| Summary: | SSUI authentication fails for LDAP users in nested OUs | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | ncatling |
| Component: | Appliance | Assignee: | Gregg Tanzillo <gtanzill> |
| Status: | CLOSED DEFERRED | QA Contact: | Mike Shriver <mshriver> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.6.0 | CC: | abellott, calba, cpelland, greartes, hkataria, jhardy, mpovolny, obarenbo, simaishi, yrudman |
| Target Milestone: | GA | ||
| Target Release: | cfme-future | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | ssui:ldap | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-08-15 13:51:59 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
Closing this BZ since 5.6 is in "Maintenance Support" phase. Please check on latest released version and create another BZ if needed. |
Description of problem: LDAP users in nested OUs unable to log in to SSUI without supplying full DN. Same user can successfully log in to CF admin portal. Version-Release number of selected component (if applicable): CFME 5.6.1 How reproducible: Steps to Reproduce: 1. Set LDAP authentication config, for example :basedn: OU=Persons,0=domain :user_type: samaccountname 2. Log in to SSUI with userid 3. Login fails, producing this error in evm (note successful and failed messages): WARN -- : MIQ(Authenticator::Ldap#authorize) Authentication failed for userid userid, unable to find user object in LDAP WARN -- : <AuditFailure> MIQ(Authenticator.block in authorize) userid: [userid] - Authentication failed for userid userid, unable to find user object in LDAP INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [userid] - Authentication successful for user userid ERROR -- : <API> MIQ(ApiController.api_error) MiqException::MiqEVMLoginError: Authentication failed 4. Log in to SSUI with user full DN, for example: CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain 5. Login successful, with this in evm log: INFO -- : MIQ(Authenticator::Ldap#authorize) Authorized User: [userid] [----] I, [2016-09-29T18:29:50.309468 #3772:187c098] INFO -- : MIQ(MiqTask#update_status) Task: [1000000012152] [Finished] [Ok] [User authorized successfully] [----] I, [2016-09-29T18:29:50.325692 #3772:187c098] INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain] - Authentication successful for user CN=userid,OU=E,OU=D,OU=External,OU=Persons,O=domain Actual results: Unable to log in with userid Expected results: Successful log in with userid Additional info: Same user can successfully log in to CF admin portal.