8.4. Configuring External User Groups
- If using an LDAP source, make sure the LDAP authentication is correctly configured. Navigate to Section 8.1, “Using LDAP”. Take note of the LDAP group names you want to use.→ to view and modify the existing sources. For instructions on how to create an LDAP source, see
NoteIf you are using external user groups from an LDAP source, you cannot use the
$loginvariable as a substitute for the account user name. You need to use either an anonymous or dedicated service user.
- If your Satellite is enrolled with the IdM or AD server as described in Chapter 8, Configuring External Authentication, take note of the external group names you want to use. To find the group membership of external users, execute the
idcommand on Satellite:
# id usernameHere, username is the name of the external group member. Note that Satellite allows you to configure external groups only after at least one external user authenticates for the first time. Also, at least one user must exist in the external authentication source.
Procedure 8.6. To Configure an External User Group:
- Navigate to→ . Click .
- On the User group tab, specify the name of the new user group. Do not select any users as they will be added automatically when refreshing the external user group.
- On the Roles tab, select the roles you want to assign to the user group. Alternatively, select the Administrator check box to assign all available permissions.
- On the External groups tab, click and select an authentication source from the Auth source drop-down menu.Specify the exact name of the LDAP or external group in the Name field.
foreman-rake ldap:refresh_usergroupsor by refreshing the external user groups through the web UI.