 [app] [I] Redirected to
https://puppet.domain.company.com/users/login
2016-01-19T13:06:00 [app] [I] Completed 302 Found in 29.0ms (ActiveRecord:
4.1ms)
2016-01-19T13:06:00 [app] [I] Started GET "/users/login" for 192.168.111.25
at 2016-01-19 13:06:00 +0100
2016-01-19T13:06:00 [app] [I] Processing by UsersController#login as HTML
2016-01-19T13:06:00 [app] [I] Rendered users/login.html.erb within
layouts/login (2.1ms)
2016-01-19T13:06:00 [app] [I] Rendered layouts/base.html.erb (2.0ms)
2016-01-19T13:06:00 [app] [I] Completed 200 OK in 7.6ms (Views: 5.5ms |
ActiveRecord: 0.0ms)
looks like it doesn't ask AD. i tried with "user" and "domain\user" login
name.
I've got Login name attrib set to sAMAccountName
Firstname to givenName
Surname to sN
Email addr to mail
Regards,
Joop
>> I've got Login name attrib set to sAMAccountName
>> Firstname to givenName
>> Surname to sN
>> Email addr to mail
Thank you very much! it works now, after i added these Attributes!
>>do you have Automatically create accounts in Foreman checked?
no, i have no. because then all users can login, but i need only
specific users, that i add manually.
> > >> At first glance everything looks correct, perhaps the tab
> > 'Attribute mappings' is not set properly.
> >
> > this tab is empty, i don't needed to map any Attributes. Or is it
> > necessary?
> I've got Login name attrib set to sAMAccountName
> Firstname to givenName
> Surname to sN
> Email addr to mail
>
>
do you have Automatically create accounts in Foreman checked?
Regards,
Joop
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Use the other Tab to restrict the amount of users for example to a
ForemanUsers group.
Joop
