Bug 578485
| Summary: | LDAP: Screen to assign rhq role to ldap group on active directory returns a java exception. | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] RHQ Project | Reporter: | Sunil Kondkar <skondkar> | ||||||||||||
| Component: | Configuration | Assignee: | Simeon Pinder <spinder> | ||||||||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Corey Welton <cwelton> | ||||||||||||
| Severity: | medium | Docs Contact: | |||||||||||||
| Priority: | low | ||||||||||||||
| Version: | 3.0.0 | ||||||||||||||
| Target Milestone: | --- | ||||||||||||||
| Target Release: | --- | ||||||||||||||
| Hardware: | All | ||||||||||||||
| OS: | Linux | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | 2.4 | Doc Type: | Bug Fix | ||||||||||||
| Doc Text: | Story Points: | --- | |||||||||||||
| Clone Of: | Environment: | ||||||||||||||
| Last Closed: | 2010-08-12 16:58:13 UTC | Type: | --- | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Embargoed: | |||||||||||||||
| Bug Depends On: | |||||||||||||||
| Bug Blocks: | 577267 | ||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
Sunil Kondkar
2010-03-31 13:19:24 UTC
Created attachment 403749 [details]
Screenshot for error
Created attachment 403750 [details]
screenshot of LDAP Configuration Properties set
Created attachment 403751 [details]
Stack trace for error
Ok, we'll take this one and see if we can reproduce.
> Active directory URL: ldap://10.65.201.130:389 (ldap://win2k3red.test.pnq.com)
> javax.naming.CommunicationException: test.pnq.com:389
the different hostnames looks very suspicious. Could be a DNS problem
I am not able to reproduce this bug. When I click on the 'All Resources' Role and attempt to add ldap groups, the gui proceeds to display the available groups without error. The host names and ports from configuration image do not match up with the error messages listed in the attached server log. This looks like a misconfiguration problem on the QA side. Please attempt to re-produce this issue again with a working and configured directory server. We sorted through the dns and configuration issues and confirmed that this is still a problem. Please update this case with the specific 'Active Directory' version and OS details for the ldap host that you are using to connect to. Below are the details: OS: Windows Server 2003 Active Directory version: Windows Server 2003 active directory Hostname: win2k3red.test.pnq.com Note: The ldap user authorization and ldap group mapping to rhq roles is working in redhat active directory server. For windows active directory server, the ldap user authorization with rhq is working fine. (users existing on windows AD server are able to login to rhq). However, windows AD server group mapping to rhq roles is not working. For more details, below is the ldapsearch command: /usr/lib64/mozldap/ldapsearch -x -h win2k3red.test.pnq.com -p 389 -D "cn=Administrator,cn=users,dc=test,dc=pnq,dc=com" -w RedHat123 -b "dc=test,dc=pnq,dc=com" -s sub "objectclass=computer" dn dnshostname operatingsystem version: 1 dn: CN=WIN2K3RED,OU=Domain Controllers,DC=test,DC=pnq,DC=com operatingSystem: Windows Server 2003 dNSHostName: win2k3red.test.pnq.com Created attachment 407109 [details]
Updated screenshot of error
cleaned up after filtered out incorrect configuration details.
Created attachment 407110 [details]
Full error from browser.
This issue has the same cause as 580127 but manifests on a different set of screens. This issue has been fixed as of master build >= 218. Details: A number of problems detected: i)group data objects used by the UI could be affected by ldap communication. ii) problems in ldap communication were thrown as runtime exceptions to the browser iii)configuration changes could easily cause ldap communication problems. Solution: Fixed group data object instantiation mechanism for UI and modified the UI to detect ldap failures logging on server side while displaying ui messages on client. Commit hash: 07b28294ef1811d7877153de9516dfa6252fd2e3 A final note that the 'group filter' value shown in the credentials/setup screenshot is invalid as must be in form key=value. Verified on Jon build#103 (Revision: 10609). User is able to map the rhq role to ldap group on active directory. The screen to assign rhq role displays the ldap group. Mass-closure of verified bugs against JON. |