Bug 1108833
Summary: | Enabling LDAP on one JBoss ON Server in HA Configuration is not propagated to another server(s) until their restart so the users cannot log in | ||
---|---|---|---|
Product: | [JBoss] JBoss Operations Network | Reporter: | bkramer <bkramer> |
Component: | Core Server | Assignee: | Jay Shaughnessy <jshaughn> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | JON 3.2 | CC: | hrupp, jkandasa, jshaughn, loleary |
Target Milestone: | DR01 | ||
Target Release: | JON 3.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
When LDAP was enabled on one JBoss ON Server in HA Configuration, the change was not propagated to other servers in the group until the servers were restarted. This prevented users from logging onto the other servers in the group. The fix reinstalls the JAAS login modules when the HA nodes detect a change in system settings. The check is performed every 60 seconds. If LDAP configuration is enabled or disabled in a HA group, the other servers are now aware of the change in 60 seconds.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-12-11 14:03:04 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1108835 | ||
Bug Blocks: |
Description
bkramer
2014-06-12 16:02:02 UTC
This is not really a use case we had in mind. A change to LDAP settings would be picked up, but that actual enabling or disabling of LDAP auth requires a reconfiguration of the server's JAAS login modules. It was anticipated that a restart would be required. Having said that, since the customer considers this a bug, it looks like we were wrong and for some reason the HA nodes must stay up. Looking to fix this... master commit cde3c29b8e0b12d838de52453e1a4dc9bfb59d34 Author: Jay Shaughnessy <jshaughn> Date: Tue Jul 1 21:12:21 2014 -0400 Enable/Disable of LDAP requires a system reconfigure (reinstall the JAAS login modules...). Change things such that the system reconfigure gets performed whenever HA nodes detect a change in system settings. So, this fix is a bit more general that the specific case listed here. The system settings update check is every 60s, so HA nodes should pick up a change within a minute. Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993 Version: JBoss Operations Network Version : 3.3.0.DR01 Build Number : 6468454:dda0a47 GWT Version : 2.5.0 SmartGWT Version : 3.0p HA Setup: Number of JON 3.3 servers: 2 Enabled LDAP on server 1, logged in success on server 1. Was waiting for 60 seconds to update in server 2. Updated within 60 seconds. Login successful in server 2 as well without restarting the server. server.log, 05:55:20,481 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (EJB default - 10) Security domain [RHQUserSecurityDomain] re-created with login modules.......... Database: postgres (PostgreSQL) 8.4.11 |