Getting "Invalid username and/or password" login error message when trying to integrate Ansible Tower and IdM authentication
Issue
-
After integrate IdM with Ansible Tower in the Web GUI through the
Settings > Authentication > LDAP > LDAP SERVER > Default
configuration, setting theGroupOfNamesType
inLDAP GROUP TYPE
option, defining a newly created IdM group likecn=tower_users,cn=groups,cn=accounts,dc=example,dc=com
inLDAP USER SEARCH
option and trying to login with a valid IdM user, the user is unable to login and the following login error message is shown in the Ansible Tower's login web page:Invalid username and/or password. Please try again.
-
The
/var/log/tower/tower.log
log file shows no detailed information about the failing login attempt:# tailf /var/log/tower/tower.log [...] 2019-10-24 22:42:30,625 WARNING awx.api.generics Login failed for user idm_user from 192.168.0.10
-
Running the
ldapsearch
command from the Ansible Tower server against the IdM server domain gets theInvalid credentials
error message, even with a valid IdM user:# ldapsearch -x -H ldap://idm.example.com:389 -D "uid=idm_user,cn=tower_users,cn=groups,cn=accounts,dc=example,dc=com" -b "dc=example,dc=com" -w user_password ldap_bind: Invalid credentials (49)
-
How to determine what is the main cause of the login issue?
Environment
- Red Hat Ansible Tower
- 3.5
- Red Hat Identity Management (IdM)
- 4.6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.