How can Integrate Ansible Tower with Active Directory

3,327 views
Skip to first unread message

Nuwan Vithanage

unread,
Sep 19, 2017, 2:33:21 AM9/19/17
to Ansible Project

HOW CAN I INTEGRATING ANSIBLE TOWER WITH LDAP / ACTIVE DIRECTORY Version Tower 3.1.5 

Message has been deleted

Nuwan Vithanage

unread,
Sep 21, 2017, 3:02:30 AM9/21/17
to ansible...@googlegroups.com
Hi Soniya ,

Thank you for the information I have followed the same link but still struck with it 




On Thu, Sep 21, 2017 at 12:11 PM, Soniya panwar <soniyap...@gmail.com> wrote:

Hello 

To integrate Ansible tower version 3.1.5 with LDAP you can follow this link:


On Tuesday, September 19, 2017 at 12:03:21 PM UTC+5:30, Nuwan Vithanage wrote:

HOW CAN I INTEGRATING ANSIBLE TOWER WITH LDAP / ACTIVE DIRECTORY Version Tower 3.1.5 

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/jzzRBO3R2VQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c4be42e2-2462-4886-a8bd-9606ee452cad%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Soniya panwar

unread,
Sep 21, 2017, 5:56:53 AM9/21/17
to Ansible Project
can you please share what exactly error you are getting and where you got stuck?

Thanks


On Thursday, September 21, 2017 at 12:32:30 PM UTC+5:30, Nuwan Vithanage wrote:
Hi Soniya ,

Thank you for the information I have followed the same link but still struck with it 



On Thu, Sep 21, 2017 at 12:11 PM, Soniya panwar <soniyap...@gmail.com> wrote:

Hello 

To integrate Ansible tower version 3.1.5 with LDAP you can follow this link:


On Tuesday, September 19, 2017 at 12:03:21 PM UTC+5:30, Nuwan Vithanage wrote:

HOW CAN I INTEGRATING ANSIBLE TOWER WITH LDAP / ACTIVE DIRECTORY Version Tower 3.1.5 

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/jzzRBO3R2VQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

Nuwan Vithanage

unread,
Sep 21, 2017, 6:34:59 AM9/21/17
to ansible...@googlegroups.com
Hi Soniya ,

 Now I need to setup Ldap authentication via Active Directory

Requirement: allow  CN=adm_at,OU=Services Accounts,DC=peaktrav,DC=com  group users to authenticate ansible tower login and perform some task above mention users group 

 Steps I have done 

Test successful queries to the LDAP server - OK

 
Configured LDAP as attached picture but still I unable to log using Active Directory user name and password. 

To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/157e31d3-872b-4238-97df-9dc27c4b24ea%40googlegroups.com.
Screen Shot 2017-09-21 at 11.16.48 AM.png

Nuwan Vithanage

unread,
Sep 22, 2017, 9:00:04 AM9/22/17
to ansible...@googlegroups.com
Hi Soniya,

I need you advice to accomplish Active Directory Integration to Ansible Tower.

Below  Task I have done 

  1. Installed Ansible Tower 
  2. Created User in Active directory hat has access to read the entire AD structure. <nvadmin>
  3. Configure openladap config file like below 

[root@AT tower]# cat /etc/openldap/ldap.conf 

#

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.


BASE CN=nvadmin,OU=Admin Users,OU=Support Accounts,DC=peaktrav,DC=com

URI    ldaps://aumel-srv01.peaktrav.com:636


#SIZELIMIT 12

#TIMELIMIT 15

#DEREF never


TLS_CACERTDIR /etc/openldap/certs

TLS_REQCERT never

# Turning this off breaks GSSAPI used with krb5 when rdns = false

SASL_NOCANON on

  1. ldapsearch   -x -h aumel-srv01.peaktrav.com -D "nva...@peaktrav.com" -w pavi_1234@ -b "OU=Admin Users,OU=Support Accounts,DC=peaktrav,DC=com" 
  2. Result:

# extended LDIF

#

# LDAPv3

# base <OU=Admin Users,OU=Support Accounts,DC=peaktrav,DC=com> with scope subtree

# filter: (objectclass=*)

# requesting: ALL

#

# Admin Users, Support Accounts, peaktrav.com

dn: OU=Admin Users,OU=Support Accounts,DC=peaktrav,DC=com

objectClass: top

objectClass: organizationalUnit

ou: Admin Users

distinguishedName: OU=Admin Users,OU=Support Accounts,DC=peaktrav,DC=com

instanceType: 4

whenCreated: 20140523105001.0Z

whenChanged: 20161022050051.0Z

uSNCreated: 17196

uSNChanged: 17196

name: Admin Users

objectGUID:: 9hcF92Z2V0+Q7Xy+i77oHw==

objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=peaktrav,

 DC=com

gPLink: [LDAP://cn={434E5937-ADEF-4D95-A213-7A1E2F0713F8},cn=policies,cn=syste

 m,DC=peaktrav,DC=com;2][LDAP://cn={3E627B59-EAB9-4CE9-A658-5255A7303E1A},cn=p

 olicies,cn=system,DC=peaktrav,DC=com;0][LDAP://cn={18602251-4055-430D-8E04-7D

 315A332203},cn=policies,cn=system,DC=peaktrav,DC=com;0][LDAP://cn={D970C99F-8

 F6D-46AC-B871-9C79274D2F6D},cn=policies,cn=system,DC=peaktrav,DC=com;0]

dSCorePropagationData: 20170407023024.0Z

dSCorePropagationData: 20170221212739.0Z

dSCorePropagationData: 20170221211417.0Z

dSCorePropagationData: 20170110223316.0Z

dSCorePropagationData: 16010714223649.0Z

5. Configure Ansible Tower like below Screen-capture (Please refer the attachment) 

6. try to login using user which is inside "OU=Admin Users,OU=Support Accounts,DC=peaktrav,DC=com" failed 

7. tried with https://at.peaktrav.com/api/v1/authtoken/ using user which is inside "OU=Admin Users,OU=Support Accounts,DC=peaktrav,DC=com"  failed

I got below error message from vat/log/tower/tower.log 

2017-09-22 23:58:04,505 WARNING  django_auth_ldap Caught LDAPError while authenticating nvadmin: OPERATIONS_ERROR({'info': '00000000: LdapErr: DSID-0C090FF6, comment: TLS or SSL already in effect, data 0, v2580', 'desc': 'Operations error'},)

2017-09-22 23:58:04,529 WARNING  awx.api.views Login failed for user nvadmin

2017-09-22 23:58:04,530 WARNING  awx.api.generics status 400 received by user AnonymousUser attempting to access /api/v1/authtoken/ from 10.254.0.246

Appreciate your support and advice this regards, 


To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/157e31d3-872b-4238-97df-9dc27c4b24ea%40googlegroups.com.
Screen Shot 2017-09-22 at 6.22.40 PM.png

iamlight...@gmail.com

unread,
Aug 5, 2018, 10:55:05 PM8/5/18
to Ansible Project
Hello , 

Have you got any update here ?

Regards,
Prakash.
Reply all
Reply to author
Forward
0 new messages