Bug 1108833 - Enabling LDAP on one JBoss ON Server in HA Configuration is not propagated to another server(s) until their restart so the users cannot log in
Summary: Enabling LDAP on one JBoss ON Server in HA Configuration is not propagated to...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Operations Network
Classification: JBoss
Component: Core Server
Version: JON 3.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: DR01
: JON 3.3.0
Assignee: Jay Shaughnessy
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On: 1108835
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-12 16:02 UTC by bkramer
Modified: 2018-12-05 18:51 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-12-11 14:03:04 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description bkramer 2014-06-12 16:02:02 UTC 
Description of problem:
Enabling LDAP on one JBoss ON Server in HA Configuration is not propagated to another server(s) until their restart so the users cannot log in

Version-Release number of selected component (if applicable):
JBoss ON 3.2.0, 3.2.1 

How reproducible:
Always


Steps to Reproduce:
1. Install and configure JBoss ON server1;
2. Start server1;
3. Install and configure JBoss ON server2;
4. Start server2;
5. Confirm that everything works fine and that servers 1 and 2 are in HA mode;
6. Configure LDAP settings on server1;
7. Log out from JBoss ON UI and attempt to log in again using LDAP username/password;
8. Confirm that this worked fine;
9. Using the same username/password attempt to log in to the JBoss ON UI on the second server;


Actual results:
Log in to the second server will fail with the message "  The username or password provided does not match our records."

Expected results:
log in to the second server is successful.


Additional info:
If the server2 is restarted, the server will read the LDAP configuration and after this, the log in will work.
Comment 1 Jay Shaughnessy 2014-07-01 19:03:02 UTC 
This is not really a use case we had in mind.  A change to LDAP settings would be picked up, but that actual enabling or disabling of LDAP auth requires a reconfiguration of the server's JAAS login modules.  It was anticipated that a restart would be required.

Having said that, since the customer considers this a bug, it looks like we were wrong and for some reason the HA nodes must stay up.  Looking to fix this...
Comment 2 Jay Shaughnessy 2014-07-02 01:13:54 UTC 
master commit cde3c29b8e0b12d838de52453e1a4dc9bfb59d34
Author: Jay Shaughnessy <jshaughn>
Date:   Tue Jul 1 21:12:21 2014 -0400

    Enable/Disable of LDAP requires a system reconfigure (reinstall the JAAS
    login modules...). Change things such that the system reconfigure gets
    performed whenever HA nodes detect a change in system settings. So,
    this fix is a bit more general that the specific case listed here.  The
    system settings update check is every 60s, so HA nodes should pick up
    a change within a minute.
Comment 3 Simeon Pinder 2014-07-31 15:52:18 UTC 
Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993
Comment 4 Jeeva Kandasamy 2014-08-08 10:13:55 UTC 
Version:
JBoss Operations Network
Version : 3.3.0.DR01
Build Number : 6468454:dda0a47
GWT Version : 2.5.0
SmartGWT Version : 3.0p


HA Setup:
Number of JON 3.3 servers: 2
Enabled LDAP on server 1, logged in success on server 1.
Was waiting for 60 seconds to update in server 2.

Updated within 60 seconds. Login successful in server 2 as well without restarting the server.

server.log,
05:55:20,481 INFO  [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (EJB default - 10) Security domain [RHQUserSecurityDomain] re-created with login modules..........
Comment 5 Jeeva Kandasamy 2014-08-08 10:15:15 UTC 
Database: postgres (PostgreSQL) 8.4.11
Note You need to log in before you can comment on or make changes to this bug.