| Summary: | ldap authentication works for any string appended to correct password. | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | amogh <amavinag> |
| Component: | Appliance | Assignee: | Joe Vlcek <jvlcek> |
| Status: | CLOSED NOTABUG | QA Contact: | Matt Pusateri <mpusater> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.7.0 | CC: | abellott, amavinag, cpelland, dajohnso, jhardy, mpusater, obarenbo |
| Target Milestone: | GA | Keywords: | Reopened |
| Target Release: | 5.7.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | auth:ldap | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-03-16 19:53:06 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
|
Description
amogh
2016-10-26 03:11:57 UTC
I just tried and I am unable to reproduce this. Can I access the system where this is being observed? Amogh had sent me the below email, which provides an answer to the NEEDINFO. --- Hi JoeV, Not sure which version you are using. I think it would be good to check/reproduce this on 5.7.0.6-alpha3.20161019140041_ea8e259. and then check this on the latest build. Use the same openldap setup/mojo that I provided you and try login with "ldaptest / ldaptestinvalidpass" Thanks, Amogh --- I am marking this "CLOSED WORKSFORME". I have been unable to reproduce this issue on 3 different builds. cfme-vsphere-5.7.0.6-1.x86_64.vsphere.ova from 19-Oct-2016 cfme-vsphere-5.7.0.17-1.x86_64.vsphere.ova from 19-Dec-2016 manageiq-vsphere-euwe-201701050200-c3ab503d03.ova from 05-Jan-2017 If it can be recreated please provide more data and reopen. Thank you, JoeV I just reproduced this with MIQ LDAP with OpenLDAP on 5.6.4.2. It didn't happen with AD. Also same behavior with External Auth and OpenLDAP (In reply to Matt Pusateri from comment #8) > Also same behavior with External Auth and OpenLDAP Matt, Can you please PM me the credentials for the systems where you've reproduced this? JoeV Matt, So I do observer the failure on your VM. but I am still unable to reproduce this on a fresh install of 5.6.4.2 I've tried both "Mode: LDAP" and "Mode: External (httpd)" Also: Oddly the CFME code does not authenticate the password. It relies on OpenLDAP to do it. The handshake looks like this: CFME -> LDAP "is this username/password valid" LDPA -> CFME "yes or no" So can you please try to validate the password with the trailing characters directly on your LDAP server, take CFME out of the picture. Please ping me to pair up on this exercise if you would like. Although there does seem to be something odd going on I am not able to reproduce it, which makes me think this is surely not a blocker. JoeV Matt provided me with the credentials to the OpenLDAP he is using for testing. I pointed Apache Directory Studio at both the "QE OpenLDAP" and "My OpenLDAP". When attempting to verify a password on "My OpenLDAP" trailing characters are not ignored and the password verification fails. However when attempting to verify a password on "QE OpenLDAP" the trailing characters are ignored and the password verification succeeds. This test takes the CFME product out of the picture and it clearly shows that the problem lies with the "QE OpenLDAP" server. Matt and I both agree this bug can be closed. |