Questions about the use/debugging of ldap

Hello again!
Im testting to set up the userlogin for the AWX Webgui.
I created a user wich can read the folder(ou) with ldapsearch, but i cant login in the webgui.
I use a own awx user group to limit the acces for the administration and added my regular user in this group for testing, but i cant login in the web gui.
Tried: domain.local\user | domain\user | user@domain.local | user@domain
Do i have to configure someting else too?
And how can i see the logs?
I set the logging in the sytem logging to debug.
I thought probably at Jobs but nothing this related to see.
Do i have to set up a logging server?

Thank you again for your input!!

Try these settings, Works for us… Using Microsoft Active Directory as LDAP server…

LDAP Server URI

ldap://100.100.100.100

LDAP Bind DN (user to authenticate with LDAP)

CN=Service Account,OU=Service,OU=Accounts,DC=example,DC=domain,DC=com

LDAP Group Type

MemberDNGroupType

LDAP User Search (where the users live)

[
  "OU=Users,OU=Accounts,DC=example,DC=domain,DC=com",
  "SCOPE_SUBTREE",
  "(sAMAccountName=%(user)s)"
]

LDAP Group Search (where the groups live)

[
  "OU=Accounts,DC=example,DC=domain,DC=com",
  "SCOPE_SUBTREE",
  "(objectClass=group)"
]

LDAP User Attribute Map (use this, maps correctly the LDAP to AWX attrs)

{
  "email": "mail",
  "first_name": "givenName",
  "last_name": "sn"
}

LDAP Group Type Parameters (dunno, it works)

{
  "member_attr": "member",
  "name_attr": "cn"
}

LDAP User Flags By Group

{
  "is_superuser": [
    "CN=AWX Admins,OU=Accounts,DC=example,DC=domain,DC=com",
  ]
}

LDAP Organization Map (anyone in this group will be part of “Engineering” team in AWX )

{
  "Engineering": {
    "admins": "CN=AWX Admins,OU=Accounts,DC=example,DC=domain,DC=com",
    "remove_admins": false,
    "remove_users": false,
    "users": true
  }
}

LDAP Team Map

{}

Oh and then finally,

Login with the username…

not email, not @example.domain.local

just their User logon name, ie “bob”

Screenshot 2024-02-13 at 10.24.45 pm

only the user was the first i tried - the only diffrece was i had this user DN Template too much - i deleted it.
And the added group filter.
Is the login then possible without further configs?

No further config is needed, at least in our environment…

Making sure the LDAP server is accessible from the AWX machine

Yeah Thank you!


The chatbot lured me again to the error - ill get the feeling i should stop stink it - read the manual and ask rather here.
Would be quicker i think.

1 Like