Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1496950

Summary: Unable to add AD LDAP Auth Source
Product: Red Hat Satellite Reporter: Kedar Bidarkar <kbidarka>
Component: Users & RolesAssignee: Tomas Strachota <tstrachota>
Status: CLOSED ERRATA QA Contact: Kedar Bidarkar <kbidarka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.3.0CC: bbuckingham, dhlavacd, ehelms, inecas, mhulan, rplevka, tstrachota
Target Milestone: UnspecifiedKeywords: Regression, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-21 17:29:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Before hitting sumbit we don't see netgroup option upon selecting server-type
none
After hitting sumbit and submit fails we do see netgroup option under account tab none

Description Kedar Bidarkar 2017-09-28 19:28:55 UTC 
Description of problem:
Unable to add AD LDAP Authentication Source

WEBUI:
Trying to add "AD LDAP Authentication Source" results in "no error".

CLI:
hammer -u admin -p changeme auth-source ldap create --account foobar --account-password Xyz@123 --attr-firstname givenName --attr-login sAMAccountName --attr-lastname sn --attr-mail mail --base-dn "cn=Users,dc=satqe,dc=redhat,dc=com" --groups-base "cn=foobargroup,dc=satqe,dc=redhat,dc=com" --onthefly-register true --name win10452 --organization-ids 1 --location-ids 2 --port 389 --server-type active_directory --tls false --usergroup-sync true --host 10.xx.yy.zz .
Could not create the Auth Source:
  resource have no errors


Version-Release number of selected component (if applicable):

Sat6.3.0-snap17.0


How reproducible:

when try to create only "AD LDAP Auth Source".

Creating "IPA LDAP Auth Source" works fine.

Trying to create "AD LDAP Auth Source" via the same hammer-cli command on a sat6.2 setup works.


Steps to Reproduce:
1.
2.
3.

Actual results:

Fails to save the "AD LDAP Auth Source".

production.log throws the below output, when run via WEBUI:

2017-09-28 14:11:00 4c241c2b [app] [I] Current user: admin (administrator)
2017-09-28 14:11:00 4c241c2b [app] [I] Failed to save: 
2017-09-28 14:11:00 4c241c2b [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (9.7ms)
2017-09-28 14:11:00 4c241c2b [app] [I]   Rendered auth_source_ldaps/_form.html.erb (28.2ms)
2017-09-28 14:11:00 4c241c2b [app] [I]   Rendered auth_source_ldaps/new.html.erb (29.0ms)
2017-09-28 14:11:00 4c241c2b [app] [I] Completed 200 OK in 66ms (Views: 28.4ms | ActiveRecord: 5.9ms)

production.log throws the below output, when run via CLI:

2017-09-28 15:27:14 e2915bdb [app] [I] Current user: foreman_admin (administrator)
2017-09-28 15:27:14 e2915bdb [app] [I] Authorized user admin(Admin User)
2017-09-28 15:27:14 e2915bdb [app] [I] Current user: admin (administrator)
2017-09-28 15:27:14 e2915bdb [app] [W] Action failed
 | RuntimeError: resource have no errors
 | /usr/share/foreman/app/controllers/api/base_controller.rb:124:in `process_resource_error'
 | /usr/share/foreman/app/controllers/api/base_controller.rb:144:in `process_response'
 | /usr/share/foreman/app/controllers/api/v2/auth_source_ldaps_controller.rb:60:in `create'


Expected results:

We should be able to save the "AD LDAP Auth Source".



Additional info:
Comment 2 Kedar Bidarkar 2017-10-01 08:28:41 UTC 
Created attachment 1332880 [details]
Before hitting sumbit we don't see netgroup option upon selecting server-type
Comment 3 Kedar Bidarkar 2017-10-01 08:30:13 UTC 
Created attachment 1332881 [details]
After hitting sumbit and submit fails we do see netgroup option under account tab
Comment 4 Kedar Bidarkar 2017-10-01 08:31:33 UTC 
So feel, "Unable to add AD LDAP Auth Source" could be related to the introduction of, "Use NIS netgroups instead of posix groups" under the Accounts Tab of "LDAP Auth Source" creation.
Comment 5 Kedar Bidarkar 2017-10-02 16:52:07 UTC 
*** Bug 1497722 has been marked as a duplicate of this bug. ***
Comment 6 Tomas Strachota 2017-10-03 10:56:36 UTC 
Created redmine issue http://projects.theforeman.org/issues/21175 from this bug
Comment 7 Satellite Program 2017-10-04 14:29:32 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/21175 has been resolved.
Comment 8 Kedar Bidarkar 2017-10-11 15:30:55 UTC 
We can now add AD LDAP auth source successfully.


VERIFIED with sat6.3.0-snap19.0


NOTE: But, now currently creation of AD Usergroup is broken.
Comment 9 Bryan Kearney 2018-02-21 17:29:29 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336