Feature #15900
openmore external authentication features with sssd, without IdM/IPA
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1198103
Description of problem:
The Satellite 6.0 release added the option to use --foreman-ipa-authentication=true to enable external authentication via Apache modules, currently only documented at http://theforeman.org/manuals/1.6/index.html#5.7ExternalAuthentication.
Recently, additional setups were requested: direct AD integration using sssd but without cross-realm trust, or using sssd with ldap providers to allow for LDAP failover that sssd supports. In those cases, the assumption of the --foreman-ipa-authentication=true approach are not met -- the /etc/ipa/default.conf does not exist, for example.
It is possible to fake the system being IPA-enrolled for the installer to pass but it is cumbersome.
It'd be useful to have additional external authentication setups (especially with sssd) supported.
Version-Release number of selected component (if applicable):
6.0.x.
How reproducible:
Deterministic.
Steps to Reproduce:
1. Use realm join to join the Satellite machine directly to AD.
2. Or manually configure sssd to use LDAP server.
3. Try to run katello-installer to have Satellite 6 configured to use this external authentication.
Actual results:
It fails.
Expected results:
It is possible.
Additional info:
And documented.
Updated by Dominic Cleal over 7 years ago
- Project changed from Foreman to Installer
- Category set to Foreman modules