Permission Denied error for LDAP group lookup with AD external auth

[msmoritz]

I've just installed a new copy of the Najdorf 1.3 appliance for vSphere.

After performing the setup for AD integration with external auth(httpd), user logins are working correctly against domain accounts. When I try to setup a new Group for RBAC, I am getting an error when using the Look up External Authentication Groups check box. Enabling the option displays a single field for the username to lookup. Then clicking Retrieve gives the following error as a popup on the UI as well as in the evm.log.

[----] E, [2022-09-22T12:40:50.866337 #2303:b3a24] ERROR -- evm: MIQ(ops_controller-rbac_group_user_lookup): Error during 'LDAP Group Look Up': Permission denied; caused by 3 sender=:1.74 -> dest=:1.87 serial=22 reply_serial=10 path=; interface=; member= error_name=org.freedesktop.DBus.Error.AuthFailed

This is my first major look at a new MIQ release since Ivanchuck, and i see the form is different, in the past there was also a Username/Password field for providing to the ldap lookup, but that is gone. Is there some setup step I've missed for enabling LDAP lookups via the AD authentication?

[ahmedovelshan]

Hi
I solved this problem to add "manageiq" user to sssd.conf file.

[jrafanie]

I've added this to the documentation: ManageIQ/manageiq-documentation#1743

[jrafanie]

configuring with IPA through the appliance console should be fixed once this is merged and released and we pick up an updated version of this gem: ManageIQ/manageiq-appliance_console#220