Bug 1343517

Summary: When using external auth and removing a user from all groups the user's groups are not updated and he is still able to log-in to CFME Web-UI
Product: Red Hat CloudForms Management Engine Reporter: John Prause <jprause>
Component: ApplianceAssignee: Joe Vlcek <jvlcek>
Status: CLOSED ERRATA QA Contact: amogh <amavinag>
Severity: high Docs Contact:
Priority: high    
Version: 5.4.0CC: abellott, cpelland, gtanzill, hkataria, jhardy, mpovolny, obarenbo, simaishi
Target Milestone: GAKeywords: Reopened, ZStream
Target Release: 5.6.2   
Hardware: All   
OS: Linux   
Whiteboard: ldap
Fixed In Version: 5.6.2.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1342082 Environment:
Last Closed: 2016-10-04 14:26:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: Unknown Target Upstream Version:
Embargoed:

Comment 2 Joe Vlcek 2016-06-27 14:36:16 UTC 
I am closing this as NOTABUG. The code works as designed and the desired functionality is obtained by:

If you no longer want an IPA user to be able to log into CMFE
the best thing to do would be to log into the IPA server and reconfigure
the user so they no longer belong to the groups configured on CFME.

Please reopen with more information if you feel this is still an issue.
Comment 3 Joe Vlcek 2016-08-19 13:46:37 UTC 
Reopening: After researching more I have discovered this is an issue on 5.6.z
Comment 4 Joe Vlcek 2016-08-24 22:13:10 UTC 
$ git cherry-pick -x -m 1  426e642     
[darga bab3149] Merge pull request #10634 from jvlcek/bz_1342082_ext_auth_groups
 Author: Gregg Tanzillo <gtanzill>
 Date: Wed Aug 24 11:43:15 2016 -0400
 2 files changed, 25 insertions(+), 1 deletion(-)

$ git log
commit bab3149e524e31922ef355acb80219572bc00b77
Author: Gregg Tanzillo <gtanzill>
Date:   Wed Aug 24 11:43:15 2016 -0400

    Merge pull request #10634 from jvlcek/bz_1342082_ext_auth_groups

    Update the user when there are no matching groups
    (cherry picked from commit 426e6420e94cb050311ea99992db43dd490992d8)
Comment 5 Satoe Imaishi 2016-08-25 12:55:14 UTC 
PR: https://github.com/ManageIQ/manageiq/pull/10634
Comment 6 amogh 2016-10-02 04:39:24 UTC 
Verified in 5.6.2.1.20160922130607_92d5b5e. Issue is not reproducible.

When users group is deleted, user login to CFME fails with expected Error message "Login not allowed, User's User is missing. Please contact the administrator"
Comment 8 errata-xmlrpc 2016-10-04 14:26:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-1996.html