Milan, can you look into this please and work with Martin, thanks!
The login works properly IF the LDAP configuration is correct. Funny things start to happen when the configuration is not connect and Validate does not detect it. (AFAIK)
Eric, can we close this as not a bug? QE believes this is working.
Dave, please note that there *is* a bug, and the crash *does* happen. However, the bug is only triggered with incorrect (or even slightly incorrect) configurations, and the resolution should be to add some checks and an error message more useful than a crash. (I'm working on that.) So the severity is probably not high, but I think you shouldn't close it completely. Or, if you do, please create a new one along the lines of "LDAP login attempt with incorrect configuration crashes miq" and assign or notify me about it.
Ok, so we reopened this one, sounds like we should update the summary to LDAP login attempt with incorrect configuration crashes miq Right Martin?
New commit detected on manageiq/master: https://github.com/ManageIQ/manageiq/commit/4a42855f610dd0ff8036e2d86a4cdff2a921e7ac commit 4a42855f610dd0ff8036e2d86a4cdff2a921e7ac Author: Martin Hradil <mhradil> AuthorDate: Wed Mar 25 12:58:53 2015 +0000 Commit: Martin Hradil <mhradil> CommitDate: Wed Mar 25 13:17:51 2015 +0000 Prevent crash when LDAP user authentication succeeds but the user shouldn't login anyway In these cases, the user is not created nor found and UserValidationService#validate_user passes nil to session_reset, which couldn't handle it. https://bugzilla.redhat.com/show_bug.cgi?id=1203713 vmdb/app/controllers/dashboard_controller.rb | 1 + 1 file changed, 1 insertion(+)
Agreed.
Created attachment 1025628 [details] Ldap With no Base DN and Bind DN also validate button says :LDAP Settings validation was successful
Build 5.4.0.0.26.20150511144816_f924bd4
sshveta.. Please, ask an actual question when you add needinfo, I'm really not sure what you need.. However, LDAP validation does not actually check Base DN at all, and not having a Bind DN is ..not wrong. (In fact, with the QE LDAP server at least, Net::LDAP's ldap.bind does return true after calling ldap.auth with empty bind_dn and password.) So from my POV, this is correct. (Note that when you do specify Bind DN, it does fail with invalid password.)
Verified in 5.4.0.0.26.20150511144816_f924bd4
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1100.html