Bug 1290187

Summary: Cannot configure external authentication (httpd) with non-generic server domain
Product: Red Hat CloudForms Management Engine Reporter: John Prause <jprause>
Component: ApplianceAssignee: Gregg Tanzillo <gtanzill>
Status: CLOSED ERRATA QA Contact: Milan Falešník <mfalesni>
Severity: high Docs Contact:
Priority: high    
Version: 5.4.0CC: abellott, dajohnso, fdewaley, gtanzill, jdeubel, jhardy, jprause, mfeifer, obarenbo, snansi, twade
Target Milestone: GAKeywords: ZStream
Target Release: 5.5.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: FailedQA
Fixed In Version: 5.5.2.1 Doc Type: Bug Fix
Doc Text:
In the previous version of CloudForms Management Engine, it was not possible to configure the appliance to authenticate against a Red Hat IPA domain server if the IPA domain name was composed of only a top-level domain name. This was due to validation that required the IPA domain name to contain a sub-domain name and a top-level domain name. This bug was fixed by relaxing the validation rule to allow the IPA domain name to be composed of only a top-level domain name. With this change, it is possible to configure an appliance running the new version of CloudForms Manamgent Engine to authenticate against an IPA domain with a domain name composed of only a top-level domain.
Story Points: ---
Clone Of: 1247787 Environment:
Last Closed: 2016-02-10 15:23:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1247787    
Bug Blocks:    

Comment 2 Tim Wade 2015-12-14 16:52:36 UTC
PR: https://github.com/ManageIQ/manageiq/pull/5812

Comment 3 Marianne Feifer 2016-01-11 00:39:31 UTC
GT, I'm trying to draft doc text for this, but I'm finding it hard to follow.  

What we need is:

What caused the problem?

What was the consequence?

What fixed it?

Comment 4 Tim Wade 2016-01-12 16:08:25 UTC
Marianne,

I'll try my best to summarize:

| What caused the problem?
| 

Validation for external authentication prevented the customer from entering a top-level domain under IPA server domain.

| What was the consequence?
|

They couldn't configure external authentication

| What fixed it?
| 

We relaxed the validation to allow top-level domains.

Let me know if you have any further questions.

Tim

Comment 9 Milan Falešník 2016-01-25 10:32:39 UTC
# vmdb
# cat VERSION 
5.5.2.2

# appliance_console   # Then Enter, 10, Enter

Configure External Authentication (httpd)


IPA Server Parameters:

Enter the IPA Server Hostname: test1.domain
Enter the IPA Server Domain: domain
Enter the IPA Server Realm: |DOMAIN| 
Enter the IPA Server Principal: |admin| 
Enter the IPA Server Principal Password: ***

External Authentication (httpd) Configuration:
IPA Server Details:
  Hostname:       test1.domain
  Domain:         domain
  Realm:          DOMAIN
  Naming Context: dc=domain
  Principal:      admin

Proceed? (Y/N):
=========================================
So it now accepts the TLD as a domain.

Comment 10 errata-xmlrpc 2016-02-10 15:23:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:0159