I'm using foreman with ldap authentication and authorization with AD
groups. On the 'User groups' page I have two AD groups, both populated by
the correct users. Each group has a specific role assigned to it. So far so
good.
However, when a user logs in, a user which according to the 'User groups'
page belongs to one of the AD groups, that user does not get the role that
is assigned to the user group (the user gets no roles at all).
Am I missing something with this setup? I have tried to delete the user and
let it get auto-created again, but no difference.
This is on 1.7.1.
Regards,
Adam
so, is nobody using external ldap groups for authentication/authorization
or is it just that noone else has this problem?
···
On Mon, Jan 26, 2015 at 8:12 AM, AdamW wrote:
I’m using foreman with ldap authentication and authorization with AD
groups. On the ‘User groups’ page I have two AD groups, both populated by
the correct users. Each group has a specific role assigned to it. So far so
good.
However, when a user logs in, a user which according to the 'User groups’
page belongs to one of the AD groups, that user does not get the role that
is assigned to the user group (the user gets no roles at all).
Am I missing something with this setup? I have tried to delete the user
and let it get auto-created again, but no difference.
This is on 1.7.1.
Regards,
Adam
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Hi Adam,
i've never used LDAP auth with foreman, but if something goes wrong you
should have log in /var/log/foreman/production.log. Did you see anything in
the log file ?
···
2015-01-27 14:33 GMT+01:00 Adam Winberg :
so, is nobody using external ldap groups for authentication/authorization
or is it just that noone else has this problem?
On Mon, Jan 26, 2015 at 8:12 AM, AdamW adam.winberg@gmail.com wrote:
I’m using foreman with ldap authentication and authorization with AD
groups. On the ‘User groups’ page I have two AD groups, both populated by
the correct users. Each group has a specific role assigned to it. So far so
good.
However, when a user logs in, a user which according to the 'User groups’
page belongs to one of the AD groups, that user does not get the role that
is assigned to the user group (the user gets no roles at all).
Am I missing something with this setup? I have tried to delete the user
and let it get auto-created again, but no difference.
This is on 1.7.1.
Regards,
Adam
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
That explains a lot, I have external ldap users configured from FreeIPA
and notices I had the roles for each user manually, even though I had
specified the roles of the group.
As we currenly have limited users to acces foreman, I didn't spend
further time on it.
Still using foreman 1.6 though as it is tied to katello 2.0.
Regards,
Jorick
···
On 01/27/2015 02:33 PM, Adam Winberg wrote:
> so, is nobody using external ldap groups for
> authentication/authorization or is it just that noone else has this
> problem?
>
>
>
> On Mon, Jan 26, 2015 at 8:12 AM, AdamW > wrote:
>
> I'm using foreman with ldap authentication and authorization with
> AD groups. On the 'User groups' page I have two AD groups, both
> populated by the correct users. Each group has a specific role
> assigned to it. So far so good.
>
> However, when a user logs in, a user which according to the 'User
> groups' page belongs to one of the AD groups, that user does not
> get the role that is assigned to the user group (the user gets no
> roles at all).
>
> Am I missing something with this setup? I have tried to delete the
> user and let it get auto-created again, but no difference.
>
> This is on 1.7.1.
>
> Regards,
> Adam
> --
> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to foreman-users+unsubscribe@googlegroups.com
> .
> To post to this group, send email to
> foreman-users@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to foreman-users+unsubscribe@googlegroups.com
> .
> To post to this group, send email to foreman-users@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
Met vriendelijke groet, With kind regards,
Jorick Astrego
Netbulae Virtualization Experts
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180
Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
production.log does not say a whole lot. There is no mentioning of any
groups or roles and no errors, except when the user tries to access content
which is not available since he does not get the role associated with his
group.
···
On Tue, Jan 27, 2015 at 2:49 PM, Jorick Astrego wrote:
That explains a lot, I have external ldap users configured from FreeIPA
and notices I had the roles for each user manually, even though I had
specified the roles of the group.
As we currenly have limited users to acces foreman, I didn’t spend further
time on it.
Still using foreman 1.6 though as it is tied to katello 2.0.
Regards,
Jorick
On 01/27/2015 02:33 PM, Adam Winberg wrote:
so, is nobody using external ldap groups for authentication/authorization
or is it just that noone else has this problem?
On Mon, Jan 26, 2015 at 8:12 AM, AdamW adam.winberg@gmail.com wrote:
I’m using foreman with ldap authentication and authorization with AD
groups. On the ‘User groups’ page I have two AD groups, both populated by
the correct users. Each group has a specific role assigned to it. So far so
good.
However, when a user logs in, a user which according to the 'User groups’
page belongs to one of the AD groups, that user does not get the role that
is assigned to the user group (the user gets no roles at all).
Am I missing something with this setup? I have tried to delete the user
and let it get auto-created again, but no difference.
This is on 1.7.1.
Regards,
Adam
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Met vriendelijke groet, With kind regards,
Jorick Astrego
*Netbulae Virtualization Experts *
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax:
053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
When the user logs in and gets autocreated to user group which he belongs
to in foreman is updated also so his usernamn shows up in the "User groups"
page, but he does not get the role associated with the group.
···
On Wed, Jan 28, 2015 at 10:05 AM, Adam Winberg wrote:
production.log does not say a whole lot. There is no mentioning of any
groups or roles and no errors, except when the user tries to access content
which is not available since he does not get the role associated with his
group.
On Tue, Jan 27, 2015 at 2:49 PM, Jorick Astrego j.astrego@netbulae.eu > wrote:
That explains a lot, I have external ldap users configured from FreeIPA
and notices I had the roles for each user manually, even though I had
specified the roles of the group.
As we currenly have limited users to acces foreman, I didn’t spend
further time on it.
Still using foreman 1.6 though as it is tied to katello 2.0.
Regards,
Jorick
On 01/27/2015 02:33 PM, Adam Winberg wrote:
so, is nobody using external ldap groups for authentication/authorization
or is it just that noone else has this problem?
On Mon, Jan 26, 2015 at 8:12 AM, AdamW adam.winberg@gmail.com wrote:
I’m using foreman with ldap authentication and authorization with AD
groups. On the ‘User groups’ page I have two AD groups, both populated by
the correct users. Each group has a specific role assigned to it. So far so
good.
However, when a user logs in, a user which according to the ‘User
groups’ page belongs to one of the AD groups, that user does not get the
role that is assigned to the user group (the user gets no roles at all).
Am I missing something with this setup? I have tried to delete the user
and let it get auto-created again, but no difference.
This is on 1.7.1.
Regards,
Adam
You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Met vriendelijke groet, With kind regards,
Jorick Astrego
*Netbulae Virtualization Experts *
Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax:
053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
