LDAP group to Team mapping

Latest response

I'm configuring this ansible tower server, and for the life of me, I can't see what's wrong with my config.
Bind is working, I can authenticate to the Active Directory domain. I am simply not being added to the team when I log in.
Here's my LDAP config:

LDAP_GROUP_TYPE is ActiveDirectoryGroupType

LDAP USER SEARCH
[
"OU=Regions,DC=DOMAIN,DC=org",
"SCOPE_SUBTREE",
"(sAMAccountName=%(user)s)"
]

LDAP GROUP SEARCH
[
"ou=groups,ou=enterprise,dc=DOMAIN,dc=org",
"SCOPE_SUBTREE",
"(objectClass=group)"
]

LDAP USER ATTRIBUTE MAP
{
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}

LDAP ORGANIZATION MAP
"ORGANIZATION": {
"admins": "cn=admins,ou=SUBGROUP,ou=groups,ou=Enterprise,dc=DOMAIN,dc=org",
"users": true
}
}

LDAP TEAM MAP
{
"Unix Administrators": {
"organization": "ORGANIZATION",
"users": "cn=linux_admins,ou=SUBGROUP,ou=groups,ou=enterprise,dc=DOMAIN,dc=org"
}
}

I've tried the other group types. I even set "users": true, which did add the user to the group.
I know the DN is correct, I use it for ssh user logins. As I said above, Bind is working. This all looks correct to me, but I don't know Tower.
Some help in getting some troubleshooting info out of Ansible Tower would also be helpful.

DB

Responses