Bug 1300687

Summary: ldap user cannot authenticate
Product: Red Hat Storage Console Reporter: Martin Kudlej <mkudlej>
Component: coreAssignee: Timothy Asir <tjeyasin>
core sub component: authentication QA Contact: sds-qe-bugs
Status: CLOSED CURRENTRELEASE Docs Contact:
Severity: unspecified    
Priority: unspecified CC: khartsoe, mkudlej, nthomas, sankarshan
Version: 2   
Target Milestone: ---   
Target Release: 2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-19 05:33:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Martin Kudlej 2016-01-21 13:13:01 UTC 
Description of problem:
I've set up ldap as auth provider and I can see users by calling "externalusers" function. I was not able to authenticate as ldap user into USM UI and API. I expect that after configuring ldap, users can login without any importing, please see MVP-042.

Version-Release number of selected component (if applicable):
rhscon-ui-0.0.6-0.1.alpha1.el7.noarch
rhscon-core-0.0.6-0.1.alpha1.el7.x86_64
rhscon-ceph-0.0.4-0.1.alpha1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. configure ldap auth provider
2. try to log in as one of ldap users

Actual results:
ldap user cannot log in.

Expected results:
ldap users can log in and have proper role.
Comment 1 Nishanth Thomas 2016-02-17 07:12:39 UTC 
This is not a bug.
By design and based on the grooming/UX discussions, user must be imported to USM. If the user is not imported, USM treat the user as invalid and will not continue with login.
Comment 3 Jeff Applewhite 2016-03-18 18:33:07 UTC 
So according to my expectation an external LDAP could potentially have 1000's of users. Obviously only a small subset would need to log into USM. Is the term "import" meant to allow this type of access? i.e. although the authentication is delegated to the ldap system, the "import" allows that person access to USM? If so then I would say this bug is invalid, but the use of the word "import" might be confusing to some users. Perhaps this is only a documentation issue.
Comment 4 Nishanth Thomas 2016-03-21 05:42:43 UTC 
That is right Jeff.
Import means adding a subset of users who can access USM from LDAP
Comment 5 Martin Kudlej 2016-07-01 15:17:49 UTC 
User import tested with 
rhscon-core-0.0.29-1.el7scon.x86_64
rhscon-ui-0.0.43-1.el7scon.noarch
and it works. --> Verified

I agree that current implementation is more logical than fuzzy Requirement.