Configure Satellite 6 for new LDAP user inherit Location and Organization preferences from Administer / Roles

Solution Unverified - Updated

Environment

  • Red Hat Satellite 6.x
  • External ldap authentication service

Issue

Satellite allow users to authenticate from external source like ldap one.
When doing it, it is possible to map an external ldap user group to an internal Satellite Role. This allow to give automatically from ldap profile the correct rights to the user.

This is working well when having only one organisation or having one external authentication source per organisation. Additional information about this specific configuration can be found in this solution.

Having a single external authentication source for several organisation is actually not working as expected. This situation implies to associate the authentication source to the organisation Any organisation. This is the only way to address several organisations with this authentication source.

On top of that a Satellite role must be associated on some external ldap user group to allow filtering right users to right role and rights on the Satellite. This association is actually working well, in fine, the user do have only the rights rights on the satellite. The issue here is that the user is associated to the any organisation and is not part of its organisation. It implies, if the user is not administrator, he cannot enter in its organisation. A Satellite administrator needs to change the organisation of the user to the right one after its first connexion on the Satellite.

Resolution

For now the only way to resolve the new external user issue is to change its organisation only once first connexion has been performed (the account needs to be known from Satellite).

This issue is being tracked by a Request For Enhancement "RFE" in the Bugzilla ticket This content is not included.#1662337 . For further information, please reach out to your Red Hat support representative.

For more KB articles/solutions related to Red Hat Satellite 6.x Authentication Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Authentication Issues

Root Cause

This is related to the organisation affectation to the user when having an authentication source affected to Any Organisation.

Diagnostic Steps

  • Having a single authentication source affected to Any Organisation
  • Create a role who gives rights on one specific organisation to an ldap group
  • Connect with an external user and to enter into its organisation
SBR
Product(s)
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.