Closed rehanch178 closed 5 years ago
It's working for me, the only issue I've run into was TLS. I had to set the server uri to ldap://fqdn:389
and disable Start TLS.
For the original question - yeah it works, at least with OpenLDAP so I would imagine AD should work as well. I've done that a while ago but as far as I remember, I followed the tower doc and it worked.
After the installation, when the containers are already running, I executed some commands using docker exec
to curl/wget
my CA from a webserver and update-ca-trust
to get it active so STARTTLS would work with my self-signed cert as well.
- name: trust CA in awx containers
shell: docker exec -i {{ item }} bash -c 'curl http://someintranethttpd/static/myintranetca.crt > /etc/pki/ca-trust/source/anchors/myintranetca.crt && update-ca-trust extract'
with_items:
- awx_web
- awx_task
and I think you need to restart the containers afterwards. Instead of downloading the CA you could also use docker cp
to get it in, of course.
Hi Guys,
I am struggling for the solution from last 3 days. Please give me the steps how to follow and integrate LDAP with Ansible AWX. I am using containerized awx ansible tower with LDAP. Please help me to get resolve this. and one more, when i tried to change configuration and save. the changes are not reflecting once i logout and login.
and once exact configuration is done, how to test whether the LDAP server is synced with my AWX or not?
Below are the credentials(modified due to compliance) i'm using. Please correct me if i'm wrong. Please help me on this.
LDAP in AWX.
LDAP Server URI: ldap://promo.micro.com:389
LDAP Bind DN: CN=admin.gen,OU=General,OU=Micro Users,DC=promo,DC=micro,DC=com
password: Admin123
LDAP User DN Template: blank
LDAP Group Type: MemberDNGroupType
LDAP Require Group: (here i am giving the same LDAP Bind DN) - Please correct me here... what is the CN? i need to provide here. CN=admin.gen,OU=General,OU=Micro Users,DC=promo,DC=micro,DC=com
LDAP Deny Group: blank
LDAP User Search [ "OU=General,OU=Micro Users,DC=promo,DC=micro,DC=com", "SCOPE_SUBTREE", "(cn=%(user)s)" ]
LDAP Group Search [ "dc=promo,dc=micro,dc=com", "SCOPE_SUBTREE", "(objectClass=group)" ]
LDAP User Attribute Map { "first_name": "givenName", "last_name": "sn", "email": "mail" }
LDAP User Flags by Group { "is_superuser": "CN=admin.gen,OU=General,OU=Micro Users,DC=promo,DC=Micro,DC=com" }
@hnagireddygari There is a public ldap server that I use for testing. Visit the tower browsable api via https://your_tower_server/api/v2/settings/ldap/ and patch the following payload. You can then login to tower using riemann
/ password
. There are other test users associated with this LDAP server also https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ Once you have this working, use it as a guide for your own LDAP server.
{
"AUTH_LDAP_GROUP_TYPE": "GroupOfUniqueNamesType",
"AUTH_LDAP_USER_DN_TEMPLATE": "uid=%(user)s,dc=example,dc=com",
"AUTH_LDAP_ORGANIZATION_MAP": {
"Mathematicians": {
"users": [],
"admins": "ou=mathematicians,dc=example,dc=com",
"remove_admins": false,
"remove_users": false
},
"Scientists": {
"users": [],
"admins": "ou=scientists,dc=example,dc=com",
"remove_admins": false,
"remove_users": false
}
},
"AUTH_LDAP_BIND_DN": "cn=read-only-admin,dc=example,dc=com",
"AUTH_LDAP_USER_ATTR_MAP": {
"first_name": "uid",
"last_name": "sn",
"email": "mail"
},
"AUTH_LDAP_USER_SEARCH": [],
"AUTH_LDAP_SERVER_URI": "ldap://ldap.forumsys.com",
"AUTH_LDAP_GROUP_TYPE_PARAMS": {},
"AUTH_LDAP_DENY_GROUP": null,
"AUTH_LDAP_USER_FLAGS_BY_GROUP": {},
"AUTH_LDAP_TEAM_MAP": {},
"AUTH_LDAP_REQUIRE_GROUP": null,
"AUTH_LDAP_GROUP_SEARCH": ["dc=example,dc=com", "SCOPE_SUBTREE", "(objectClass=groupOfUniqueNames)"],
"AUTH_LDAP_BIND_PASSWORD": "password"
}
No follow up in several months
I am having the same issue. I've replicated the LDAP configuration between AWX(container)-AWX(non-container)->AnsibleTower. It works in both AWX(non-continer) and Ansible Tower, but not the dockerized version of AWX. Is there something you need to do to get LDAP authentication working in containerized AWX?
AWX 6.0.0.0 Ansible 2.8.1
Hi Team,
I am running Ansible tower docker version.
I configured LDAP authentication in the UI setting section of LDAP, but it is not working.
Wanted to know , does docker version of ansible tower support AD integration.
If yes, I am not sure, if I am making any mistake while configuring LDAP.