• Zach Biles

AWX LDAP/Active Directory Authentication

Updated: Oct 26, 2020

An issue I ran into the other day when trying to setup Active Directory authentication in Ansible AWX, using LDAP auth type. These are a couple things that aren't exactly called out in the documentation from Red Hat, and might not be obvious to all.

  1. You can use ldap:// if you aren't setup for ldaps:// (secure LDAP). Just modify your LDAP Server URI as in the image above. Obviously this is not secure or recommended, but in a lab environment, or to just get you up and going when you aren't setup for ldaps, it will work.

  2. Make sure to use the full distinguished name for the Bind DN. Some guides online say to just use the username. I was unable to get this to work, so your mileage may vary.

  3. Specific to Active Directory, change your LDAP group type, to "ActiveDirectoryGroupType". Otherwise the group attributes won't match correctly.

  4. Set LDAP Group Type Parameters. Set that like the code snippet below.

  5. The remaining fields should all be pretty straightforward. Just make sure to use full LDAP paths in the places required. You can use PowerShell to get these really easily if you know the group or usernames that you need. This will save you a bunch of typing. (code below)


#LDAP Group Type Parameters
{
  "name_attr": "Name"
}


#powershell for distinguished names
Get-ADUser <username> -Properties name,distinguishedName
Get-ADGroup <groupname> -Properties name,distinguishedName


I'm still toying around with some of the other parameters like "admins, and "remove" in case there are any gotchas there, but so far they seem to work as advertised.


829 views0 comments

Recent Posts

See All

AWX Isolated Nodes Broken after AWX Upgrade

tl;dr: Python2 strikes back! Always use Python3. Ran into this issue after an upgrade of AWX from 14.0.0 to 15.0.1, where jobs will just fail with no output in AWX showing what happened. Just a blank