Red Hat Bugzilla – Full Text Bug Listing
|Summary:||delete a role which is linked to an LDAP group is failing with a database constraint|
|Product:||[Other] RHQ Project||Reporter:||Tom Fonteyne <tfonteyn>|
|Component:||Database||Assignee:||Simeon Pinder <spinder>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Mike Foley <mfoley>|
|Version:||3.0.1||CC:||hrupp, skondkar, spinder|
|Target Release:||RHQ 4.3.0|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2013-08-31 06:16:26 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||738209, 760116, 812193|
Description Tom Fonteyne 2011-11-17 06:56:08 EST
Description of problem: I am logged in as "rhqadmin" and when deleting a role which is linked to an LDAP group, I'm getting the following error: You do not have permission to remove selected role(s). The following is logged in rhq-server-log4j.log file: ... WARN [org.hibernate.util.JDBCExceptionReporter] SQL Error: 2292, SQLState: 23000 WARN [org.hibernate.util.JDBCExceptionReporter] SQL Error: 2292, SQLState: 23000 ERROR [org.hibernate.util.JDBCExceptionReporter] ORA-02292: integrity constraint (JONDBUSR.SYS_C0013011) violated - child record found ERROR [org.hibernate.event.def.AbstractFlushingEventListener] Could not synchronize database state with session org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update Version-Release number of selected component (if applicable): JON 2.4.1 How reproducible: always Steps to Reproduce: 1. In the LDAP server, create a group and a user belonging to this group 2. setup JON to use LDAP authentication, and add the needed group filter to find said group. 3. In JON, create a role, and assign the LDAP group to it 4. Login with the user, and register in JON as normal. 5. You can now see an entry in RHQ_SUBJECT_ROLE_LDAP_MAP 6. Delete the role now Actual results: Step 6 fails with above error + Exception Expected results: That the role is deleted Additional info: workaround is: Start with removing the LDAP group(s) from the role you wish to delete. Now use this SQL to find the role id: SELECT * FROM rhq_role_ldap_group WHERE ldap_group_name LIKE 'the group you want'; Next delete from the join table, where (for example) 12345 is the role_id you got from the aboev select: DELETE FROM RHQ_SUBJECT_ROLE_LDAP_MAP WHERE role_id=12345; Lastly remove the role as normal An alternative solution is to delete all the users belonging to this role; followed by normally removing the role.
Comment 1 Simeon Pinder 2011-12-09 18:11:08 EST
This is fixed with commit 0753aae5cab0 to master. For some reason hibernate was not loading the external LDAP Groups correctly. Fix was to explicitly load the lazy references before updating on a remove. Moving this to ON_QA.
Comment 2 Sunil Kondkar 2011-12-12 04:21:33 EST
Verified in latest master build#827 (Version: 4.3.0-SNAPSHOT Build Number: 0753aae) Followed the steps and verified that the role which is linked to an LDAP group is deleted successfully. No errors are observed in server log. marking as verified.
Comment 3 Mike Foley 2012-02-07 14:23:41 EST
<removing erroneous comment> Putting this bug back to VERIFIED since its only been fixed in master currently
Comment 4 Heiko W. Rupp 2013-08-31 06:16:26 EDT
Bulk close of old bugs in VERIFIED state.