Project

General

Profile

ERF42-9972 » History » Version 1

Dominic Cleal, 08/23/2014 03:41 AM
dedicated service account

1 1 Dominic Cleal
h1. ERF42-9972
2 1 Dominic Cleal
3 1 Dominic Cleal
h2. Cannot create LDAP configuration for ... without dedicated service account
4 1 Dominic Cleal
5 1 Dominic Cleal
New functionality in Foreman 1.6 for LDAP group support requires a service account that is dedicated to Foreman and doesn't use $login.  Using $login for authentication only will work, as Foreman holds a copy of the username and password at that time, but when an LDAP connection is required elsewhere (e.g. when an admin is creating an external user group), another account is required to access the LDAP server.
6 1 Dominic Cleal
7 1 Dominic Cleal
A service account with search and read privileges over user and group entries is sufficient.  Change the credentials under _Administer > LDAP authentication_.