Bug 1019588 - login fail on domain case sensitivity
login fail on domain case sensitivity
Status: CLOSED INSUFFICIENT_DATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
3.2.0
Unspecified Unspecified
unspecified Severity medium
: ---
: 3.3.0
Assigned To: Ravi Nori
movciari
infra
: Regression, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-16 02:22 EDT by Ilanit Stein
Modified: 2016-02-10 14:22 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-03 08:20:25 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
engine log (23.41 KB, application/x-gzip)
2013-10-16 02:22 EDT, Ilanit Stein
no flags Details

  None (edit)
Description Ilanit Stein 2013-10-16 02:22:04 EDT
Created attachment 812772 [details]
engine log

Description of problem:

Add a domain using rhevm-manage-domain tool, with domain in lower case 
login fail. change domain to upper case - login succeed.

Version-Release number of selected component (if applicable):

Steps to Reproduce:
1. Add a domain, in lower case, for example:
rhevm-manage-domains  -action=add -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin  -interactive -provider=activeDirectory

2. Try to login in web admin with this user - login fail

3. Remove the added domain, for example:
rhevm-manage-domains  -action=delete -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin  -interactive -provider=activeDirectory 

4. 
 Add a domain, in Upper case, for example:
rhevm-manage-domains  -action=add -addPermissions -domain=QA.LAB.TLV.REDHAT.COM -user=vdcadmin  -interactive -provider=activeDirectory

Expected results:
domain should not be case sensitive.

Additional info: 
engine.log \ login error:

2013-10-15 20:08:57,043 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (QuartzScheduler_Worker-42) Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to connection timeout
2013-10-15 20:08:57,044 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (QuartzScheduler_Worker-42) Failed ldap search server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 using user vdcadmin@QA.LAB.TLV.REDHAT.COM due to connection timeout. We should try the next server
2013-10-15 20:08:57,044 ERROR [org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase] (QuartzScheduler_Worker-42) Failed to run command LdapSearchUserByQueryCommand. Domain is qa.lab.tlv.redhat.com. User is vdcadmin@QA.LAB.TLV.REDHAT.COM.
2013-10-15 20:43:13,671 ERROR [org.ovirt.engine.core.bll.adbroker.GetRootDSE] (ajp-/127.0.0.1:8702-11) Failed to query rootDSE for LDAP server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to connection timeout
2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp-/127.0.0.1:8702-11) Failed ldap search server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 using user vdcadmin@QA.LAB.TLV.REDHAT.COM due to connection timeout. We should try the next server
2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase] (ajp-/127.0.0.1:8702-11) Failed to run command LdapAuthenticateUserCommand. Domain is qa.lab.tlv.redhat.com. User is vdcadmin.
2013-10-15 20:43:13,673 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-11) USER_FAILED_TO_AUTHENTICATE : vdcadmin
2013-10-15 20:43:13,674 WARN  [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-11) CanDoAction of action LoginAdminUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE
Comment 1 Itamar Heim 2013-10-16 04:15:05 EDT
I'm not sure this is a bug. i remember IPA is case sensitive to that.
Comment 2 Eli Mesika 2013-10-16 09:25:38 EDT
Waiting for answer on "if IPA domain names are case-sensitive" from Dmitri Pal
(question sent by email), will update BZ ASAP
Comment 3 Dmitri Pal 2013-10-16 17:31:38 EDT
Kerberos domains are in general case sensitive. By convention they should be all upper case but it is not generally true.
Comment 4 Eli Mesika 2013-10-17 03:55:00 EDT
due to the reply comment 3 I suggest to close as NOTABUG, Barak ???
Comment 5 Barak 2013-10-20 07:46:08 EDT
Ravi - we need to make sure that once an authentication domain was added successfully using rhevm-manage-domains, we should not fail ligging into the webAdmin/UP 

In case this is a real issue we may be required to validate the case in rhevm-manage-domains.
Comment 7 Ravi Nori 2013-10-21 14:06:09 EDT
I am unable to reproduce this on current master and is19 (3.3)

I was able to add Active Directory and IPA domains with both upper and lower case domain names and login to webadmin portal using the admin user.

Please see if you can reproduce this bug with the latest build
Comment 8 Ilanit Stein 2014-09-01 08:13:43 EDT
Tested on oVirt Engine Version: 3.5.0-0.0.master.20140804172041.git23b558e.el6,

This bug seem not relevant anymore.

Note You need to log in before you can comment on or make changes to this bug.