Bug 1236216

Summary: hammer auth-source does not allow all the settings
Product: Red Hat Satellite Reporter: Andrew Schofield <andrew.schofield>
Component: HammerAssignee: Martin Bacovsky <mbacovsk>
Status: CLOSED ERRATA QA Contact: Kedar Bidarkar <kbidarka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: bbuckingham, bkearney, cwelton, kabbott, kbidarka, mmccune, sreber
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/11033
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-15 07:22:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew Schofield 2015-06-26 21:10:09 UTC 
Description of problem:

Using hammer auth-source to add an LDAP Authentication source does not allow a number of paramters to be set:

- 'Server Type' cannot be set and defaults to POSIX (I have to manually change this to 'Active Directory')
- 'Groups base DN' cannot be set
- 'LDAP filter' cannot be set.


# hammer auth-source ldap create --help
Usage:
    hammer auth-source ldap create [OPTIONS]

Options:
 --account ACCOUNT
 --account-password ACCOUNT_PASSWORD   required if onthefly_register is true
 --attr-firstname ATTR_FIRSTNAME       required if onthefly_register is true
 --attr-lastname ATTR_LASTNAME         required if onthefly_register is true
 --attr-login ATTR_LOGIN               required if onthefly_register is true
 --attr-mail ATTR_MAIL                 required if onthefly_register is true
 --attr-photo ATTR_PHOTO
 --base-dn BASE_DN
 --host HOST
 --name NAME
 --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0.
 --port PORT                           defaults to 389
 --tls TLS                             One of true/false, yes/no, 1/0.
 -h, --help                            print help


Version-Release number of selected component (if applicable):
6.1 public beta.

How reproducible:
Always.

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 RHEL Program Management 2015-06-26 21:12:27 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 3 Martin Bacovsky 2015-07-07 11:49:28 UTC 
Created redmine issue http://projects.theforeman.org/issues/11033 from this bug
Comment 4 Martin Bacovsky 2015-07-07 14:54:40 UTC 
https://github.com/theforeman/hammer-cli/pull/173 is related and allows Hammer CLI to print the available values in hammer auth-source ldap create --help
Comment 5 Bryan Kearney 2015-07-08 12:04:45 UTC 
Moving to POST since upstream bug http://projects.theforeman.org/issues/11033 has been closed
-------------
Martin Bacovsky
Applied in changeset commit:66f3267354ee2a7391ef8feba27d1cb050d9b5df.
Comment 8 Bryan Kearney 2015-07-20 10:50:27 UTC 
*** Bug 1242527 has been marked as a duplicate of this bug. ***
Comment 9 Kedar Bidarkar 2015-07-23 10:19:23 UTC 
 ~]# hammer auth-source ldap create --help
Usage:
    hammer auth-source ldap create [OPTIONS]

Options:
 --account ACCOUNT                      
 --account-password ACCOUNT_PASSWORD   required if onthefly_register is true
 --attr-firstname ATTR_FIRSTNAME       required if onthefly_register is true
 --attr-lastname ATTR_LASTNAME         required if onthefly_register is true
 --attr-login ATTR_LOGIN               required if onthefly_register is true
 --attr-mail ATTR_MAIL                 required if onthefly_register is true
 --attr-photo ATTR_PHOTO                
 --base-dn BASE_DN                      
 --groups-base GROUPS_BASE             groups base DN
 --host HOST                            
 --ldap-filter LDAP_FILTER             LDAP filter
 --name NAME                            
 --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0.
 --port PORT                           defaults to 389
 --server-type SERVER_TYPE             type of the LDAP server
 --tls TLS                             One of true/false, yes/no, 1/0.
 -h, --help                            print help


We now do have the options, but "server type" accepts only particular values like below, which unless specified by the CLI is not known to the user.

a) active_directory
b) free_ipa
c) posix

Providing these values for CLI is must, otherwise it would be annoying for the users.
Comment 10 Martin Bacovsky 2015-07-23 13:13:17 UTC 
As mentioned in Comment #4 there is related update in hammer-cli:
https://github.com/mbacovsky/hammer-cli/commit/6bb7e02615666ddd87bfa311118535e279e32571
which allows hammer to print the available types.

$ hammer auth-source ldap create -h
Usage:
    hammer auth-source ldap create [OPTIONS]

Options:
 --account ACCOUNT                      
 --account-password ACCOUNT_PASSWORD   required if onthefly_register is true
 --attr-firstname ATTR_FIRSTNAME       required if onthefly_register is true
 --attr-lastname ATTR_LASTNAME         required if onthefly_register is true
 --attr-login ATTR_LOGIN               required if onthefly_register is true
 --attr-mail ATTR_MAIL                 required if onthefly_register is true
 --attr-photo ATTR_PHOTO                
 --base-dn BASE_DN                      
 --groups-base GROUPS_BASE             groups base DN
 --host HOST                            
 --ldap-filter LDAP_FILTER             LDAP filter
 --name NAME                            
 --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0.
 --port PORT                           defaults to 389
 --server-type SERVER_TYPE             type of the LDAP server
                                       Possible value(s): 'free_ipa', 'active_directory', 'posix'
 --tls TLS                             One of true/false, yes/no, 1/0.
 --usergroup-sync USERGROUP_SYNC       sync external user groups on login
                                       One of true/false, yes/no, 1/0.
 -h, --help                            print help
Comment 12 Kedar Bidarkar 2015-09-01 14:12:14 UTC 
We now do see the possible values for "server_type", as shown below.

~]# hammer -u admin -p changeme auth-source ldap create --help
Usage:
    hammer auth-source ldap create [OPTIONS]

Options:
 --account ACCOUNT                      
 --account-password ACCOUNT_PASSWORD   required if onthefly_register is true
 --attr-firstname ATTR_FIRSTNAME       required if onthefly_register is true
 --attr-lastname ATTR_LASTNAME         required if onthefly_register is true
 --attr-login ATTR_LOGIN               required if onthefly_register is true
 --attr-mail ATTR_MAIL                 required if onthefly_register is true
 --attr-photo ATTR_PHOTO                
 --base-dn BASE_DN                      
 --groups-base GROUPS_BASE             groups base DN
 --host HOST                            
 --ldap-filter LDAP_FILTER             LDAP filter
 --name NAME                            
 --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0.
 --port PORT                           defaults to 389
 --server-type SERVER_TYPE             type of the LDAP server
                                       Possible value(s): 'free_ipa', 'active_directory', 'posix'
 --tls TLS                             One of true/false, yes/no, 1/0.


VERIFIED With sat6.1.2 20150826.0
Comment 14 errata-xmlrpc 2015-09-15 07:22:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:1786