Bug 534809 (RHQ-156)

Summary:	test LDAP integration
Product:	[Other] RHQ Project	Reporter:	John Mazzitelli <mazz>
Component:	No Component	Assignee:	Heiko W. Rupp <hrupp>
Status:	CLOSED NEXTRELEASE	QA Contact:	Heiko W. Rupp <hrupp>
Severity:	medium	Docs Contact:
Priority:	high
Version:	unspecified	Keywords:	Task
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	All
URL:	http://jira.rhq-project.org/browse/RHQ-156
Whiteboard:
Fixed In Version:	1.0	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description John Mazzitelli 2008-03-19 14:16:00 UTC

we should test the LDAP integration - it hasn't been looked at in a while.

test misconfiguring the LDAP settings and make sure it doesn't blow up all our JAAS modules (I've seen a case where misconfiguring the port number in the LDAP configuration settings (put a quote in the number to force a number format exception) causes all our JAAS modules to fail to deploy and you couldn't log in as any user, including rhqadmin - very bad).

Comment 1 Charles Crouch 2008-04-02 16:23:00 UTC

Testing this includes testing all the user-registration stuff for users defined only in LDAP

Comment 2 Heiko W. Rupp 2008-04-07 11:56:24 UTC

When the connection to ldap is not possible it is still possible to log in as the default admin.

Comment 3 John Mazzitelli 2008-04-07 12:20:34 UTC

re: the last comment about "still possible to log in as default rhqadmin".  Just to be clear, this is to be expected.  From http://support.rhq-project.org/display/RHQ/Design-LDAP+Integration:

"Irrespective of whether LDAP is selected for authentication, the credentials of the root user rhqadmin (and those of the built-in super-user, Overlord) are stored in the internal database."

Comment 4 Heiko W. Rupp 2008-04-07 12:28:53 UTC

Well, the reporter of that case stated:
" ... and you couldn't log in as any user, including rhqadmin - very bad "  ...

Comment 5 John Mazzitelli 2008-04-07 12:46:09 UTC

Ah, right - that was due to the fact that the user entered an invalid LDAP server port number, which caused a NumberFormatException which in turn caused all of our JAAS modules to fail to deploy (including our JDBC login module).

Comment 6 Heiko W. Rupp 2008-04-07 13:24:15 UTC

Authenticating a user through ldap works. A user with a bad password is correctly rejected. The rejection message is not nice, but the functionality is there.

Comment 7 Heiko W. Rupp 2008-04-07 14:13:25 UTC

Using ssl gives
15:29:37,367 INFO  [CustomJaasDeploymentService] Disabling JON LDAP JAAS Provider: localhost:636
javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.ClassNotFoundException: No ClassLoaders found for: net.hyperic.util.security.UntrustedSSLSocketFactory]

But even after supplying the packages, there are still issues, that I am looking in.

Comment 8 Heiko W. Rupp 2008-04-07 15:45:05 UTC

Fixed in r547.
The remaining issue was an issue with the SSL cert on the openldap side and no RHQ issue.

Comment 9 Heiko W. Rupp 2008-06-19 10:00:13 UTC

Code level fixes - already in 1.0

Comment 10 Red Hat Bugzilla 2009-11-10 20:35:50 UTC

This bug was previously known as http://jira.rhq-project.org/browse/RHQ-156