Show Table of Contents
3.5.2. Using LDAP Authentication
3.5.2.1. About LDAP Users in Subscription Asset Manager
When LDAP authentication is enabled, it is a form of pass-through authentication. The Subscription Asset Manager server receives the username and password and forwards that to the configured LDAP server. The Subscription Asset Manager server never stores or processes the user information; it depends on the response from the LDAP server to determine whether to allow the user to log in.
Figure 3.2. User Authentication with LDAP
LDAP authentication allows the security measures in the LDAP server such as password complexity and account deactivation to be applied to Subscription Asset Manager users. This means that corporate standards can be consistently and transparently applied to Subscription Asset Manager users.
There are some caveats when using an LDAP directory for Subscription Asset Manager authentication:
- Only Subscription Asset Manager database authentication or LDAP authentication can be used, not both.
- All users must already exist in the LDAP directory for them to be able to access Subscription Asset Manager. Subscription Asset Manager pulls information from LDAP. It cannot create an LDAP user.If no corresponding LDAP user account exists, then attempting to log into Subscription Asset Manager fails with this error:
User must exist in ldap before defining here
- A corresponding Subscription Asset Manager user account is created whenever an LDAP user first authenticates to Subscription Asset Manager.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.