Bug 1095420
| Summary: | admin@internal can not log in to the Web admin portal if another admin user exists in an external directory | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Gil Klein <gklein> | ||||||
| Component: | ovirt-engine | Assignee: | Yair Zaslavsky <yzaslavs> | ||||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ondra Machacek <omachace> | ||||||
| Severity: | urgent | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 3.4.0 | CC: | acathrow, emesika, gklein, iheim, istein, knesenko, lpeer, oourfali, pstehlik, Rhev-m-bugs, sherold, tnisan, vered, yeylon, yzaslavs | ||||||
| Target Milestone: | --- | Keywords: | TestBlocker | ||||||
| Target Release: | 3.4.0 | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | infra | ||||||||
| Fixed In Version: | org.ovirt.engine-root-3.4.0-19 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | Type: | Bug | |||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1057368 | ||||||||
| Attachments: |
|
||||||||
In my setup (rhevm 3.4 av8.1), I had same problem as well with 2 admin users.
It is not clear from where the second admin users came from.
here's my users table:
engine=# select name , domain from users ;
name | domain
----------+-----------------------
vdcadmin | qa.lab.tlv.redhat.com
admin | qa.lab.tlv.redhat.com
admin | internal
(3 rows)
engine=# select * from users ;
user_id | name | surname | domain | username |
groups | department | role | email | note | last_admin_check_status |
group_ids | externa
l_id | active
--------------------------------------+----------+---------+-----------------------+----------+----------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------------------+------------+------+-------+------+-------------------------+--------------
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------
------------------------+--------
9b9002d1-ec33-4083-8a7b-31f6b8931648 | vdcadmin | | qa.lab.tlv.redhat.com | vdcadmin | qa.lab.tlv.redhat.com/QA-All-Users/testGroup,qa.lab.tlv.redhat.com/frodo1-id-21324444,dc.eng.lab.tlv.redhat.com/Users/universe,qa.lab.tlv.red
hat.com/Builtin/Administrators | | | | | t | 00000000-0000
-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000 | \233\220\002\321\3543@\203
\212{1\366\270\223\026H | t
62e8f0a0-c375-403a-a402-3daa2c384fc5 | admin | | qa.lab.tlv.redhat.com | admin | qa.lab.tlv.redhat.com/QA-All-Users/RDP-Group,qa.lab.tlv.redhat.com/QA-All-Users/LocalAdmins-Group,qa.lab.tlv.redhat.com/QA-All-Users/BlueUser
s,qa.lab.tlv.redhat.com/Builtin/Administrators,qa.lab.tlv.redhat.com/QA-All-Users/QA-Members/QA_Gluster_users,qa.lab.tlv.redhat.com/QA-All-Users/QA-MembersGroup | | | | | f | 00000000-0000
-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000-0000-0000-000000000000 | b\350\360\240\303u@:\244\0
02=\252,8O\305 | t
fdfc627c-d875-11e0-90f0-83df133b58cc | admin | | internal | admin |
| | | | | t |
| \375\374b|\330u\021\340\22
0\360\203\337\023;X\314 | t
(3 rows)
(In reply to Ilanit Stein from comment #5) > In my setup (rhevm 3.4 av8.1), I had same problem as well with 2 admin users. > It is not clear from where the second admin users came from. > here's my users table: > > engine=# select name , domain from users ; > name | domain > ----------+----------------------- > vdcadmin | qa.lab.tlv.redhat.com > admin | qa.lab.tlv.redhat.com > admin | internal I see nothing wrong here, as one user is in the "internal" domain, and the other is in the qa.lab.tlv.redhat.com domain. > (3 rows) > > engine=# select * from users ; > user_id | name | surname | domain > | username | > > groups > | department | role | email | note | last_admin_check_status | > > group_ids > | externa > l_id | active > --------------------------------------+----------+---------+----------------- > ------+----------+----------------------------------------------------------- > ----------------------------------------------------------------------------- > ------ > ----------------------------------------------------------------------------- > ----------------------------------------------------------------------------- > -------+------------+------+-------+------+-------------------------+-------- > ------ > ----------------------------------------------------------------------------- > ----------------------------------------------------------------------------- > -------------------------------------------------------+--------------------- > ------ > ------------------------+-------- > 9b9002d1-ec33-4083-8a7b-31f6b8931648 | vdcadmin | | > qa.lab.tlv.redhat.com | vdcadmin | > qa.lab.tlv.redhat.com/QA-All-Users/testGroup,qa.lab.tlv.redhat.com/frodo1-id- > 21324444,dc.eng.lab.tlv.redhat.com/Users/universe,qa.lab.tlv.red > hat.com/Builtin/Administrators > | | | | | t | 00000000-0000 > -0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000- > 0000-0000-000000000000,00000000-0000-0000-0000-000000000000 > | \233\220\002\321\3543@\203 > \212{1\366\270\223\026H | t > 62e8f0a0-c375-403a-a402-3daa2c384fc5 | admin | | > qa.lab.tlv.redhat.com | admin | > qa.lab.tlv.redhat.com/QA-All-Users/RDP-Group,qa.lab.tlv.redhat.com/QA-All- > Users/LocalAdmins-Group,qa.lab.tlv.redhat.com/QA-All-Users/BlueUser > s,qa.lab.tlv.redhat.com/Builtin/Administrators,qa.lab.tlv.redhat.com/QA-All- > Users/QA-Members/QA_Gluster_users,qa.lab.tlv.redhat.com/QA-All-Users/QA- > MembersGroup | | | | | f | > 00000000-0000 > -0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000- > 0000-0000-000000000000,00000000-0000-0000-0000-000000000000,00000000-0000- > 0000-0000-000000000000,00000000-0000-0000-0000-000000000000 | > b\350\360\240\303u@:\244\0 > 02=\252,8O\305 | t > fdfc627c-d875-11e0-90f0-83df133b58cc | admin | | internal > | admin | > > > | | | | | t | > > | \375\374b|\330u\021\340\22 > 0\360\203\337\023;X\314 | t > (3 rows) Created attachment 894384 [details]
engine.log
Gil - can you dump the DB so that Yair and Eli will be able to examine it? engine=# select user_id, username, external_id from users where username ilike '%admin%';
user_id | username | externa
l_id
--------------------------------------+-------------+---------------------------
------------------------
21d9ca24-bb82-11e0-a1c1-00145e832c40 | admin | !\331\312$\273\202\021\340
\241\301\000\024^\203,@
fdfc627c-d875-11e0-90f0-83df133b58cc | admin | \375\374b|\330u\021\340\22
0\360\203\337\023;X\314
a5c2b244-80dc-4277-b288-842779950749 | ykadmin | \245\302\262D\200\334Bw\26
2\210\204'y\225\007I
97223de4-45c4-11e1-a6f6-001a4a169753 | admin | \227"=\344E\304\021\341\24
6\366\000\032J\026\227S
9b9002d1-ec33-4083-8a7b-31f6b8931648 | vdcadmin | \233\220\002\321\3543@\203
\212{1\366\270\223\026H
62e8f0a0-c375-403a-a402-3daa2c384fc5 | admin | b\350\360\240\303u@:\244\0
02=\252,8O\305
647f6b4f-d3b4-419d-8f80-427048f02c4b | masterAdmin | d\177kO\323\264A\235\217\2
00BpH\360,K
(7 rows)
Created attachment 894413 [details]
engine log from the 3.3->3.4RC upgrade
engine log from the 3.3->3.4RC upgrade
I got an error that I'm not authorised to perdorm the action (login).
engine=> select * from users;
user_id | name | surname | domain | username | groups | department | role | email | note | last_admin_check_status | group_ids | external_id | active
--------------------------------------+------+---------+----------+----------+--------+------------+------+-------+------+-------------------------+-----------+--------------------------------------+--------
fdfc627c-d875-11e0-90f0-83df133b58cc | | | internal | admin | | | | | | t | | [B@44f595c3 | f
26f94ea1-a384-4fb2-a65c-9b6d3aabb33a | | | internal | admin | | | | | | f | | fdfc627c-d875-11e0-90f0-83df133b58cc | t
(2 rows)
Note both are internal, external_is for the first is not a GUID and looks like an obect serialization.
What fixed it for me was deleting the second line and updating the remaining extrnal_id to the user_id:
delete from users where user_id='26f94ea1-a384-4fb2-a65c-9b6d3aabb33a';
update users set external_id=user_id;
After this change I've managed to log in.
(In reply to Vered Volansky from comment #12) > I got an error that I'm not authorised to perdorm the action (login). > > engine=> select * from users; > user_id | name | surname | domain | username > | groups | department | role | email | note | last_admin_check_status | > group_ids | external_id | active > --------------------------------------+------+---------+----------+---------- > +--------+------------+------+-------+------+-------------------------+------ > -----+--------------------------------------+-------- > fdfc627c-d875-11e0-90f0-83df133b58cc | | | internal | admin > | | | | | | t | > | [B@44f595c3 | f > 26f94ea1-a384-4fb2-a65c-9b6d3aabb33a | | | internal | admin > | | | | | | f | > | fdfc627c-d875-11e0-90f0-83df133b58cc | t > (2 rows) > > > Note both are internal, external_is for the first is not a GUID and looks > like an obect serialization. > > What fixed it for me was deleting the second line and updating the remaining > extrnal_id to the user_id: > delete from users where user_id='26f94ea1-a384-4fb2-a65c-9b6d3aabb33a'; > update users set external_id=user_id; > > After this change I've managed to log in. Thanks Vered, However this is not the issue with the QA production environment. Yair, this was the same issue that happened to me, even if it's not the same as the issue as in this bug it still have to be addressed since it seems to happen to other people as well The bug is due to the following: 1. The environment has several users with username 'internal' in differnet domains. 2. the following code: InternalBrokerUtils.getUserByUPN is called by both the authentication part (authenticateUser) and the authorization part (getUserByName). Unfortunately, getUserByUPN checks only the user name, and not the domain - thus a wrong user is checked. This does occur in 3.5/upstream due to the following: Internal*Command were removed , the Internal authn and authz are properly used (in 3.4 although the classes exist, they were not used). Suggested fix: InternalBrokerUtils.getUserByUPN will receive not just the user name, but also the domain - then we will check the db by both parameters (user name + domain) - this will ensure we will get the proper user. In order to test the fix (once issued) please add using an ldap domain a user named 'admin'. (In reply to Tal Nisan from comment #14) > Yair, this was the same issue that happened to me, even if it's not the same > as the issue as in this bug it still have to be addressed since it seems to > happen to other people as well Tal - a. Please correct me if I'm wrong - You're working on upstream, not downstream. b. As I said - different reason. If needed - please open a different bug for that and I will take care. As you can see in my detailed explanation - the code that caused the issue no longer exists at master , so the issue you and Vered saw has to do with some other stuff. (In reply to Yair Zaslavsky from comment #15) > The bug is due to the following: > 1. The environment has several users with username 'internal' in differnet > domains. > > 2. > the following code: > InternalBrokerUtils.getUserByUPN is called by both the authentication part > (authenticateUser) and the authorization part (getUserByName). > > Unfortunately, getUserByUPN checks only the user name, and not the domain - > thus a wrong user is checked. > > This does occur in 3.5/upstream due to the following: > Internal*Command were removed , the Internal authn and authz are properly > used (in 3.4 although the classes exist, they were not used). > > Suggested fix: > InternalBrokerUtils.getUserByUPN will receive not just the user name, but > also the domain - then we will check the db by both parameters (user name + > domain) - this will ensure we will get the proper user. > > In order to test the fix (once issued) please add using an ldap domain a > user named 'admin'. Correction to myself: This does occur in 3.5/upstream due to the following: should be "This doesn't occur". Additional information: Removing the additional user, carrying the same name, from users table in DB, resolve the problem. engine=# select name, domain, user_id from users ; name | domain | user_id ----------+-----------------------+-------------------------------------- admin | internal | fdfc627c-d875-11e0-90f0-83df133b58cc vdcadmin | qa.lab.tlv.redhat.com | 9b9002d1-ec33-4083-8a7b-31f6b8931648 admin | qa.lab.tlv.redhat.com | 62e8f0a0-c375-403a-a402-3daa2c384fc5 (3 rows) engine=# DELETE FROM users where user_id='62e8f0a0-c375-403a-a402-3daa2c384fc5'; DELETE 1 engine=# select name, domain, user_id from users ; name | domain | user_id ----------+-----------------------+-------------------------------------- admin | internal | fdfc627c-d875-11e0-90f0-83df133b58cc vdcadmin | qa.lab.tlv.redhat.com | 9b9002d1-ec33-4083-8a7b-31f6b8931648 (2 rows) Upgrade succeeded.
I had one admin@domain user and one admin@internal.
#select user_id, name, domain from users;
user_id | name | domain
--------------------------------------+-------+---------------------------------
2f7e212f-744c-4836-87a4-340652e3edb1 | admin | ad2.rhev.lab.eng.brq.redhat.com
fdfc627c-d875-11e0-90f0-83df133b58cc | admin | internal
after upgrade I am able to login with both users. Moving to verified.
rhevm-3.4.0-0.20.el6ev.noarch
Closing as part of 3.4.0 |
Description of problem: After an upgrade 3.3->3.4 admin@internal can not log in to the Web admin portal Version-Release number of selected component (if applicable): Upgrade to AV8.1 How reproducible: Specific to the RHEVM QE instance Steps to Reproduce: 1. Upgrade the engine 3.3.2 -> 3.4RC1 (AV8.1) Actual results: admin@internal can not log in to the Web admin portal Expected results: admin@internal should be able to login Additional info: While admin@internal tries to login it fails with the following error in the engine.log 2014-05-07 19:21:44,374 ERROR [org.ovirt.engine.core.bll.LoginAdminUserCommand] (ajp-/127.0.0.1:8702-18) Data access error during CanDoActionFailure.: org.springframework.dao.DuplicateKeyException: CallableStatementCallback; SQL [{call insertuser(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)}]; ERROR: duplicate key value violates unique constraint "pk_users" Where: SQL statement "INSERT INTO users(department, domain, email, groups, name, note, role, active, surname, user_id, username, group_ids, external_id) VALUES( $1 , $2 , $3 , $4 , $5 , $6 , $7 , $8 , $9 , $10 , $11 , $12 , $13 )" PL/pgSQL function "insertuser" line 2 at SQL statement; nested exception is org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "pk_users" Where: SQL statement "INSERT INTO users(department, domain, email, groups, name, note, role, active, surname, user_id, username, group_ids, external_id) VALUES( $1 , $2 , $3 , $4 , $5 , $6 , $7 , $8 , $9 , $10 , $11 , $12 , $13 )" PL/pgSQL function "insertuser" line 2 at SQL statement at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:241) [spring-jdbc.jar:3.1.1.RELEASE] at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72) [spring-jdbc.jar:3.1.1.RELEASE] at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:1030) [spring-jdbc.jar:3.1.1.RELEASE] at org.springframework.jdbc.core.JdbcTemplate.call(JdbcTemplate.java:1064) [spring-jdbc.jar:3.1.1.RELEASE] at org.springframework.jdbc.core.simple.AbstractJdbcCall.executeCallInternal(AbstractJdbcCall.java:388) [spring-jdbc.jar:3.1.1.RELEASE] at org.springframework.jdbc.core.simple.AbstractJdbcCall.doExecute(AbstractJdbcCall.java:351) [spring-jdbc.jar:3.1.1.RELEASE] at org.springframework.jdbc.core.simple.SimpleJdbcCall.execute(SimpleJdbcCall.java:181) [spring-jdbc.jar:3.1.1.RELEASE] at org.ovirt.engine.core.dao.DbUserDAODbFacadeImpl.save(DbUserDAODbFacadeImpl.java:155) [dal.jar:] at org.ovirt.engine.core.bll.LoginBaseCommand.isUserCanBeAuthenticated(LoginBaseCommand.java:177) [bll.jar:] at org.ovirt.engine.core.bll.LoginAdminUserCommand.canDoAction(LoginAdminUserCommand.java:14) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.internalCanDoAction(CommandBase.java:739) [bll.jar:] at org.ovirt.engine.core.bll.CommandBase.executeAction(CommandBase.java:345) [bll.jar:] at org.ovirt.engine.core.bll.Backend.login(Backend.java:594) [bll.jar:] at sun.reflect.GeneratedMethodAccessor131.invoke(Unknown Source) [:1.7.0_55] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55] at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:374) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.ovirt.engine.core.bll.interceptors.ThreadLocalSessionCleanerInterceptor.injectWebContextToThreadLocal(ThreadLocalSessionCleanerInterceptor.java:13) [bll.jar:] at sun.reflect.GeneratedMethodAccessor98.invoke(Unknown Source) [:1.7.0_55] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:89) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [jboss-as-ejb3.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ejb3.component.singleton.SingletonComponentInstanceAssociationInterceptor.processInvocation(SingletonComponentInstanceAssociationInterceptor.java:52) [jboss-as-ejb3.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:259) [jboss-as-ejb3.jar:7.4.0.Final-redhat-10] at org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:398) [jboss-as-ejb3.jar:7.4.0.Final-redhat-10] at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:242) [jboss-as-ejb3.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [jboss-as-ejb3.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:185) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:182) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation.jar:1.1.2.Final-redhat-1] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73) [jboss-as-ee.jar:7.4.0.Final-redhat-10] at org.ovirt.engine.core.common.interfaces.BackendLocal$$$view9.login(Unknown Source) [common.jar:] at org.ovirt.engine.ui.frontend.server.gwt.GenericApiGWTServiceImpl.Login(GenericApiGWTServiceImpl.java:184) at sun.reflect.GeneratedMethodAccessor138.invoke(Unknown Source) [:1.7.0_55] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55] at com.google.gwt.rpc.server.RPC.invokeAndStreamResponse(RPC.java:196) at com.google.gwt.rpc.server.RpcServlet.processCall(RpcServlet.java:172) at com.google.gwt.rpc.server.RpcServlet.processPost(RpcServlet.java:233) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec.jar:1.0.2.Final-redhat-1] at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec.jar:1.0.2.Final-redhat-1] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.ovirt.engine.ui.frontend.server.gwt.GwtCachingFilter.doFilter(GwtCachingFilter.java:132) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.ovirt.engine.core.branding.BrandingFilter.doFilter(BrandingFilter.java:72) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.ovirt.engine.core.utils.servlet.LocaleFilter.doFilter(LocaleFilter.java:64) [utils.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.ovirt.engine.core.bll.AutomaticLoginFilter.doFilter(AutomaticLoginFilter.java:58) [bll.jar:] at org.ovirt.engine.core.bll.AutomaticLoginFilter.doFilter(AutomaticLoginFilter.java:49) [bll.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.ovirt.engine.core.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:80) [common.jar:] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:466) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:340) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:490) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:420) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55] Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "pk_users" Where: SQL statement "INSERT INTO users(department, domain, email, groups, name, note, role, active, surname, user_id, username, group_ids, external_id) VALUES( $1 , $2 , $3 , $4 , $5 , $6 , $7 , $8 , $9 , $10 , $11 , $12 , $13 )" PL/pgSQL function "insertuser" line 2 at SQL statement at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2101) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1834) at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:255) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:510) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:386) at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:379) at org.jboss.jca.adapters.jdbc.CachedPreparedStatement.execute(CachedPreparedStatement.java:297) at org.jboss.jca.adapters.jdbc.WrappedPreparedStatement.execute(WrappedPreparedStatement.java:404) at org.springframework.jdbc.core.JdbcTemplate$6.doInCallableStatement(JdbcTemplate.java:1066) [spring-jdbc.jar:3.1.1.RELEASE] at org.springframework.jdbc.core.JdbcTemplate$6.doInCallableStatement(JdbcTemplate.java:1) [spring-jdbc.jar:3.1.1.RELEASE] at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:1014) [spring-jdbc.jar:3.1.1.RELEASE] ... 99 more