Red Hat Bugzilla – Bug 1236216
hammer auth-source does not allow all the settings
Last modified: 2017-02-23 14:53:21 EST
Description of problem: Using hammer auth-source to add an LDAP Authentication source does not allow a number of paramters to be set: - 'Server Type' cannot be set and defaults to POSIX (I have to manually change this to 'Active Directory') - 'Groups base DN' cannot be set - 'LDAP filter' cannot be set. # hammer auth-source ldap create --help Usage: hammer auth-source ldap create [OPTIONS] Options: --account ACCOUNT --account-password ACCOUNT_PASSWORD required if onthefly_register is true --attr-firstname ATTR_FIRSTNAME required if onthefly_register is true --attr-lastname ATTR_LASTNAME required if onthefly_register is true --attr-login ATTR_LOGIN required if onthefly_register is true --attr-mail ATTR_MAIL required if onthefly_register is true --attr-photo ATTR_PHOTO --base-dn BASE_DN --host HOST --name NAME --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0. --port PORT defaults to 389 --tls TLS One of true/false, yes/no, 1/0. -h, --help print help Version-Release number of selected component (if applicable): 6.1 public beta. How reproducible: Always. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Created redmine issue http://projects.theforeman.org/issues/11033 from this bug
https://github.com/theforeman/hammer-cli/pull/173 is related and allows Hammer CLI to print the available values in hammer auth-source ldap create --help
Moving to POST since upstream bug http://projects.theforeman.org/issues/11033 has been closed ------------- Martin Bacovsky Applied in changeset commit:66f3267354ee2a7391ef8feba27d1cb050d9b5df.
*** Bug 1242527 has been marked as a duplicate of this bug. ***
~]# hammer auth-source ldap create --help Usage: hammer auth-source ldap create [OPTIONS] Options: --account ACCOUNT --account-password ACCOUNT_PASSWORD required if onthefly_register is true --attr-firstname ATTR_FIRSTNAME required if onthefly_register is true --attr-lastname ATTR_LASTNAME required if onthefly_register is true --attr-login ATTR_LOGIN required if onthefly_register is true --attr-mail ATTR_MAIL required if onthefly_register is true --attr-photo ATTR_PHOTO --base-dn BASE_DN --groups-base GROUPS_BASE groups base DN --host HOST --ldap-filter LDAP_FILTER LDAP filter --name NAME --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0. --port PORT defaults to 389 --server-type SERVER_TYPE type of the LDAP server --tls TLS One of true/false, yes/no, 1/0. -h, --help print help We now do have the options, but "server type" accepts only particular values like below, which unless specified by the CLI is not known to the user. a) active_directory b) free_ipa c) posix Providing these values for CLI is must, otherwise it would be annoying for the users.
As mentioned in Comment #4 there is related update in hammer-cli: https://github.com/mbacovsky/hammer-cli/commit/6bb7e02615666ddd87bfa311118535e279e32571 which allows hammer to print the available types. $ hammer auth-source ldap create -h Usage: hammer auth-source ldap create [OPTIONS] Options: --account ACCOUNT --account-password ACCOUNT_PASSWORD required if onthefly_register is true --attr-firstname ATTR_FIRSTNAME required if onthefly_register is true --attr-lastname ATTR_LASTNAME required if onthefly_register is true --attr-login ATTR_LOGIN required if onthefly_register is true --attr-mail ATTR_MAIL required if onthefly_register is true --attr-photo ATTR_PHOTO --base-dn BASE_DN --groups-base GROUPS_BASE groups base DN --host HOST --ldap-filter LDAP_FILTER LDAP filter --name NAME --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0. --port PORT defaults to 389 --server-type SERVER_TYPE type of the LDAP server Possible value(s): 'free_ipa', 'active_directory', 'posix' --tls TLS One of true/false, yes/no, 1/0. --usergroup-sync USERGROUP_SYNC sync external user groups on login One of true/false, yes/no, 1/0. -h, --help print help
We now do see the possible values for "server_type", as shown below. ~]# hammer -u admin -p changeme auth-source ldap create --help Usage: hammer auth-source ldap create [OPTIONS] Options: --account ACCOUNT --account-password ACCOUNT_PASSWORD required if onthefly_register is true --attr-firstname ATTR_FIRSTNAME required if onthefly_register is true --attr-lastname ATTR_LASTNAME required if onthefly_register is true --attr-login ATTR_LOGIN required if onthefly_register is true --attr-mail ATTR_MAIL required if onthefly_register is true --attr-photo ATTR_PHOTO --base-dn BASE_DN --groups-base GROUPS_BASE groups base DN --host HOST --ldap-filter LDAP_FILTER LDAP filter --name NAME --onthefly-register ONTHEFLY_REGISTER One of true/false, yes/no, 1/0. --port PORT defaults to 389 --server-type SERVER_TYPE type of the LDAP server Possible value(s): 'free_ipa', 'active_directory', 'posix' --tls TLS One of true/false, yes/no, 1/0. VERIFIED With sat6.1.2 20150826.0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2015:1786