1236216 – hammer auth-source does not allow all the settings

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1236216 - hammer auth-source does not allow all the settings

Summary: hammer auth-source does not allow all the settings

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Hammer
Sub Component:
Version:	6.1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	Martin Bacovsky
QA Contact:	Kedar Bidarkar
Docs Contact:
URL:	http://projects.theforeman.org/issues...
Whiteboard:
Duplicates (1):	1242527 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-06-26 21:10 UTC by Andrew Schofield
Modified:	2019-08-15 04:47 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-09-15 07:22:13 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	1607873	0	None	None	None	Never
Red Hat Product Errata	RHBA-2015:1786	0	normal	SHIPPED_LIVE	Satellite 6.1.2 bug fix update	2015-09-15 11:20:04 UTC

Description Andrew Schofield 2015-06-26 21:10:09 UTC

Description of problem:

Using hammer auth-source to add an LDAP Authentication source does not allow a number of paramters to be set:

- 'Server Type' cannot be set and defaults to POSIX (I have to manually change this to 'Active Directory')
- 'Groups base DN' cannot be set
- 'LDAP filter' cannot be set.


# hammer auth-source ldap create --help
Usage:
    hammer auth-source ldap create [OPTIONS]

Options:
 --account ACCOUNT
 --account-password ACCOUNT_PASSWORD   required if onthefly_register is true
 --attr-firstname ATTR_FIRSTNAME       required if onthefly_register is true
 --attr-lastname ATTR_LASTNAME         required if onthefly_register is true
 --attr-login ATTR_LOGIN               required if onthefly_register is true
 --attr-mail ATTR_MAIL                 required if onthefly_register is true
 --attr-photo ATTR_PHOTO
 --base-dn BASE_DN
 --host HOST
 --name NAME
 --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0.
 --port PORT                           defaults to 389
 --tls TLS                             One of true/false, yes/no, 1/0.
 -h, --help                            print help


Version-Release number of selected component (if applicable):
6.1 public beta.

How reproducible:
Always.

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 RHEL Program Management 2015-06-26 21:12:27 UTC

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 3 Martin Bacovsky 2015-07-07 11:49:28 UTC

Created redmine issue http://projects.theforeman.org/issues/11033 from this bug

Comment 4 Martin Bacovsky 2015-07-07 14:54:40 UTC

https://github.com/theforeman/hammer-cli/pull/173 is related and allows Hammer CLI to print the available values in hammer auth-source ldap create --help

Comment 5 Bryan Kearney 2015-07-08 12:04:45 UTC

Moving to POST since upstream bug http://projects.theforeman.org/issues/11033 has been closed
-------------
Martin Bacovsky
Applied in changeset commit:66f3267354ee2a7391ef8feba27d1cb050d9b5df.

Comment 8 Bryan Kearney 2015-07-20 10:50:27 UTC

*** Bug 1242527 has been marked as a duplicate of this bug. ***

Comment 9 Kedar Bidarkar 2015-07-23 10:19:23 UTC

 ~]# hammer auth-source ldap create --help
Usage:
    hammer auth-source ldap create [OPTIONS]

Options:
 --account ACCOUNT                      
 --account-password ACCOUNT_PASSWORD   required if onthefly_register is true
 --attr-firstname ATTR_FIRSTNAME       required if onthefly_register is true
 --attr-lastname ATTR_LASTNAME         required if onthefly_register is true
 --attr-login ATTR_LOGIN               required if onthefly_register is true
 --attr-mail ATTR_MAIL                 required if onthefly_register is true
 --attr-photo ATTR_PHOTO                
 --base-dn BASE_DN                      
 --groups-base GROUPS_BASE             groups base DN
 --host HOST                            
 --ldap-filter LDAP_FILTER             LDAP filter
 --name NAME                            
 --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0.
 --port PORT                           defaults to 389
 --server-type SERVER_TYPE             type of the LDAP server
 --tls TLS                             One of true/false, yes/no, 1/0.
 -h, --help                            print help


We now do have the options, but "server type" accepts only particular values like below, which unless specified by the CLI is not known to the user.

a) active_directory
b) free_ipa
c) posix

Providing these values for CLI is must, otherwise it would be annoying for the users.

Comment 10 Martin Bacovsky 2015-07-23 13:13:17 UTC

As mentioned in Comment #4 there is related update in hammer-cli:
https://github.com/mbacovsky/hammer-cli/commit/6bb7e02615666ddd87bfa311118535e279e32571
which allows hammer to print the available types.

$ hammer auth-source ldap create -h
Usage:
    hammer auth-source ldap create [OPTIONS]

Options:
 --account ACCOUNT                      
 --account-password ACCOUNT_PASSWORD   required if onthefly_register is true
 --attr-firstname ATTR_FIRSTNAME       required if onthefly_register is true
 --attr-lastname ATTR_LASTNAME         required if onthefly_register is true
 --attr-login ATTR_LOGIN               required if onthefly_register is true
 --attr-mail ATTR_MAIL                 required if onthefly_register is true
 --attr-photo ATTR_PHOTO                
 --base-dn BASE_DN                      
 --groups-base GROUPS_BASE             groups base DN
 --host HOST                            
 --ldap-filter LDAP_FILTER             LDAP filter
 --name NAME                            
 --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0.
 --port PORT                           defaults to 389
 --server-type SERVER_TYPE             type of the LDAP server
                                       Possible value(s): 'free_ipa', 'active_directory', 'posix'
 --tls TLS                             One of true/false, yes/no, 1/0.
 --usergroup-sync USERGROUP_SYNC       sync external user groups on login
                                       One of true/false, yes/no, 1/0.
 -h, --help                            print help

Comment 12 Kedar Bidarkar 2015-09-01 14:12:14 UTC

We now do see the possible values for "server_type", as shown below.

~]# hammer -u admin -p changeme auth-source ldap create --help
Usage:
    hammer auth-source ldap create [OPTIONS]

Options:
 --account ACCOUNT                      
 --account-password ACCOUNT_PASSWORD   required if onthefly_register is true
 --attr-firstname ATTR_FIRSTNAME       required if onthefly_register is true
 --attr-lastname ATTR_LASTNAME         required if onthefly_register is true
 --attr-login ATTR_LOGIN               required if onthefly_register is true
 --attr-mail ATTR_MAIL                 required if onthefly_register is true
 --attr-photo ATTR_PHOTO                
 --base-dn BASE_DN                      
 --groups-base GROUPS_BASE             groups base DN
 --host HOST                            
 --ldap-filter LDAP_FILTER             LDAP filter
 --name NAME                            
 --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0.
 --port PORT                           defaults to 389
 --server-type SERVER_TYPE             type of the LDAP server
                                       Possible value(s): 'free_ipa', 'active_directory', 'posix'
 --tls TLS                             One of true/false, yes/no, 1/0.


VERIFIED With sat6.1.2 20150826.0

Comment 14 errata-xmlrpc 2015-09-15 07:22:13 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:1786

Note You need to log in before you can comment on or make changes to this bug.