Retrieving users from LDAP without them logging in

Is there a way to retrieve the list of users from LDAP without them logging in?

The use case is where a university has classes with new students each semester and they need to be manually tagged in CloudForms before logging in for the first time.

We haven’t investigated if this has been added to the REST API as we had this challenge last year and solved for it manually. We only had ~100 users to add so it wasn’t a big resource impact but it did create an issue long term that we didn’t expect. We have found that MIQ/CF uses case for usernames. If what was entered manually doesn’t match from LDAP (Active Directory for us) a new user account is created when the user logs in and they don’t see their assigned resources. There is a RFE in Bugzilla for the downstream CloudForms build on this issue

Hope this helps you avoid running in to this issue and interested if you determine an API or automated method to perform this.

1 Like

This is a cool idea. I’ve created a Trello card and put it on the backlog. I can’t say when it will be prioritized, but at least we can track it.

In some use cases this could be troublesome. Some enterprise locations have thousands of users in a specific OU. I like the idea, but we need to tread lightly on this.


There needs to be a way to limit or to refine the search for users (perhaps through an ‘ldapsearch’-like filter syntax).

Agree. Should have options to filter/point to specific OUs, have an option to search LDAP and add users manually by doing an LDAP look-up or add/remove users based on group membership.

You can create a generic service with a dialog that contains:

  • An input box with a “number of results”
  • A dynamic dropdown that get the “number of results” list of users (using the net/ldap gem)
  • A few checkboxes with the tags you can tag them
    Then, a method that tag the user selected with the tags selected.
    The main problem should be to do it when the number of students is high (maybe a text box where you can input manually usernames separated by commas and in the method parse it…)
1 Like

Alright, I follow what you’re saying here.

However, if the user hasn’t logged into CloudForms before, then he/she doesn’t ‘exist’ in VMDB. I think I can get around this by creating the user in the method.

What is the ‘right’ way to create the user?