Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1518319 - [RFE] LDAP Authentication Should Support Filters for User Exclusions from Groups
Summary: [RFE] LDAP Authentication Should Support Filters for User Exclusions from Groups
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.8.0
Hardware: x86_64
OS: Linux
Target Milestone: GA
: cfme-future
Assignee: Gregg Tanzillo
QA Contact: Mike Shriver
Whiteboard: auth:externalauth
Depends On:
TreeView+ depends on / blocked
Reported: 2017-11-28 15:51 UTC by Ron
Modified: 2018-09-06 21:32 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-08-27 17:50:03 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:

Attachments (Terms of Use)

Description Ron 2017-11-28 15:51:24 UTC
Description of problem:

Customer has two groups with overlapping users in AD/LDAP. We need a way to exclude members from one group in the other. This can be done if we have the ability to use LDAP filters as exclusions in the group creation menu.

Version-Release number of selected component (if applicable):

CFME 5.8.0

How reproducible:


Steps to Reproduce:

1. Create AD Group, GroupA with (user1, user2, user3, user4)
2. Create AD Group, GroupB with (user1, user2)
3. Create CFME Group for GroupA
4. Create CFME Group for GroupB

Actual results:

user1 and user2 are part of both GroupA and GroupB.

Expected results:

I need this to function to allow user1, and user2, to be exlcuded from GroupA by writing an LDAP filter to create an exclusion user list.

Additional info:

Comment 2 Lynn Dixon 2017-11-28 15:59:37 UTC
Linking Customer support case to this BZ.  I am on site with the customer during a consulting engagement, and this is a bit of a challenge for us.  They have a very large and flat AD, and having the ability to filter and exclude would be a very nice feature for them, and would help us overcome one of the challenges in this engagement.

Comment 3 Joe Vlcek 2018-08-27 17:50:03 UTC
The solution is to use SSSD, which has filters built in.

I am closing this BZ as the associated customer case has been closed as they are now using the filters built into SSSD.


Note You need to log in before you can comment on or make changes to this bug.