As a security engineer, I would like to retrieve ldap groups and use that to select roles in foreman
#3 Updated by Bryan Kearney almost 8 years ago
At the end of this story, and the end of Jan's work, I would expect the following scenarios to work
1) Authz and Authn are done by the foreman login screen. Passwwords are validated by an LDAP bind, and the roles are selected based on the groups returned from LDAP.
2) Authz and Authn are done by the apache plugin. Group names from the plugin are used to select the correct roles.
In order to support both use cases, it is acceptable for the Foreman user to have to map the intenral roles to group names.