ManageIQ Active Directory Integration


#1

Hi there,

I have installed ManageIQ and integrated it to our Active Directory Environment.
When recreate the AD user in ManageIQ and add all needed Groups to ManageIQ a Login with AD credentials is possible. When I try to logon with an AD User who resides in the correct Active Directory Group a Login ist not possible. The error message ist “login not allowed, User’s User is missing. Please contact the administrator”

Is there a way to configure the System so that a user is created automatically if he resides in the correct Active Directory Group ?
In the past there was a good PDF documentation on the web. Can someone Point me to link as I am only able to find a web documentation.

Thanks for your help !

Bernd


#2

For me all the if the user exists in the AD group then they will be created during there first login. What version of AD are you currently running? This was the setup that worked for me on 2012

Use LDAPS
The under LDAP Settings
your ldap host names or if you use a generic Load Balancer then point to the LB hostname
Port 636
User Type SAM Account Name
Domain Prefix
domain name only i.e is example.com put in example
User Suffix
domain name full i.e example.com

Role Settings
Get User Groups from LDAP tick
Get Roles from Home Forest tick
Follow Referrals is dependent on your AD setup

Base DN
example.com would be dc=example,dc=com
Bind DN
A user that has access to check the domain for users, I would recommend creating a service account for this so the password doesnt expire if you create an account called manageiq then the username would just be manageiq

Bind Password the password to the manageiq account

Trusted Forest only applicable is using a forest.

validate to make sure its green.

Then under access control -> Groups Add new Group
tick the lookup LDAP groups
then add user to lookup

for instance
auser
then in username put in the manageiq account or your own account and the relevant password when it finds then pick the group they belong to that makes the most sense to you for them and there department.

This is also a good time to start to think about Tags.


#3

Hi, I think this answer was helpfull. I will test that next week

THANKS !!

Bernd