Bug 1195607 - Deleteing an external AD user-group should disassociate the users from the user-group associated
Summary: Deleteing an external AD user-group should disassociate the users from the us...
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Hammer
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
high vote
Target Milestone: Unspecified
Assignee: Marek Hulan
QA Contact: Kedar Bidarkar
URL: http://projects.theforeman.org/issues...
Depends On:
TreeView+ depends on / blocked
Reported: 2015-02-24 07:49 UTC by Kedar Bidarkar
Modified: 2017-02-23 20:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-08-12 13:56:58 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 9878 0 None None None 2016-04-22 15:58:45 UTC

Description Kedar Bidarkar 2015-02-24 07:49:10 UTC
Description of problem:
Deleteing an external AD user-group should disassociate the users from the user-group which was associated to.

Version-Release number of selected component (if applicable):
sat6.1 Beta snap3

How reproducible:
deleting an external AD User-group from the CLI and checking the User-Group,  it appears the users are still associated under the User-group.

Steps to Reproduce:
1. create an User-Group 
2. Add an External AD User Group
3. Try logging in with some users of the above External AD UserGroup
4. Make sure the Users from AD are associated with the User-Group.
5. Now delete the External AD User Group
6. Note that the Users are still associated 

Actual results:

Users are still associated, even after the deletion of the External AD User-group.

Expected results:

Users should get dis-associated, after the deletion of the External AD User-group.

Additional info:

Not sure 100% about the bug but feel let's track this issue here.

Comment 3 Kedar Bidarkar 2015-03-02 09:06:05 UTC
NOTE: foobar is the user from AD which also belongs to user-group foobargroup in AD.

[root@xyzabc ~]# hammer -u admin -p changeme user-group info --id 1 
Id:                   1
Name:                 katello
User groups:          

External user groups: 

    View hosts
Created at:           2015/03/02 08:35:24
Updated at:           2015/03/02 08:35:24

Comment 4 Kedar Bidarkar 2015-03-02 09:10:12 UTC
As seen in comment 3, though the external user groups appears empty after it's removed, the user is still associated with the 'katello' user-group. 

As seen it's still able to perform the Roles of 'view hosts', which I feel is a bug.

Comment 5 Kedar Bidarkar 2015-03-02 15:16:11 UTC
Cron-job getting run, foreman-rake command running and users logging in **makes no difference**,  as I see the issue even after:

a) cron-job getting run after the "Admin deletes link between 'bar' and 'foo'"  
b) the admin running "foreman-rake ldap:refresh_usergroups" on sat6
c) the users have logged in, they still can access the pages as per the roles.

NOTE: I have tried this with latest sat6.1 snap4.

We need to fix this for satellite6.1.

Comment 6 Marek Hulan 2015-03-24 09:20:51 UTC
Created redmine issue http://projects.theforeman.org/issues/9878 from this bug

Comment 8 Kedar Bidarkar 2015-05-05 16:51:57 UTC
when comparing it with comment 3, the user "foobar" is no longer associated with the user-group "katello".  

[root@xyzabc ~]# hammer -u admin -p changeme user-group external delete --id 1 --user-group-id 1
External user group deleted
[root@xyzabc ~]# hammer -u admin -p changeme user-group info --id 1 
Id:                   1
Name:                 katello

User groups:          

External user groups: 

    View hosts
    Tasks Reader
    Tasks Manager
    Site manager
    Red Hat Access Logs
    Edit partition tables
    Edit hosts
    Discovery Reader
    Discovery Manager
    Boot disk access
Created at:           2015/05/05 22:17:01
Updated at:           2015/05/05 22:17:01


[root@xyzabc ~]# hammer -u admin -p changeme user info --id 4
Id:                   4
Login:                foobar
Name:                 foobar 
Email:                foobar@fortellolabs.org
Admin:                no
Authorized by:        
Last login:           2015/05/05 22:26:54
Default organization: Default Organization
Default location:     Default Location
User groups:          

    Default Location
    Default Organization
Created at:           2015/05/05 22:18:41
Updated at:           2015/05/05 22:26:54

VERIFIED with sat6.1-GA-SNAP2

Comment 9 Bryan Kearney 2015-08-11 13:30:47 UTC
This bug is slated to be released with Satellite 6.1.

Comment 10 Bryan Kearney 2015-08-12 13:56:58 UTC
This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.

Note You need to log in before you can comment on or make changes to this bug.