An issue I ran into the other day when trying to setup Active Directory authentication in Ansible AWX, using LDAP auth type. These are a couple things that aren’t exactly called out in the documentation from Red Hat, and might not be obvious to all.
You can use ldap:// if you aren’t setup for ldaps:// (secure LDAP). Just modify your LDAP Server URI as in the image above. Obviously this is not secure or recommended, but in a lab environment, or to just get you up and going when you aren’t setup for ldaps, it will work.
Make sure to use the full distinguished name for the Bind DN. Some guides online say to just use the username. I was unable to get this to work, so your mileage may vary.
Specific to Active Directory, change your LDAP group type, to “ActiveDirectoryGroupType”. Otherwise the group attributes won’t match correctly.
Set LDAP Group Type Parameters. Set that like the code snippet below.
The remaining fields should all be pretty straightforward. Just make sure to use full LDAP paths in the places required. You can use PowerShell to get these really easily if you know the group or usernames that you need. This will save you a bunch of typing. (code below)
#LDAP Group Type Parameters
{
"name_attr": "Name"
}
I’m still toying around with some of the other parameters like “admins, and “remove” in case there are any gotchas there, but so far they seem to work as advertised.