Description of problem:
LDAP users in nested OUs unable to log in to SSUI without supplying full DN. Same user can successfully log in to CF admin portal.
Version-Release number of selected component (if applicable):
CFME 5.6.1
How reproducible:
Steps to Reproduce:
1. Set LDAP authentication config, for example
:basedn: OU=Persons,0=domain
:user_type: samaccountname
2. Log in to SSUI with userid
3. Login fails, producing this error in evm (note successful and failed messages):
WARN -- : MIQ(Authenticator::Ldap#authorize) Authentication failed for userid userid, unable to find user object in LDAP
WARN -- : <AuditFailure> MIQ(Authenticator.block in authorize) userid: [userid] - Authentication failed for userid userid, unable to find user object in LDAP
INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [userid] - Authentication successful for user userid
ERROR -- : <API> MIQ(ApiController.api_error) MiqException::MiqEVMLoginError: Authentication failed
4. Log in to SSUI with user full DN, for example:
CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain
5. Login successful, with this in evm log:
INFO -- : MIQ(Authenticator::Ldap#authorize) Authorized User: [userid]
[----] I, [2016-09-29T18:29:50.309468 #3772:187c098] INFO -- : MIQ(MiqTask#update_status) Task: [1000000012152] [Finished] [Ok] [User authorized successfully]
[----] I, [2016-09-29T18:29:50.325692 #3772:187c098] INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain] - Authentication successful for user CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain
Actual results:
Unable to log in with userid
Expected results:
Successful log in with userid
Additional info:
Same user can successfully log in to CF admin portal.
Description of problem: LDAP users in nested OUs unable to log in to SSUI without supplying full DN. Same user can successfully log in to CF admin portal. Version-Release number of selected component (if applicable): CFME 5.6.1 How reproducible: Steps to Reproduce: 1. Set LDAP authentication config, for example :basedn: OU=Persons,0=domain :user_type: samaccountname 2. Log in to SSUI with userid 3. Login fails, producing this error in evm (note successful and failed messages): WARN -- : MIQ(Authenticator::Ldap#authorize) Authentication failed for userid userid, unable to find user object in LDAP WARN -- : <AuditFailure> MIQ(Authenticator.block in authorize) userid: [userid] - Authentication failed for userid userid, unable to find user object in LDAP INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [userid] - Authentication successful for user userid ERROR -- : <API> MIQ(ApiController.api_error) MiqException::MiqEVMLoginError: Authentication failed 4. Log in to SSUI with user full DN, for example: CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain 5. Login successful, with this in evm log: INFO -- : MIQ(Authenticator::Ldap#authorize) Authorized User: [userid] [----] I, [2016-09-29T18:29:50.309468 #3772:187c098] INFO -- : MIQ(MiqTask#update_status) Task: [1000000012152] [Finished] [Ok] [User authorized successfully] [----] I, [2016-09-29T18:29:50.325692 #3772:187c098] INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain] - Authentication successful for user CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain Actual results: Unable to log in with userid Expected results: Successful log in with userid Additional info: Same user can successfully log in to CF admin portal.