How to configure External user groups on Satellite so first time they are logged in gets added to an organisation and given a role?

Solution Verified - Updated

Environment

  • satellite-6.2.2
  • Active Directory

Issue

  • Is it possible to link an LDAP group to a User Group on Satellite 6 ? The authentication is working successfully but need to add users manually in User Group, its not possible to set mappings of LDAP group with Satellite user group.

Resolution

Important : Before following the procedure below, its important to make sure AD users are able to login to Satellite via the GUI.

To configure the association, create or edit a user group via Administer > User groups. The group name may be any value (no direct relation to the LDAP group).

alt text

Do not select any users as they will be added automatically when refreshing the external user group.

Under the Roles tab, select roles granting permissions to Foreman, or tick the Admin checkbox to enable administrator level access.

alt text

On the External groups tab, click the Add external user group button to open a new form. In the Name field, enter the exact name of the LDAP group (usually the common name/CN) and select the server from the dropdown list of LDAP authentication sources. Click the Submit button to save changes. In this instance I have created a AD group called "sat6" and added users in to it.

alt text

If this fails , that suggests Satellite is not able to see the AD group you specified.

After configuring the above make sure "Usergroup sync" option is selected under ** Administer -> LDAP Authentication -> Account**

alt text

This setting will make sure external user groups will be synced on login, else relies on periodic cronjob to check group membership.

Important : Make sure AD user who are trying to login to satellite via GUI has email addresses assigned in Active Directory. Otherwise mapping would not work as expected.

Now try to login as the AD users to Satellite GUI.

For more KB articles/solutions related to Red Hat Satellite 6.x Authentication Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Authentication Issues

SBR
Product(s)
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.