3.4.0-0.13.rc.el6 Connected to Active Directory Groups added to UI in: System >> Users Group VMadmins added User Joe Smith is a member of group VMadmins in Active DIrectory User Joe Smith can now login to the user portal. If I look at the User tab in the admin portal I can see: addomain.com/OU/VMadmins @addomain.com and Joe Smith jsmith All is well. After a several minutes I see the following change with the user jsmith Smith jsmith When that change happens that user can no longer login until I delete that entry within the UI. Then the user can log in again and the entry look like: Joe Smith jsmith
Created attachment 879152 [details] Image of when authentication fails
Created attachment 879153 [details] Image of when authentication works
Regarding the name issue - DbUserCacheManager sets the directoryUser.getName() in dbUser.firstName - this is wrong, it should compare & set directoryUser.getFirstName()
The first patch handles the name issue, however, this is not enough. I was managed to reproduce this on master as well.
Does this just affect AD or general LDAP compatible domains? I guess this affects also the stable 3.3 branch, I'd like to get this backported for the next 3.3.x release, if possible, thank you.
(In reply to Sven Kieske from comment #5) > Does this just affect AD or general LDAP compatible domains? > I guess this affects also the stable 3.3 branch, I'd like to > get this backported for the next 3.3.x release, if possible, thank you. 1. I managed to reproduced that on master (targeted for 3.5) - still need to investigate 3.4 2. Did you encounter this at 3.3 as well? IMHO this is a regression introduced at 3.4 . The issue of name change is a definite regression at 3.4 (Just checked 3.3 code).
(In reply to Yair Zaslavsky from comment #6) > (In reply to Sven Kieske from comment #5) > > Does this just affect AD or general LDAP compatible domains? > > I guess this affects also the stable 3.3 branch, I'd like to > > get this backported for the next 3.3.x release, if possible, thank you. > > 1. I managed to reproduced that on master (targeted for 3.5) - still need to > investigate 3.4 > 2. Did you encounter this at 3.3 as well? > IMHO this is a regression introduced at 3.4 . > The issue of name change is a definite regression at 3.4 (Just checked 3.3 > code). This worked before I upgraded from 3.3 to 3.4
On ovirt 3.4 rc3 I have managed only to reproduce the name issue. I could login with the user.
(In reply to Yair Zaslavsky from comment #6) > (In reply to Sven Kieske from comment #5) > 2. Did you encounter this at 3.3 as well? > IMHO this is a regression introduced at 3.4 . > The issue of name change is a definite regression at 3.4 (Just checked 3.3 > code). No I didn't encounter it just yet as I didn't use the user portal but I plan to, so I'm a little bothered about this, but thanks for your investigation. I'd suggest to push the target release to 3.4.x as it is a regression introduced in 3.4.0 ?
Please provide engine.log
Created attachment 879795 [details] engine.log file engine.log is attached
Maurice, Can you please add more info - user you have tried to login with. In addition, select user_id, user_name, group_ids from users where user_name = 'the user you try to login with'; And also select id , name from ad_groups; Thanks!
(In reply to Yair Zaslavsky from comment #12) > Maurice, > Can you please add more info - > user you have tried to login with. > > In addition, select user_id, user_name, group_ids from users where user_name > = 'the user you try to login with'; > > And also select id , name from ad_groups; > > > Thanks! sorry, you have provided the user name. can you please provide the db entries?
(In reply to Yair Zaslavsky from comment #13) > (In reply to Yair Zaslavsky from comment #12) > > Maurice, > > Can you please add more info - > > user you have tried to login with. > > > > In addition, select user_id, user_name, group_ids from users where user_name > > = 'the user you try to login with'; > > > > And also select id , name from ad_groups; > > > > > > Thanks! > > sorry, you have provided the user name. > can you please provide the db entries? eee00000-0000-0000-0000-123456789eee Everyone b6ca9bb9-2933-4c0d-a37b-c861788db63c suprtekstic.com/TIEATS/SvcAccounts/VMAdmins 9ba90d21-65c2-4a7a-815a-16109baa7343 suprtekstic.com/TIEATS/CodeChecking/CChecking 077fbef7-7dff-46ef-875c-79fa08070091 suprtekstic.com/TIEATS/LBMP/MobilePolicy
(In reply to Yair Zaslavsky from comment #12) > Maurice, > Can you please add more info - > user you have tried to login with. > > In addition, select user_id, user_name, group_ids from users where user_name > = 'the user you try to login with'; > > And also select id , name from ad_groups; > > > Thanks! column "user_name" does not exist
(In reply to Yair Zaslavsky from comment #13) > (In reply to Yair Zaslavsky from comment #12) > > Maurice, > > Can you please add more info - > > user you have tried to login with. > > > > In addition, select user_id, user_name, group_ids from users where user_name > > = 'the user you try to login with'; > > > > And also select id , name from ad_groups; > > > > > > Thanks! > > sorry, you have provided the user name. > can you please provide the db entries? 32436c75-6d0c-4c07-9dd1-80c09aa95272 mjames 00000000000000000000000000000000,00000000000000000000000000000000,00000000000000000000000000000000,00000000000000000000000000000000,00000000000000000000000000000000
I'm afraid I was also only able to reproduce the user name issue that Yair solved. The only group issue I saw is when the user is a member of a group that is a member of another group, then when the user is added we add both groups to the user, but after refreshing the user information we are left only with one group. The parent group is deleted. I already merged the fix for that. I hope that it will fix your issue as well, as we made further changes as well in this area of the code.
(In reply to Oved Ourfali from comment #17) > I'm afraid I was also only able to reproduce the user name issue that Yair > solved. The only group issue I saw is when the user is a member of a group > that is a member of another group, then when the user is added we add both > groups to the user, but after refreshing the user information we are left > only with one group. The parent group is deleted. I already merged the fix > for that. I hope that it will fix your issue as well, as we made further > changes as well in this area of the code. When will "yum update" fix it?
The relevant RPMs from the nightly build are in: http://resources.ovirt.org/pub/ovirt-3.4-snapshot/rpm/ Can you check if they solve your issue?
(In reply to Oved Ourfali from comment #19) > The relevant RPMs from the nightly build are in: > > http://resources.ovirt.org/pub/ovirt-3.4-snapshot/rpm/ > > Can you check if they solve your issue? Which packages do I have to update from the nightly?
(In reply to Maurice James from comment #20) > (In reply to Oved Ourfali from comment #19) > > The relevant RPMs from the nightly build are in: > > > > http://resources.ovirt.org/pub/ovirt-3.4-snapshot/rpm/ > > > > Can you check if they solve your issue? > > > > Which packages do I have to update from the nightly? Well, the change should be in the ovirt-engine-backend RPM, but you should update them all, as they depend on one another, so changing one without the others can lead to unexpected behavior.
(In reply to Oved Ourfali from comment #21) > (In reply to Maurice James from comment #20) > > (In reply to Oved Ourfali from comment #19) > > > The relevant RPMs from the nightly build are in: > > > > > > http://resources.ovirt.org/pub/ovirt-3.4-snapshot/rpm/ > > > > > > Can you check if they solve your issue? > > > > > > > > Which packages do I have to update from the nightly? > > Well, the change should be in the ovirt-engine-backend RPM, but you should > update them all, as they depend on one another, so changing one without the > others can lead to unexpected behavior. When I attempt a yum update out of that repo it attempts to install version 3.5 packages
(In reply to Maurice James from comment #22) > (In reply to Oved Ourfali from comment #21) > > (In reply to Maurice James from comment #20) > > > (In reply to Oved Ourfali from comment #19) > > > > The relevant RPMs from the nightly build are in: > > > > > > > > http://resources.ovirt.org/pub/ovirt-3.4-snapshot/rpm/ > > > > > > > > Can you check if they solve your issue? > > > > > > > > > > > > Which packages do I have to update from the nightly? > > > > Well, the change should be in the ovirt-engine-backend RPM, but you should > > update them all, as they depend on one another, so changing one without the > > others can lead to unexpected behavior. > > When I attempt a yum update out of that repo it attempts to install version > 3.5 packages Please verify you've not enabled ovirt-snapshot by mistake. I can't see any 3.5 rpm in ovirt-3.4-snapshot.
Once I execute yum update, do I also have to run engine-setup? (In reply to Sandro Bonazzola from comment #23) > (In reply to Maurice James from comment #22) > > (In reply to Oved Ourfali from comment #21) > > > (In reply to Maurice James from comment #20) > > > > (In reply to Oved Ourfali from comment #19) > > > > > The relevant RPMs from the nightly build are in: > > > > > > > > > > http://resources.ovirt.org/pub/ovirt-3.4-snapshot/rpm/ > > > > > > > > > > Can you check if they solve your issue? > > > > > > > > > > > > > > > > Which packages do I have to update from the nightly? > > > > > > Well, the change should be in the ovirt-engine-backend RPM, but you should > > > update them all, as they depend on one another, so changing one without the > > > others can lead to unexpected behavior. > > > > When I attempt a yum update out of that repo it attempts to install version > > 3.5 packages > > Please verify you've not enabled ovirt-snapshot by mistake. > I can't see any 3.5 rpm in ovirt-3.4-snapshot.
(In reply to Maurice James from comment #24) > Once I execute yum update, do I also have to run engine-setup? Yes.
This is an automated message oVirt 3.4.1 has been released: * should fix your issue * should be available at your local mirror within two days. If problems still persist, please make note of it in this bug report.