No LDAP(S) Authentication in Kasparov

Hi all,
anyone can confirm please that LDAP(S) authentication option is no longer supported in Kasparov?
We have just migrated from Ivanchuk and this important feature is missing.

How have you managed to overcome this change? You had to use realm join command line option to join the whole server instead of just connecting ManageIQ to LDAP provider?
Thank you

Hi @anders_ulrich

In previous versions we had a custom, home-grown LDAP interface that required different configuration on the application side (called MiqLdap). We’ve since removed that in favor or relying on the more standard ldap modules in Apache.

The LDAP entry previously in the UI referred to MiqLdap. Now, you should be using SSSD, which is External (httpd) in the UI. I believe these are the docs for setting up LDAP, and here are some other helpful blog posts: ManageIQ - ManageIQ Authentication Overview and https://www.manageiq.org/blog/2018/01/troubleshooting-auth (however note that mentions of MiqLdap in those posts is the thing we’ve removed).

There is tool you can run to convert from MiqLdap to SSSD if you already have a configured older version with MiqLdap - manageiq/miq_config_sssd_ldap.rb at master · ManageIQ/manageiq · GitHub

Hope that helps