Description of problem: Deleteing an external AD user-group should disassociate the users from the user-group which was associated to. Version-Release number of selected component (if applicable): sat6.1 Beta snap3 How reproducible: deleting an external AD User-group from the CLI and checking the User-Group, it appears the users are still associated under the User-group. Steps to Reproduce: 1. create an User-Group 2. Add an External AD User Group 3. Try logging in with some users of the above External AD UserGroup 4. Make sure the Users from AD are associated with the User-Group. 5. Now delete the External AD User Group 6. Note that the Users are still associated Actual results: Users are still associated, even after the deletion of the External AD User-group. Expected results: Users should get dis-associated, after the deletion of the External AD User-group. Additional info: Not sure 100% about the bug but feel let's track this issue here.
NOTE: foobar is the user from AD which also belongs to user-group foobargroup in AD. [root@xyzabc ~]# hammer -u admin -p changeme user-group info --id 1 Id: 1 Name: katello Users: foobar User groups: External user groups: Roles: View hosts Created at: 2015/03/02 08:35:24 Updated at: 2015/03/02 08:35:24
As seen in comment 3, though the external user groups appears empty after it's removed, the user is still associated with the 'katello' user-group. As seen it's still able to perform the Roles of 'view hosts', which I feel is a bug.
Cron-job getting run, foreman-rake command running and users logging in **makes no difference**, as I see the issue even after: a) cron-job getting run after the "Admin deletes link between 'bar' and 'foo'" b) the admin running "foreman-rake ldap:refresh_usergroups" on sat6 c) the users have logged in, they still can access the pages as per the roles. NOTE: I have tried this with latest sat6.1 snap4. We need to fix this for satellite6.1.
Created redmine issue http://projects.theforeman.org/issues/9878 from this bug
when comparing it with comment 3, the user "foobar" is no longer associated with the user-group "katello". [root@xyzabc ~]# hammer -u admin -p changeme user-group external delete --id 1 --user-group-id 1 External user group deleted [root@xyzabc ~]# hammer -u admin -p changeme user-group info --id 1 Id: 1 Name: katello Users: User groups: External user groups: Roles: Viewer View hosts Tasks Reader Tasks Manager Site manager Red Hat Access Logs Manager Edit partition tables Edit hosts Discovery Reader Discovery Manager Boot disk access Created at: 2015/05/05 22:17:01 Updated at: 2015/05/05 22:17:01 ------------------------------------------- [root@xyzabc ~]# hammer -u admin -p changeme user info --id 4 Id: 4 Login: foobar Name: foobar Email: foobar Admin: no Authorized by: Last login: 2015/05/05 22:26:54 Default organization: Default Organization Default location: Default Location Roles: Anonymous User groups: Locations: Default Location Organizations: Default Organization Created at: 2015/05/05 22:18:41 Updated at: 2015/05/05 22:26:54 VERIFIED with sat6.1-GA-SNAP2
This bug is slated to be released with Satellite 6.1.
This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.