AD user authentication failing while ordering a service from global region
Issue
- In global region, AD user is not able to order a service.
- We setup a global and a subordinate region to authenticate users from Active Directory, doing a group lookup from the exact same AD group. We can log on to both regions fine. From a subordinate region, using our AD account we can order an instance from a catalog fine.
From a global region we can order an instance from a catalog using a local account. However, if we log in to the global region using our AD account we cannot order. -
Error in global region evm.log:
[----] W, [2018-06-15T10:08:15.176321 #2189:3e8b61c] WARN -- : MIQ(MiqLdap#_search) LDAP Search unsuccessful, 'No Such Object', Code: [32], Host: [**ansible removed sensitive**.**ansible removed sensitive**] [----] W, [2018-06-15T10:08:15.176990 #2189:3e8b61c] WARN -- : MIQ(Authenticator::Ldap#**ansible removed sensitive**thorize) Authentication failed for userid cn=dfb670@**ansible removed sensitive**.**ansible removed sensitive**,ou=admins,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**, unable to find user object in LDAP [----] W, [2018-06-15T10:08:15.209399 #2189:3e8b61c] WARN -- : <AuditFailure> MIQ(Base.block in **ansible removed sensitive**thorize) userid: [cn=dfb670@**ansible removed sensitive**.**ansible removed sensitive**,ou=admins,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**] - Authentication failed for userid cn=dfb670@**ansible removed sensitive**.**ansible removed sensitive**,ou=admins,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**,dc=**ansible removed sensitive**, unable to find user object in LDAP
Environment
- Red Hat CloudForms 4.6
- Active Directory
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.