Multi-LDAP Authentication Sources


#1

We have an established MIQ environment in let’s call it the LDAP Domain A with many different regions and workflows that map to LDAP groups. We acquired a company that has their own LDAP we will call Domain B. We want to extend the ability for some users in Domain B to be able to run reports, execute automated provisioning workflows etc on the MIQ environment that is in Domain A. We have full network connectivity between the environments and a 2-way trust between the domains if that is needed. We haven’t be able to figure out how to authenticate a user from Domain B. If we setup a new set of UI workers with the authentication set for Domain B would that allow the users in Domain B to authenticate and successfully run reports and execute automated provisioning workflows? If not what other options do we have outside of a parallel MIQ infrastructure for Domain B?


#2

Update: We spun up another UI this morning and configured it with the LDAP settings for Domain B with a group name in that domain that matched to what we used for a workflow in Domain A. First test was successful with a Domain B user successfully authenticating and provisioning an automate workflow. We are doing some additional validation now to make sure everything else is as we expect it to be. This appears to be the way to support this scenario but open to any other thoughts.