Bug 1284832
| Summary: | After satellite upgrade to 6.1.4 'Usergroup sync' under ldap authentication gets enabled automatically | |||
|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Mahesh Taru <mtaru> | |
| Component: | Users & Roles | Assignee: | Daniel Lobato Garcia <dlobatog> | |
| Status: | CLOSED ERRATA | QA Contact: | Katello QA List <katello-qa-list> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 6.1.4 | CC: | andrew.schofield, bbuckingham, bkearney, brubisch, cwelton, dlobatog, dmoessne, hartsjc, kabbott, kbidarka, kshirsal, mmccune, msomasun, mtaru, pmutha, sauchter, wpinheir, xdmoon | |
| Target Milestone: | Unspecified | Keywords: | Reopened, Triaged | |
| Target Release: | Unused | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| URL: | http://projects.theforeman.org/issues/14868 | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1315268 (view as bug list) | Environment: | ||
| Last Closed: | 2017-01-12 08:14:16 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1315268, 1317008 | |||
|
Description
Mahesh Taru
2015-11-24 10:14:05 UTC
Note that real issue may not be that usergroup sync is enabled, but that logins are failing with usergroup sync enabled (due to sync hanging) Moving this out of 6.1.7 due to capacity issues. Will keep it on the 6.1.z and 6.2 trackers to ensure that it is evaluated for both. I've observed the following in production.log due to this failure "Operation FAILED: Insufficient Privileges to query groups data" Created redmine issue http://projects.theforeman.org/issues/14868 from this bug (In reply to Justin Sherrill from comment #4) > Note that real issue may not be that usergroup sync is enabled, but that > logins are failing with usergroup sync enabled (due to sync hanging) I think this is the key issue here. Customers may want to run with usergroup sync enabled, so it should not fail when that is set. I believe the error I noted in c#8 is applicable here. Upstream bug component is Provisioning I don't thing the description in the initial commit is valid. First of all, there was no usersync checkbox in 6.1.3, so one could not preform the step one and the installer doesn't touch the usersync flag there (other than setting the default). I agree the real issue would be the hanging itself, rather than the upgrade. Changing the component to treat it the right way there. Upstream bug assigned to dlobatog Upstream bug component is Provisioning Upstream bug component is Users & Roles I'm going to go with moving to POST as the original bug was not valid (we did not change any flag on the upgrade - just kept the original behavior by defaulting to true). The various 'hanging logins' mentioned in here (linked to issues upstream) have all already been merged and are in 6.2.z via ldap_fluff 0.4.3. I will check how to backport this to 6.1.z. To test this, I installed Sat6.1.11 and updated the ldap_fluff package to 0.4.3-1 as mentioned in the errata advisory. This was tested against Sat6.1.11 running on both RHEL6 and RHEL7. I have tested against admin role, katello role and foreman role and it appears to be working fine. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0060 |