+++ This bug was initially created as a clone of Bug #1122549 +++ Description of problem: When the system setting has 'Enable Login Without Roles' value as 'No', and ldap group is mapped to a role in UI, ldap user login does not display the ldap user registration screen and there is a stack trace in server log. Please refer the attached stack trace in server log. Version-Release number of selected component (if applicable): Version : 4.13.0-SNAPSHOT Build Number : 25f82ba Active Directory version used: Windows server 2008 Active Directory How reproducible: Always Steps to Reproduce: 1. LDAP group 'testgrp1' has a ldap member 'vijay'. 2. The system setting 'Enable Login Without Roles' in UI has value 'No' 3. Create a compatible group of resources 4. Create a role and assign LDAP group 'testgrp1' to the role. 5. assign the resource group to the role. 6. Try to login as ldap user 'vijay' 7. There is an error in server log 8. The login screen refreshes, however, LDAP user registration screen does not appear. Note: - After 8th step, Log in as rhqadmin - Observe that 'Administration->Users' display the user 'vijay' in user list - Observe that the 'Users' tab of the role displays the user vijay in 'Available Users' section. - Now logout and try to login as ldap user: The server displays below: 18:31:30,543 ERROR [org.rhq.enterprise.gui.authentication.AuthenticateUserAction] (http-/0.0.0.0:7080-13) Could not log into the web application: org.rhq.enterprise.server.exception.LoginException: There are no preconfigured roles for user [vijay] - Now login as rhqadmin again and manually assign the ldap user 'vijay' to 'Assigned Users' section of the role and try to login as ldap user, the login succeeds and user is able to access the assigned resource group member. Actual results: LDAP user registration screen does not appear when 'Enable Login Without Roles' has value 'No' Expected results: LDAP user registration screen should appear when 'Enable Login Without Roles' has value 'No' - as the ldap group is mapped to RHQ role. Additional info: When the system setting 'Enable Login Without Roles' in UI has value 'yes' - Tried to login as ldap user 'vijay' - There is same error in server log as attached. - Now the user registration screen appears. User does not have access to assigned resource group member. - When I manually assign the user to 'Assigned Users' section of the role, the user is able to access the assigned resource group member. --- Additional comment from Sunil Kondkar on 2014-07-23 09:31:26 EDT ---
branch: master link: https://github.com/rhq-project/rhq/commit/12c727d8b time: 2014-07-29 17:48:51 +0200 commit: 12c727d8b96694fb60cb119b95aceeeeece02190 author: Jirka Kremser - jkremser message: [BZ 1122549] - LDAP user registration screen does not appear when 'Enable Login Without Roles' has value 'No' - SubjectManagerBean.processSubjectForLdap() was calling the SubjectManagerBean.login() where the exception was thrown, but the roles get assigned after this step. Now the login method is called with additional parameter that says 'don't do the role checking'. There was also a logical error that actually caused that no RHQ roles (based on LDAP group) were assigned at all (it was done correctly only when the log level was set to DEBUG) btw. why 2 JON bugs for the same thing? (see bug 1122549), I guess 1 should be marked as project one or a dupe.
*** This bug has been marked as a duplicate of bug 1122549 ***