Retrieving users from LDAP without them logging in


#1

Is there a way to retrieve the list of users from LDAP without them logging in?

The use case is where a university has classes with new students each semester and they need to be manually tagged in CloudForms before logging in for the first time.


#2

We haven’t investigated if this has been added to the REST API as we had this challenge last year and solved for it manually. We only had ~100 users to add so it wasn’t a big resource impact but it did create an issue long term that we didn’t expect. We have found that MIQ/CF uses case for usernames. If what was entered manually doesn’t match from LDAP (Active Directory for us) a new user account is created when the user logs in and they don’t see their assigned resources. There is a RFE in Bugzilla for the downstream CloudForms build on this issue https://bugzilla.redhat.com/show_bug.cgi?id=1200432

Hope this helps you avoid running in to this issue and interested if you determine an API or automated method to perform this.


#3

This is a cool idea. I’ve created a Trello card and put it on the backlog. I can’t say when it will be prioritized, but at least we can track it.


#4

In some use cases this could be troublesome. Some enterprise locations have thousands of users in a specific OU. I like the idea, but we need to tread lightly on this.


#5

Agree.

There needs to be a way to limit or to refine the search for users (perhaps through an ‘ldapsearch’-like filter syntax).


#6

Agree. Should have options to filter/point to specific OUs, have an option to search LDAP and add users manually by doing an LDAP look-up or add/remove users based on group membership.


#7

You can create a generic service with a dialog that contains:

  • An input box with a “number of results”
  • A dynamic dropdown that get the “number of results” list of users (using the net/ldap gem)
  • A few checkboxes with the tags you can tag them
    Then, a method that tag the user selected with the tags selected.
    The main problem should be to do it when the number of students is high (maybe a text box where you can input manually usernames separated by commas and in the method parse it…)
    HTH

#8

Alright, I follow what you’re saying here.

However, if the user hasn’t logged into CloudForms before, then he/she doesn’t ‘exist’ in VMDB. I think I can get around this by creating the user in the method.

What is the ‘right’ way to create the user?