ERF42-9972 » History » Version 1
Dominic Cleal, 08/23/2014 03:41 AM
dedicated service account
h2. Cannot create LDAP configuration for ... without dedicated service account
New functionality in Foreman 1.6 for LDAP group support requires a service account that is dedicated to Foreman and doesn't use $login. Using $login for authentication only will work, as Foreman holds a copy of the username and password at that time, but when an LDAP connection is required elsewhere (e.g. when an admin is creating an external user group), another account is required to access the LDAP server.
A service account with search and read privileges over user and group entries is sufficient. Change the credentials under _Administer > LDAP authentication_.