LDAP/AD authentication causes hang
I was able to add an identity source for AD to a new Satellite 6.1.1 install. However there are a couple of issues with the way this is working. First, if I do not check the box to create foreman accounts, I cannot log in with AD credentials. This should be clearer or maybe remove the check box entirely and make it the default. I know the LDAP link is working because it does add my account from AD when the box is checked.
Secondly, with the box checked, every new user that logs in causes the system to hang for 5-10 minutes. Tracing foreman on the Satellite server I see a lot of communication back and forth with our AD global catalog. I don't know why this is taking so long or why it makes the system unresponsive. Eventually I can log back in with the admin account and provide a role to the new user, but it does take time. There should be a way to just import the users directly as admin rather than waiting for users to login individually.
I'm not sure if there are any known issues with the LDAP components.
Responses
Hello Tim
Have you been following the procedures in the Red Hat Satellite 6.1 User Guide, Configuring External Authentication chapter? I am working on improving the part about using secure LDAP, so I would be interested to know which part of the guide needs improving.
Thank you
BTW, Using Active Directory Directly is the Red Hat recommend method to use if you are required to use AD.
I am sorry, I do not know such details. I am told you can have your Satellite machine joined to multiple AD domains. Please open a support case to get help with your specific needs.
Thank you
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.