Enabling LDAP User Group Switching in Red Hat CloudForms Management Engine

As configured, Red Hat CloudForms Management Engine (CFME), automatically uses the first LDAP group that a user is a member of for authentication and access rights to CFME. If a CFME user is a member of multiple LDAP Groups, you may want to be able to change which group is being used to access CFME.

To do this:

• Set up CFME for LDAP authentication in the Settings / Configuration area for the server. See Settings and Operations Guide: 3.1.4.2.3. LDAP Settings. Be sure to check the "Get User Groups from LDAP" checkbox and provide proper credentials. See Settings and Operations Guide: 3.1.4.2.4. Role Settings
• In the Settings / Access Control / Groups area, you can create groups that match some LDAP groups by name or just add some of our default groups to the LDAP you are connecting to. See Settings and Operations Guide: 3.2.12. Using Pre-existing LDAP Groups to Assign Account Roles and Settings and Operations: 3.2.11. Account Role and Directory Service Group Names.
• With the Groups node selected in the tree, use the Configuration / Edit Sequence of User Groups for LDAP Look Up to prioritize which group a user will default to if LDAP returns multiple matching groups.
• Log in to the CFME Console with an LDAP user that is assigned to one or more of the matching groups.
• Change groups by clicking on the user pull down on the top right (where you can logout), there should be a drop down list of the groups the user is authorized for.