Bug 962886

Summary: LDAP: UI does not throw errors when ldap server is wrong/unavailable.
Product: [JBoss] JBoss Operations Network Reporter: Simeon Pinder <spinder>
Component: No ComponentAssignee: Simeon Pinder <spinder>
Status: CLOSED CURRENTRELEASE QA Contact: Sunil Kondkar <skondkar>
Severity: low Docs Contact:
Priority: unspecified    
Version: JON 3.2CC: hrupp, jshaughn, myarboro, skondkar, snegrea, spinder
Target Milestone: ER05   
Target Release: JON 3.3.0   
Hardware: Unspecified   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-11 14:02:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Simeon Pinder 2013-05-14 17:14:26 UTC
Description of problem:
If you've configured an LDAP server for authentication or authorization and everything else but the LDAP server url is correct, you should not be able to save the system settings.  You would be required to disable LDAP authentication until an LDAP server can be successfully connected.

Version-Release number of selected component (if applicable):


How reproducible:
Always.

Steps to Reproduce:
1. Setup LDAP authentication and validate that login is correct.
2. Modify LDAP server url so that server url is incorrect.
3. Save the ldap configuration.
  
Actual results:
- You're able to save the LDAP configuration.

Expected results:
- You should not be able to save the system settings + ldap configuration.

Additional info:

Comment 1 Simeon Pinder 2013-05-14 17:24:47 UTC
I'm on the fence about this bug because it seems wrong to prevent the user from saving system settings that are correct BUT only that the the server is currently down.  This feels like an administration only/documentation bug and this seems to be a a bit deeper validation than we do for other system settings.

- we don't give great messaging when the backend DB goes down.
 
- Additionally, why stop here? There are quite a few properties that need to be correct for LDAP auth or authentication to work correctly.  See the Swing client in the "TroubleShooting" section below:
https://docs.jboss.org/author/display/RHQ/Testing+the+RHQ+LDAP+Integration

- If we want this fixed for 3.2 I think we should pull the swing client in as a full fledged Wizard. To do this right. What happens if the 'LDAP' Role is not configured/created? What about 'LDAP' group to role mapping?  All these elements have a perceivable error state if not set correctly.

This needs to be triaged.

Comment 2 Heiko W. Rupp 2013-08-13 08:00:55 UTC
Can we at least print a warning in the top red/yellow/green bar saying that the LDAP server could not be reached and that the user should check if it is online?

Comment 3 Simeon Pinder 2013-08-13 16:10:42 UTC
Yes. That's not that difficult to do.  

Does this mean that you want a thread constantly running in the client and 
i)if ldap integration is enabled  and 
ii)cannot use credentials to successfully bind to LDAP server that we we should throw up a red error message? 

Just once? Every 30 mins? On first login? All of the above? 

Just wanted some more details on how you wanted this to work since we have to support LDAP servers that can disappear at any time.

Comment 4 Heiko W. Rupp 2013-08-14 09:23:49 UTC
Nothing fancy.

In step 3 of the above description ("Save") we should validate if the url is "reachable" and if not show that warning.
So the user can investigate if that server is really down / firewalled or the user just mistyped the url

Comment 5 Simeon Pinder 2013-08-14 13:28:59 UTC
Ok. I'll make that change.

Comment 6 Simeon Pinder 2014-09-29 08:12:28 UTC
Moving into ER05 as didn't make the ER04 cut.

Comment 7 Simeon Pinder 2014-10-08 17:26:52 UTC
This is fixed with commit: 8004f67affd to release/jon3.3.x.  Moving to MODIFIED for testing in next brew build.

Comment 8 Jared MORGAN 2014-10-13 03:56:33 UTC
(In reply to Simeon Pinder from comment #1)
> ...This feels like an administration only/documentation bug
> and this seems to be a a bit deeper validation than we do for other system
> settings.

You're referring to internal only developer docs here, right Simeon?

Comment 9 Simeon Pinder 2014-10-14 13:42:57 UTC
@Jared, the scope of the fix was significantly reduced since Comment #1.  This is now just one extra ui console message/note(as described in Comment 4) when the settings are saved AND the LDAP server is configured, but is not available for some reason.  Putting it in the documentation might be a bit much but I'm not sure.

Comment 10 Simeon Pinder 2014-10-20 13:47:56 UTC
Clearing needinfo.

Comment 11 Jared MORGAN 2014-10-21 02:28:01 UTC
(In reply to Simeon Pinder from comment #9)
> @Jared, the scope of the fix was significantly reduced since Comment #1. 
> This is now just one extra ui console message/note(as described in Comment
> 4) when the settings are saved AND the LDAP server is configured, but is not
> available for some reason.  Putting it in the documentation might be a bit
> much but I'm not sure.

Yeah, I think that's safe not to include. The user would be presented with the message, and the message appears pretty self-explanatory.

Comment 12 Simeon Pinder 2014-10-21 20:24:04 UTC
Moving to ON_QA as available to test with the latest brew build:
https://brewweb.devel.redhat.com//buildinfo?buildID=394734

Comment 13 Sunil Kondkar 2014-10-27 11:12:19 UTC
Verified on Version :JON 3.3.0.ER05 Build Number : 92b6d6a:2cdb528

On saving LDAP configuration with incorrect LDAP server url, following warning message is shown in UI:

"The configured LDAP server is not currently reachable and may be down/firewalled/incorrectly configured. Alert system administrator."