Yes - I did several loops through the logging in cycle and couldn't get the auto-created user to have a full view. I'll try again just now as I've got an extra machine to ensure no cached credentials or anything. Update shortly.

OK - using 2 different machines and 3 different browsers (just in case).

1) Log out of my user and log in as Admin (on workstation - RHEL 6 using Firefox)
2) Delete my user (on workstation)
3) Log in as my user on different machine (XP using Chrome)
4) New user session has only the Hosts item in the top menu
5) Refresh Admin session to see user has been auto-created (on workstation)
6) Select my user to edit and make it an Administrator with all Roles selected (on workstation)
7) Log out of my user (XP using Chrome) and back in. User still has only Hosts available.
8) Log out of my user (XP using Chrome) and back in (XP using IE). User still only has Hosts available.
9) Log out of my user (XP using IE) and back in (XP using Firefox). User still only has Hosts available.

10) Delete my user again with Admin account (on workstation).
11) Create my user with Admin account (on workstation).
12) Ensure LDAP authentication & Administrator settings for my user are right (on workstation).
13) Log in to my user (XP using Firefox). User has full menu at top of page:

"Dashboard Hosts Reports Facts Audits Statistics Trends"

I think I've exhausted the available options. I made sure the account details looked the same from the Foreman user edit screen.

Where next?

Whilst I don't particularly want all my IPA users being able to log straight into Foreman, I would consider this a bug.

I can confirm that this bug exists. Admin users never get access to the full admin view unless they were created in Foreman before they logging in. Running Foreman 1.4.2 on CentOS 6.4 x64 authing against a Windows 2008 AD domain.

I can also confirm this bug exists also.
New install (Foreman 1.5 from source/git) on RHEL6.5, LDAP pointing to AD, user can login but regardless of roles only see's the host drop down menu.

Thanks.

Just an update from me - I think it's pretty much working. Foreman 1.3 install upgraded to 1.5, running on RHEL 6.5, authenticating to IdM/IPA.

New users are now automatically created at first login. The LDAP filter for users works well. The only comment I have is that if the LDAP connection isn't authenticated with a secure user, there is an error when the account is created, although everything works well from there. If the LDAP connection is authenticated with a user, there is no error.
If I make a user an Administrator, there doesn't seem to be a way to revert back to being a normal user.

Kent Holloway wrote:

I can also confirm this bug exists also.
New install (Foreman 1.5 from source/git) on RHEL6.5, LDAP pointing to AD, user can login but regardless of roles only see's the host drop down menu.

You might be seeing #6065, where a per-user cache of the menu system isn't getting invalidated when changing a user's roles.