Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 2. Configure Red Hat Identity Management

In this example, IdM is situated externally to the OpenStack Red Hat OpenStack Platform director deployment and is the source of all user and group information. RH-SSO will be configured to use IdM as its User Federation, and will then perform LDAP searches against IdM to obtain user and group information.

2.1. Create the IdM Service Account for RH-SSO
Link kopieren

Although IdM allows anonymous binds, some information is withheld for security reasons. Some of this information withheld during anonymous binds is essential for RH-SSO user federation; consequently, RH-SSO will need to bind to the IdM LDAP server with enough privileges to successfully query the required information. As a result, you will need to create a dedicated service account for RH-SSO in IdM. IdM does not natively provide a command to do this, but you can use the ldapmodify command. For example: 

ldap_url="ldaps://$FED_IPA_HOST"
dir_mgr_dn="cn=Directory Manager"
service_name="rhsso"
service_dn="uid=$service_name,cn=sysaccounts,cn=etc,$FED_IPA_BASE_DN"

$ ldapmodify -H "$ldap_url" -x -D "$dir_mgr_dn" -w "$FED_IPA_ADMIN_PASSWD" <<EOF
dn: $service_dn
changetype: add
objectclass: account
objectclass: simplesecurityobject
uid: $service_name
userPassword: $FED_IPA_RHSSO_SERVICE_PASSWD
passwordExpirationTime: 20380119031407Z
nsIdleTimeout: 0

EOF
Copy to Clipboard Toggle word wrap
Note

You can use the configure-federation script to perform the above step: 

$ ./configure-federation create-ipa-service-account
Copy to Clipboard Toggle word wrap

2.2. Create a test user
Link kopieren

You will also need a test user account in IdM. You can either use an existing user or create a new one; the examples in this guide use "John Doe" with a uid of jdoe. You can create the jdoe user in IdM: 

$ ipa user-add --first John --last Doe --email jdoe@example.com jdoe
Copy to Clipboard Toggle word wrap

Assign a password to the user: 

$ ipa passwd jdoe
Copy to Clipboard Toggle word wrap

2.3. Create an IdM group for OpenStack Users
Link kopieren

Create the openstack-users group in IdM.

  1. Make sure the openstack-users group does not already exist: 

    $ ipa group-show openstack-users
ipa: ERROR: openstack-users: group not found
    Copy to Clipboard Toggle word wrap

  2. Add the openstack-users group to IdM: 

    $ ipa group-add openstack-users
    Copy to Clipboard Toggle word wrap

  3. Add the test user to the openstack-users group: 

    $ ipa group-add-member --users jdoe openstack-users
    Copy to Clipboard Toggle word wrap

  4. Verify that the openstack-users group exists and has the test user as a member: 

    $ ipa group-show openstack-users
  Group name: openstack-users
  GID: 331400001
  Member users: jdoe
    Copy to Clipboard Toggle word wrap
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat