Description of problem: Enabling LDAP on one JBoss ON Server in HA Configuration is not propagated to another server(s) until their restart so the users cannot log in Version-Release number of selected component (if applicable): JBoss ON 3.2.0, 3.2.1 How reproducible: Always Steps to Reproduce: 1. Install and configure JBoss ON server1; 2. Start server1; 3. Install and configure JBoss ON server2; 4. Start server2; 5. Confirm that everything works fine and that servers 1 and 2 are in HA mode; 6. Configure LDAP settings on server1; 7. Log out from JBoss ON UI and attempt to log in again using LDAP username/password; 8. Confirm that this worked fine; 9. Using the same username/password attempt to log in to the JBoss ON UI on the second server; Actual results: Log in to the second server will fail with the message " The username or password provided does not match our records." Expected results: log in to the second server is successful. Additional info: If the server2 is restarted, the server will read the LDAP configuration and after this, the log in will work.
This is not really a use case we had in mind. A change to LDAP settings would be picked up, but that actual enabling or disabling of LDAP auth requires a reconfiguration of the server's JAAS login modules. It was anticipated that a restart would be required. Having said that, since the customer considers this a bug, it looks like we were wrong and for some reason the HA nodes must stay up. Looking to fix this...
master commit cde3c29b8e0b12d838de52453e1a4dc9bfb59d34 Author: Jay Shaughnessy <jshaughn> Date: Tue Jul 1 21:12:21 2014 -0400 Enable/Disable of LDAP requires a system reconfigure (reinstall the JAAS login modules...). Change things such that the system reconfigure gets performed whenever HA nodes detect a change in system settings. So, this fix is a bit more general that the specific case listed here. The system settings update check is every 60s, so HA nodes should pick up a change within a minute.
Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993
Version: JBoss Operations Network Version : 3.3.0.DR01 Build Number : 6468454:dda0a47 GWT Version : 2.5.0 SmartGWT Version : 3.0p HA Setup: Number of JON 3.3 servers: 2 Enabled LDAP on server 1, logged in success on server 1. Was waiting for 60 seconds to update in server 2. Updated within 60 seconds. Login successful in server 2 as well without restarting the server. server.log, 05:55:20,481 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (EJB default - 10) Security domain [RHQUserSecurityDomain] re-created with login modules..........
Database: postgres (PostgreSQL) 8.4.11