Bug 1404507

Summary:	Issue with Submit of User Group
Product:	Red Hat Satellite	Reporter:	Lester Claudio <claudiol>
Component:	Users & Roles	Assignee:	Daniel Lobato Garcia <dlobatog>
Status:	CLOSED ERRATA	QA Contact:	Sanket Jagtap <sjagtap>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	6.2.2	CC:	bbuckingham, bkearney, claudiol, dhlavacd, dlobatog, ehelms, jcallaha, mhulan, sjagtap, tbrisker
Target Milestone:	Unspecified	Keywords:	Triaged
Target Release:	Unused
Hardware:	x86_64
OS:	Linux
URL:	http://projects.theforeman.org/issues/18103
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-02-21 16:54:37 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	1516684
Bug Blocks:

Description Lester Claudio 2016-12-14 00:41:55 UTC

Description of problem:
When navigating to Administer > User Groups, selecting a group, checking a user and pressing the Submit button we get a message saying that something went wrong on the GUI. Checking the production.log file under /var/log/foreman we get the following error:
2016-12-13 16:22:05 [app] [I] Completed 500 Internal Server Error in 43ms
2016-12-13 16:22:05 [app] [F]
| AbstractController::DoubleRenderError (Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".):
| app/controllers/application_controller.rb:295:in `generic_exception'
| lib/middleware/catch_json_parse_errors.rb:9:in `call'

Version-Release number of selected component (if applicable):
[root@r2-infr-rhsat foreman]# cat /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_theme_satellite*/lib/foreman_theme_satellite/version.rb
module ForemanThemeSatellite
VERSION = "0.1.28"
#this file indicates the satellite version that will be represented on the login page.
SATELLITE_VERSION = "Satellite 6.2.2"
#this file indicates the satellite version that will be uesd on links to documentation.
SATELLITE_SHORT_VERSION = "6.2"
end

How reproducible:
Consistently see the error.

Steps to Reproduce:
1. Select the Administer menu option
2. Select the User Groups menu option
3. Select the group
4. Check the user you want to add to the group. The user is an LDAP user that was added automatically from IDM.
5. Press Submit

ERROR:
We're sorry, but something went wrong.

If you are the application owner check the logs for more information.

Actual results:

We're sorry, but something went wrong.

If you are the application owner check the logs for more information.

Expected results:
No Error

Additional info:
Any questions please contact Lester Claudio (claudiol) 719-331-0726

Thanks!
Lester

Comment 3 Tomer Brisker 2016-12-20 12:53:25 UTC

Hello Lester,
Could you please provide the full error message from production.log with logging set to debug level?

Comment 6 Daniel Lobato Garcia 2017-01-17 09:18:24 UTC

Lester, 

It looks like you have one or more LDAP authentication sources. In of these  sources, the username and password for FreeIPA is wrong, therefore when you submit the User group with external usergroups it fails, notice this in your logs:

 | LdapFluff::Generic::UnauthenticatedException: Could not bind to FreeIPA user admin

Now, I don't know how your FreeIPA setup looks like, but the username in the Foreman authentication source should be the full DN, like:

 "uid=foreman,cn=users,cn=accounts,dc=example,dc=com"

I realize this is a bit confusing taking into account that in Active Directory it's "DOMAIN\/Administator".

Please make sure the FreeIPA LDAP source credentials are set up correctly, and resubmit the usergroup. I believe it will work after taht.

I will nonetheless keep the issue open if you don't mind, as it's certainly not acceptable to handle the error like this, it should show in the UI whats going on.

Comment 7 Daniel Lobato Garcia 2017-01-17 09:32:17 UTC

Connecting redmine issue http://projects.theforeman.org/issues/18103 from this bug

Comment 9 Satellite Program 2017-05-30 08:17:29 UTC

Upstream bug assigned to dhlavacd

Comment 10 Satellite Program 2017-05-30 08:17:34 UTC

Upstream bug assigned to dhlavacd

Comment 11 Satellite Program 2017-05-30 10:17:53 UTC

Upstream bug assigned to dlobatog

Comment 12 Satellite Program 2017-05-30 10:17:58 UTC

Upstream bug assigned to dlobatog

Comment 14 Satellite Program 2017-10-24 10:25:31 UTC

Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/18103 has been resolved.

Comment 16 Sanket Jagtap 2017-12-27 07:12:49 UTC

Build: Satellite 6.3.0 snap30


When provided invalid creds Error was thrown
Unable to save
Could not refresh external usergroups: LdapFluff::Generic::UnauthenticatedException - Could not bind to FreeIPA user foreman - The authentication source of your external user groups could not connect to LDAP with the provided credentials. Please verify the credentials are still valid.

When Valid creds:

I am able to add the LDAP Auth, tested with AD and IDM
I was able to create usergroup and associate external usergroup from auth sources.
The users in the user group from auth sources successfully inherited the permissions from the user group
I was able to refresh the external groups.
No error or traceback was seen

Comment 17 Satellite Program 2018-02-21 16:54:37 UTC

Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336