Getting "Invalid username and/or password" login error message when trying to integrate Ansible Tower and IdM authentication

Solution Verified - Updated -

Issue

  • After integrate IdM with Ansible Tower in the Web GUI through the Settings > Authentication > LDAP > LDAP SERVER > Default configuration, setting the GroupOfNamesType in LDAP GROUP TYPE option, defining a newly created IdM group like cn=tower_users,cn=groups,cn=accounts,dc=example,dc=com in LDAP USER SEARCH option and trying to login with a valid IdM user, the user is unable to login and the following login error message is shown in the Ansible Tower's login web page:

    Invalid username and/or password. Please try again.

  • The /var/log/tower/tower.log log file shows no detailed information about the failing login attempt:

    # tailf /var/log/tower/tower.log
[...]
2019-10-24 22:42:30,625 WARNING  awx.api.generics Login failed for user idm_user from 192.168.0.10

  • Running the ldapsearch command from the Ansible Tower server against the IdM server domain gets the Invalid credentials error message, even with a valid IdM user:

    # ldapsearch -x -H ldap://idm.example.com:389 -D "uid=idm_user,cn=tower_users,cn=groups,cn=accounts,dc=example,dc=com" -b "dc=example,dc=com" -w user_password

ldap_bind: Invalid credentials (49)

  • How to determine what is the main cause of the login issue?

Environment

  • Red Hat Ansible Tower
    • 3.5
  • Red Hat Identity Management (IdM)
    • 4.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content