When LDAP was enabled on one JBoss ON Server in HA Configuration, the change was not propagated to other servers in the group until the servers were restarted. This prevented users from logging onto the other servers in the group. The fix reinstalls the JAAS login modules when the HA nodes detect a change in system settings. The check is performed every 60 seconds. If LDAP configuration is enabled or disabled in a HA group, the other servers are now aware of the change in 60 seconds.
Description of problem:
Enabling LDAP on one JBoss ON Server in HA Configuration is not propagated to another server(s) until their restart so the users cannot log in
Version-Release number of selected component (if applicable):
JBoss ON 3.2.0, 3.2.1
Steps to Reproduce:
1. Install and configure JBoss ON server1;
2. Start server1;
3. Install and configure JBoss ON server2;
4. Start server2;
5. Confirm that everything works fine and that servers 1 and 2 are in HA mode;
6. Configure LDAP settings on server1;
7. Log out from JBoss ON UI and attempt to log in again using LDAP username/password;
8. Confirm that this worked fine;
9. Using the same username/password attempt to log in to the JBoss ON UI on the second server;
Log in to the second server will fail with the message " The username or password provided does not match our records."
log in to the second server is successful.
If the server2 is restarted, the server will read the LDAP configuration and after this, the log in will work.
This is not really a use case we had in mind. A change to LDAP settings would be picked up, but that actual enabling or disabling of LDAP auth requires a reconfiguration of the server's JAAS login modules. It was anticipated that a restart would be required.
Having said that, since the customer considers this a bug, it looks like we were wrong and for some reason the HA nodes must stay up. Looking to fix this...
master commit cde3c29b8e0b12d838de52453e1a4dc9bfb59d34
Author: Jay Shaughnessy <firstname.lastname@example.org>
Date: Tue Jul 1 21:12:21 2014 -0400
Enable/Disable of LDAP requires a system reconfigure (reinstall the JAAS
login modules...). Change things such that the system reconfigure gets
performed whenever HA nodes detect a change in system settings. So,
this fix is a bit more general that the specific case listed here. The
system settings update check is every 60s, so HA nodes should pick up
a change within a minute.
Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993
JBoss Operations Network
Version : 3.3.0.DR01
Build Number : 6468454:dda0a47
GWT Version : 2.5.0
SmartGWT Version : 3.0p
Number of JON 3.3 servers: 2
Enabled LDAP on server 1, logged in success on server 1.
Was waiting for 60 seconds to update in server 2.
Updated within 60 seconds. Login successful in server 2 as well without restarting the server.
05:55:20,481 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (EJB default - 10) Security domain [RHQUserSecurityDomain] re-created with login modules..........
Database: postgres (PostgreSQL) 8.4.11