Bug 1536663
| Summary: | Auth MIQLDAP AD - miqldap_to_sssd conversion fails for ldap. | |||
|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Matt Pusateri <mpusater> | |
| Component: | Appliance | Assignee: | Joe Vlcek <jvlcek> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Shriver <mshriver> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 5.9.0 | CC: | abellott, cpelland, jprause, jvlcek, obarenbo, simaishi | |
| Target Milestone: | GA | Keywords: | TestOnly, ZStream | |
| Target Release: | 5.10.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | auth:miqldap:ad | |||
| Fixed In Version: | 5.10.0.0 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1552776 (view as bug list) | Environment: | ||
| Last Closed: | 2019-02-11 14:05:50 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | CFME Core | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1552776 | |||
Also WebUI shows configured for External Auth but no users can log in. Matt User Type of Distinguish Name CN= is not supported on AD only on an LDAP IdP. If you can get an appliance that depicts this please file a new BZ. The UPN failure you are seeing is because you, wisely, entered the base_dn in mixed case and the miqldap_to_sssd tool needs to be updated to handle mixed case. I'll post a PR soon. JoeV Per discussion with JoeV CN= is sort of supported, but a low use case and miqldap_to_sssd does not consider CN= a AD configuration type. In any case I've split off the CN= portion of this bug into https://bugzilla.redhat.com/show_bug.cgi?id=1540725 So it can be handled differently due to it's low occurrence of being a configuration that's used. New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/11e3f8c0ba07fc1f62312a0387ed6cda456b629e commit 11e3f8c0ba07fc1f62312a0387ed6cda456b629e Author: Joe VLcek <jvlcek> AuthorDate: Wed Jan 31 17:15:27 2018 -0500 Commit: Joe VLcek <jvlcek> CommitDate: Fri Feb 2 13:14:37 2018 -0500 Support mixed case basedn. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1536663 .../miqldap_to_sssd/miqldap_configuration_spec.rb | 28 ++++++++++++++++++++++ tools/miqldap_to_sssd/miqldap_configuration.rb | 2 +- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 spec/tools/miqldap_to_sssd/miqldap_configuration_spec.rb Tested in CFME 5.10.0.30.20181218191323_900a416 I configured MIQLDAP for Active Directory, with UPN user type. Conversion via miqldap_to_sssd was successful, and I was able to login as an Active Directory user. |
Description of problem: Configuring MIQLDAP for LDAP with AD both with UPN and CN user types fails with a ruby stack trace. Appliance is configured in the UI for External Auth, but logins fail. Version-Release number of selected component (if applicable): 5.9.0.17 How reproducible: Steps to Reproduce: 1. Configure MIQLDAP for LDAP against AD. 2. Test that user can log in and shows up in users table. 3. Take snapshot of VM per docs. 4. In ssh shell run miqldap_to_sssd with no parameters. Actual results: Ruby errors out. [root@dhcp-8-198-52 ~]# miqldap_to_sssd Converting from unsecured LDAP authentication to SSSD. This is dangerous. Passwords are not encrypted /opt/rh/cfme-gemset/gems/awesome_spawn-1.4.1/lib/awesome_spawn.rb:105:in `run!': /bin/systemctl exit code: 1 (AwesomeSpawn::CommandResultError) from /opt/rh/cfme-gemset/gems/linux_admin-1.2.0/lib/linux_admin/common.rb:24:in `run!' from /opt/rh/cfme-gemset/gems/linux_admin-1.2.0/lib/linux_admin/service/systemd_service.rb:18:in `start' from /opt/rh/cfme-gemset/gems/linux_admin-1.2.0/lib/linux_admin/service/systemd_service.rb:33:in `restart' from /var/www/miq/vmdb/tools/miqldap_to_sssd/services.rb:14:in `restart' from /var/www/miq/vmdb/tools/miqldap_to_sssd/converter.rb:24:in `run' from /var/www/miq/vmdb/tools/miqldap_to_sssd/cli.rb:48:in `run' from /var/www/miq/vmdb/tools/miqldap_to_sssd/cli.rb:52:in `run' from tools/miqldap_to_sssd.rb:34:in `<module:MiqLdapToSssd>' from tools/miqldap_to_sssd.rb:27:in `<main>' Expected results: Conversion should complete without errors. Additional info: