Red Hat Training

A Red Hat training course is available for Red Hat Satellite

Chapter 16. Users and Roles

A User defines a set of details for individuals using the system. Users can be associated with organizations and environments, so that when they create new entities, the default settings are automatically used. Users can also have one or more roles attached, which grants them rights to view and manage organizations and environments. See Section 16.2, “Creating and Managing Users” for more information on working with users.
Roles define a set of permissions and access levels. Each role contains one on more permission filters that specify the actions allowed for the role. Actions are grouped according to the Resource type. Once a role has been created, users and user groups can be associated with that role. This way, you can assign the same set of permissions to large groups of users. Red Hat Satellite provides a set of predefined roles and also enables creating custom roles and permission filters as described in Section 16.3, “Creating and Managing Roles”.

16.1. Configuring LDAP Authentication for Red Hat Satellite

Red Hat Satellite includes the option to use a Lightweight Directory Access Protocol (LDAP) service for user information and authentication, using one or more LDAP directories. The following procedure shows how to configuring LDAP authentication.

Procedure 16.1. To Configure LDAP Authentication:

  1. Navigate to AdministerLDAP Authentication.
  2. Click New authentication source.
  3. On the LDAP Server tab, enter the LDAP server's name, hostname, port, and server type. The default port is 389. Select the LDAPS check box enable encryption.
  4. On the Account tab, enter the following information:
    • Account username: an LDAP user who has read access to the LDAP server. User name is not required if the server allows anonymous reading, otherwise use the full path to the user's object. For example: 
      uid=$login,cn=users,cn=accounts,dc=example,dc=com
    • Account password: the LDAP password for the user defined in the Account username field. This field can remain blank if the Account username is using the "$login" variable.
    • Base DN: the top level domain name of your LDAP directory. For example: 
      cn=users,cn=accounts,dc=redhat,dc=com
    • Groups base DN: the top level domain name of your LDAP directory tree that contains groups.
    • LDAP filter: a filter to restrict your LDAP queries.
    • Automatically create accounts in Foreman: creates Satellite accounts automatically for LDAP users who log in for the first time in Satellite.
  5. On the Attribute mappings tab, map LDAP attributes to Satellite attributes. You can map Login name, First name, Surname, Email address, and Photo attributes.
  6. Click Submit.
Report a bug