Bug 1019588

Summary: login fail on domain case sensitivity
Product: Red Hat Enterprise Virtualization Manager Reporter: Ilanit Stein <istein>
Component: ovirt-engineAssignee: Ravi Nori <rnori>
Status: CLOSED INSUFFICIENT_DATA QA Contact: movciari
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.2.0CC: acathrow, bazulay, dpal, emesika, iheim, istein, lpeer, pstehlik, Rhev-m-bugs, yeylon
Target Milestone: ---Keywords: Regression, Triaged
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-03 13:20:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
engine log none

Description Ilanit Stein 2013-10-16 06:22:04 UTC 
Created attachment 812772 [details]
engine log

Description of problem:

Add a domain using rhevm-manage-domain tool, with domain in lower case 
login fail. change domain to upper case - login succeed.

Version-Release number of selected component (if applicable):

Steps to Reproduce:
1. Add a domain, in lower case, for example:
rhevm-manage-domains  -action=add -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin  -interactive -provider=activeDirectory

2. Try to login in web admin with this user - login fail

3. Remove the added domain, for example:
rhevm-manage-domains  -action=delete -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin  -interactive -provider=activeDirectory 

4. 
 Add a domain, in Upper case, for example:
rhevm-manage-domains  -action=add -addPermissions -domain=QA.LAB.TLV.REDHAT.COM -user=vdcadmin  -interactive -provider=activeDirectory

Expected results:
domain should not be case sensitive.

Additional info: 
engine.log \ login error:

2013-10-15 20:08:57,043 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (QuartzScheduler_Worker-42) Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to connection timeout
2013-10-15 20:08:57,044 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (QuartzScheduler_Worker-42) Failed ldap search server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 using user vdcadmin.TLV.REDHAT.COM due to connection timeout. We should try the next server
2013-10-15 20:08:57,044 ERROR [org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase] (QuartzScheduler_Worker-42) Failed to run command LdapSearchUserByQueryCommand. Domain is qa.lab.tlv.redhat.com. User is vdcadmin.TLV.REDHAT.COM.
2013-10-15 20:43:13,671 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (ajp-/127.0.0.1:8702-11) Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to connection timeout
2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp-/127.0.0.1:8702-11) Failed ldap search server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 using user vdcadmin.TLV.REDHAT.COM due to connection timeout. We should try the next server
2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase] (ajp-/127.0.0.1:8702-11) Failed to run command LdapAuthenticateUserCommand. Domain is qa.lab.tlv.redhat.com. User is vdcadmin.
2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-11) USER_FAILED_TO_AUTHENTICATE : vdcadmin
2013-10-15 20:43:13,674 WARN  [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-11) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE
Comment 1 Itamar Heim 2013-10-16 08:15:05 UTC 
I'm not sure this is a bug. i remember IPA is case sensitive to that.
Comment 2 Eli Mesika 2013-10-16 13:25:38 UTC 
Waiting for answer on "if IPA domain names are case-sensitive" from Dmitri Pal
(question sent by email), will update BZ ASAP
Comment 3 Dmitri Pal 2013-10-16 21:31:38 UTC 
Kerberos domains are in general case sensitive. By convention they should be all upper case but it is not generally true.
Comment 4 Eli Mesika 2013-10-17 07:55:00 UTC 
due to the reply comment 3 I suggest to close as NOTABUG, Barak ???
Comment 5 Barak 2013-10-20 11:46:08 UTC 
Ravi - we need to make sure that once an authentication domain was added successfully using rhevm-manage-domains, we should not fail ligging into the webAdmin/UP 

In case this is a real issue we may be required to validate the case in rhevm-manage-domains.
Comment 7 Ravi Nori 2013-10-21 18:06:09 UTC 
I am unable to reproduce this on current master and is19 (3.3)

I was able to add Active Directory and IPA domains with both upper and lower case domain names and login to webadmin portal using the admin user.

Please see if you can reproduce this bug with the latest build
Comment 8 Ilanit Stein 2014-09-01 12:13:43 UTC 
Tested on oVirt Engine Version: 3.5.0-0.0.master.20140804172041.git23b558e.el6,

This bug seem not relevant anymore.