Getting "Invalid username and/or password" login error message when trying to integrate Ansible Tower and IdM authentication

Solution Verified - Updated -

Issue

  • After integrate IdM with Ansible Tower in the Web GUI through the Settings > Authentication > LDAP > LDAP SERVER > Default configuration, setting the GroupOfNamesType in LDAP GROUP TYPE option, defining a newly created IdM group like cn=tower_users,cn=groups,cn=accounts,dc=example,dc=com in LDAP USER SEARCH option and trying to login with a valid IdM user, the user is unable to login and the following login error message is shown in the Ansible Tower's login web page:

    Invalid username and/or password. Please try again.
    
  • The /var/log/tower/tower.log log file shows no detailed information about the failing login attempt:

    # tailf /var/log/tower/tower.log
    [...]
    2019-10-24 22:42:30,625 WARNING  awx.api.generics Login failed for user idm_user from 192.168.0.10
    
  • Running the ldapsearch command from the Ansible Tower server against the IdM server domain gets the Invalid credentials error message, even with a valid IdM user:

    # ldapsearch -x -H ldap://idm.example.com:389 -D "uid=idm_user,cn=tower_users,cn=groups,cn=accounts,dc=example,dc=com" -b "dc=example,dc=com" -w user_password
    
    ldap_bind: Invalid credentials (49)
    
  • How to determine what is the main cause of the login issue?

Environment

  • Red Hat Ansible Tower
    • 3.5
  • Red Hat Identity Management (IdM)
    • 4.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In