Foreman LDAP user "live-lookup"

I know from the Foreman docs that LDAP supports “on the fly” user creation. So users have their account created when they login for the first time into the Foreman portal. This means that it’s not possible to select the owner of a server before he or she has logged in atleast once.

I wonder if Foreman also supports “live lookup” on LDAP, meaning as I type the name of a user, Foreman would compare the string to the list of users accessible via the LDAP connection. That way I could assign hosts to users that have not logged in to Foreman Web. We manage some 200-300 servers and it would be challenging to get all server owners to log into Foreman (no joke).

There is a checkbox to enable the on-the-fly user creation but it is not related to what I’m looking for.

image.png799×57 4.08 KB

In the docs Foreman :: Manual it doesn’t say what I want is not possible but it also doesn’t state that it is. Can anyone enlighten me?

Not 100% sure but afaik there is no way to do that. The owner of a host has to be a Foreman user, and from what I understand the LDAP integration actually only creates an internal user upon login with a “check the password externally” flag.
If you really need to have everyone in your organization as potential server owner (because they should log into Foreman and do stuff), you could consider automating that from an LDAP query using Foreman’s API. From what I understand, the " user[auth_source_id]" parameter should be usable to set a user up as an LDAP user.
If you are just looking to store that information somewhere: We ended up setting up a host parameter that stores that info. Probably not the best way to do it, but it works.

Regards

Thanks for your post!

I don’t entirely understand your suggestion with the Foreman API, though. Do you suggest creating accounts for all LDAP user by writing a custom script? I could utilize the POST method for users.

Hi,

yes that was indeed my suggestion. I know, not the nicest workaround, but I guess it would at least work.