Bug 1841142

Summary: [LDAP][HTTPS] Test Connection to LDAP https is failing on SAT 6.8, it works in SAT 6.7
Product: Red Hat Satellite Reporter: Omkar Khatavkar <okhatavk>
Component: LDAPAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED NOTABUG QA Contact: Omkar Khatavkar <okhatavk>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.8.0CC: tbrisker
Target Milestone: 6.8.0Keywords: Regression, Triaged
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-22 14:39:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Omkar Khatavkar 2020-05-28 13:19:44 UTC 
Description of problem:
[LDAP][HTTPS] Test Connection to LDAP https is failing on SAT 6.8, it works in SAT 6.7 

Version-Release number of selected component (if applicable):
Satellite 6.7 (passing)
Satellite 6.8 snap 2 (failing)

How reproducible:
Always

Steps to Reproduce:

1. Download the LDAP server (IDM )certificate to a temporary location.

You can get it from e.g. https://freeipa.example.com/ipa/config/ca.crt

2. Trust the Certificate.

Copy the certificate at /etc/pki/ca-trust/source/anchors/ on  foreman server.

# cp ipa_ca.crt /etc/pki/ca-trust/source/anchors/

# update-ca-trust extract

# restorecon -R /etc/pki/ca-trust/source/anchors/

# systemctl restart httpd

3. Try now test connection for LDAP (IDM) server with https 

Actual results:
Currently, Test Connection is failing with an ERF50-1006 [Foreman::WrappedException]: Unable to connect to LDAP server ([Net::LDAP::Error]: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain))

Expected results:
Test Connection should not fail. 


Additional info:
The same Test is passing for Satellite 6.7

Error Log:
2020-05-28T09:18:52 [I|app|ea907e1a] Started PUT "/auth_source_ldaps/test_connection" for 127.0.0.1 at 2020-05-28 09:18:52 -0400
2020-05-28T09:18:52 [I|app|ea907e1a] Processing by AuthSourceLdapsController#test_connection as */*
2020-05-28T09:18:52 [I|app|ea907e1a]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"tiJQvE8He5ON5AwxECkR773pQ7EzG5sutJWupoMyOOg1q0wYqOGDxj+r7B0zHoe5MpUIJ1H00Ngx6qNjIK58TQ==", "auth_source_ldap"=>{"name"=>"dEeiek1wqn", "host"=>"qe-sat6-ipa.satqe.lab.eng.rdu2.redhat.com", "tls"=>"1", "port"=>"636", "server_type"=>"free_ipa", "account"=>"uid=foreman,cn=users,cn=accounts,dc=satqe,dc=lab,dc=eng,dc=rdu2,dc=redhat,dc=com", "base_dn"=>"cn=users,cn=accounts,dc=satqe,dc=lab,dc=eng,dc=rdu2,dc=redhat,dc=com", "groups_base"=>"cn=foobargroup,cn=groups,cn=accounts,dc=satqe,dc=lab,dc=eng,dc=rdu2,dc=redhat,dc=com", "use_netgroups"=>"0", "ldap_filter"=>"", "onthefly_register"=>"1", "usergroup_sync"=>"1", "attr_login"=>"uid", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>"jpegPhoto", "location_ids"=>["", "2", "11"], "organization_ids"=>["", "1", "10"]}, "fakepassword"=>"[FILTERED]"}
2020-05-28T09:18:52 [W|app|ea907e1a] Failed to connect to LDAP server
2020-05-28T09:18:52 [I|app|ea907e1a] Completed 422 Unprocessable Entity in 137ms (Views: 0.5ms | ActiveRecord: 7.4ms | Allocations: 9572)