3.3. Configuring LDAP Authentication for Red Hat Satellite

Red Hat Satellite includes the option to use a Lightweight Directory Access Protocol (LDAP) service for user information and authentication, using one or more LDAP directories.

Procedure 3.5. To Configure LDAP Authentication:

  1. Log in as the Satellite administrator.
  2. Click AdministerLDAP Authentication on the upper right of the page.
  3. Click New LDAP source on the upper right of the page.
  4. Fill in the information in the following tabs:
    1. LDAP Server Tab. For the LDAP server tab, enter the following information:
      • Name - LDAP server's name.
      • Server - the LDAP server's hostname.
      • Port - the LDAP port. This defaults to port 389.
      • TLS - Enables Transport Layer Security. Tick the check box to enable encryption.
    2. Account Tab. For the Account Tab, enter the following information:
      • Account Username - an LDAP user who has read access to the LDAP server. This field cannot remain blank. Use the full path to the user's object. For example:
        uid=$login,cn=users,cn=accounts,dc=example,dc=com
        
      • Account password - the LDAP password for the user defined in the Account username field. This field can remain blank if the Account username is using the "$login" variable.
      • Base DN - the top level domain name of your LDAP directory. For example:
        cn=users,cn=accounts,dc=redhat,dc=com
        
      • LDAP filter
      • Automatically create accounts in Foreman - creates Satellite accounts automatically for LDAP users who log in for the first time in Satellite. Tick the check box to enable this feature.
    3. Attribute mappings tab. LDAP attributes such as login, name, and email addresses, need to be mapped to Satellite attributes for LDAP to work on Satellite. The following attributes can be mapped to Satellite:
      • Login name attribute
      • First Name attribute
      • Surname attribute
      • Email address attribute
      • Photo attribute
  5. Click Submit.
Result:

LDAP authentication is now configured on the Satellite.