Bug 1440656

Summary: [AAA] No validation for user specified base DN unless Login or Search flows are invoked within setup tool
Product: [oVirt] ovirt-engine-extension-aaa-ldap Reporter: Gonza <grafuls>
Component: SetupAssignee: Ondra Machacek <omachace>
Status: CLOSED CURRENTRELEASE QA Contact: Gonza <grafuls>
Severity: medium Docs Contact:
Priority: unspecified    
Version: masterCC: bugs, mperina, stirabos
Target Milestone: ovirt-4.1.3Flags: rule-engine: ovirt-4.1+
Target Release: 1.3.2   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 1.3.2 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-06 13:19:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gonza 2017-04-10 08:15:12 UTC 
Description of problem:
When prompted for custom base DN during LDAP setup, there is no validation for a bad base DN format.

Version-Release number of selected component (if applicable):
ovirt-engine-extension-aaa-ldap-1.3.1-1.el7ev.noarch

How reproducible:
100%

Steps to Reproduce:
1. Run ovirt-engine-extension-aaa-ldap-setup and input values for configuring RHDS
2. When prompted for base DN, input bad custom base DN: badcustom=basedn,reallybad

Actual results:
Setup does not fail, no validation for bad base DN

Expected results:
Setup should FAIL
Comment 1 Martin Perina 2017-04-10 09:20:40 UTC 
*** Bug 1440658 has been marked as a duplicate of this bug. ***
Comment 2 Martin Perina 2017-04-10 09:30:11 UTC 
We don't validate any user input except username/password and LDAP server during Setup flow of ovirt-engine-extension-aaa-ldap-setup, because we perform only basic authentication test. If user wants to test his configuration, he needs to perform Login or Search flows within setup tool, because only those flows can really validate configuration. Also be aware that user needs to verify output from those flows carefully, because even without any errors raised, we can fetch inaccurate data from LDAP server.

So we will add basic format test for user specified base DN in Setup, but as mentioned above the only real validation can be done by invoking Login and Search flows of the setup tool
Comment 4 Gonza 2017-06-05 07:17:06 UTC 
Tried with:
ovirt-engine-extension-aaa-ldap-1.3.2-0.0.master.gitabe7725.el7.centos.noarch

There is still no basic format test for user specified base DN in Setup.
Comment 5 Red Hat Bugzilla Rules Engine 2017-06-05 07:17:12 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 7 Gonza 2017-06-06 08:11:31 UTC 
Verified with:
ovirt-engine-extension-aaa-ldap-setup-1.3.2-1.el7ev.noarch

Please enter base DN (dc=rhev,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com) [dc=rhev,dc=lab,dc=eng,dc=brq,dc=redhat,dc=com]: badcustom=basedn,reallybad
[ ERROR ] 'badcustom=basedn,reallybad' is not valid DN