Works only with local users

[pgera]

I think the call_api needs a local foreman user to work. I got a permission denied error with a freeipa user, although the user had admin privileges.

[bergsjoh]

I'm using it with external LDAP users, no problem.

[Rocco83]

I am using LDAP user as well. I will share my current grants given at satellite level. Anyway would be interesting to share something more about user detail that you are using, to replicate the problem.

[itewk]

I ran into this same issue using IdM. So maybe this is a difference between using the LDAP provider and using the IdM integration?

I followed: https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html/User_Guide/sect-Red_Hat_Satellite-User_Guide-Configuring_External_Authentication-Using_Identity_Management.html

Maybe @bergsjoh and @Rocco83 were using https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html/User_Guide/chap-Red_Hat_Satellite-User_Guide-Configuring_External_Authentication.html#sect-Red_Hat_Satellite-User_Guide-Using_LDAP and that is why it is working for them and not me and @pgera

[pgera]

Yes, I used something like katello-installer --foreman-ipa-authentication=true during the setup

[evgeni]

Thanks to @itewk I had access to a machine where this happens, had a lovely date with the @theforeman code have at least three more grey hairs…

The underlying issue is http://projects.theforeman.org/issues/11317 aka https://bugzilla.redhat.com/show_bug.cgi?id=1266407 and I fear there is not much we can do about this at the moment.