Bug 812193

Summary: LDAP: Failed to delete role when LDAP group is assigned to the role
Product: [JBoss] JBoss Operations Network Reporter: Larry O'Leary <loleary>
Component: SecurityAssignee: Larry O'Leary <loleary>
Status: CLOSED NEXTRELEASE QA Contact: Mike Foley <mfoley>
Severity: high Docs Contact:
Priority: urgent    
Version: JON 3.0.0   
Target Milestone: ---   
Target Release: JON 3.0.2   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-06 03:38:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 754693    
Bug Blocks: 818029    

Description Larry O'Leary 2012-04-13 02:42:41 UTC 
+++ This bug was initially created as a clone of Bug #738209 +++

Description of problem:

An LDAP user is a member of LDAP group. The LDAP group is assigned to the RHQ role. Logged in to RHQ as the ldap user. After logout and login as rhqadmin, tried to delete the role which gives the error "Failed to delete role" in UI and the server log displays errors. Please find attached the server log for more details.

Version-Release number of selected component (if applicable):
Build#394 (Version: 4.1.0-SNAPSHOT Build Number: 967a430)

LDAP configuration Details

Redhat Directory Server 8.2.0

URL-> ldap://10.65.201.169:1389
Username: cn=Directory manager
Search Base: dc=rajantest
Login Property: uid
Password=Redhat123
Search Filter: objectclass=*

Group Search Filter: objectclass=groupofuniquenames
Group Member Filter: uniquemember

Users/Groups on Directory Server:

sunil1/Redhat123   member of group - testgroup3

How reproducible:
Always

Steps to Reproduce:
1. Create a LDAP user in Redhat directory server (Ex: sunil1 )
2. Create a LDAP group in Redhat directory server (Ex: testgroup3)
3. Add the LDAP user to LDAP group.
4. Login to RHQ as rhqadmin and configure LDAP properties in 'Administration->System Settings->LDAP configuration properties.
5. Create a role (Ex: testrole ) in RHQ and assign the LDAP group (Ex: testgroup3) to the role.
6. Logout and login as LDAP user (Ex: sunil1/Redhat123 )to RHQ.
7. Register the user.
8. Logout
9. Login as rhqadmin to RHQ
10. Navigate to  'Administration->Roles
11. Select the role (Ex: testrole ) and click on 'Delete' button.
12. Click on 'Yes' button on the confirmation message.
  
Actual results:

The UI displays error "Failed to delete role".

Expected results:

The role should get deleted.

Additional info:

Deleted the LDAP user from Administration->Users and then tried to delete the role. The role was deleted successfully.

--- Additional comment from skondkar on 2011-09-14 06:38:29 EDT ---

Created attachment 523121 [details]
ServerLog

--- Additional comment from loleary on 2012-04-03 23:30:34 EDT ---

Committed to release/jon3.0.x branch
http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commit;h=73e4ad95242efe4451204294584ffb01aac797f2
 [BZ 754693] ensure load of lazy references and update LDAP role relationship purge.
(cherry picked from commit 0753aae5cab0a3abd3997d093dad1d4866091619)
Comment 3 Larry O'Leary 2013-09-06 03:38:47 UTC 
Closing as there will not be a 3.0.2 release. This was fixed upstream and is available in JBoss ON 3.1.2.