Bug 1290187 - Cannot configure external authentication (httpd) with non-generic server domain
Cannot configure external authentication (httpd) with non-generic server domain
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance (Show other bugs)
Unspecified Unspecified
high Severity high
: GA
: 5.5.2
Assigned To: Gregg Tanzillo
Milan Falešník
: ZStream
Depends On: 1247787
  Show dependency treegraph
Reported: 2015-12-09 15:10 EST by John Prause
Modified: 2016-02-10 10:23 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In the previous version of CloudForms Management Engine, it was not possible to configure the appliance to authenticate against a Red Hat IPA domain server if the IPA domain name was composed of only a top-level domain name. This was due to validation that required the IPA domain name to contain a sub-domain name and a top-level domain name. This bug was fixed by relaxing the validation rule to allow the IPA domain name to be composed of only a top-level domain name. With this change, it is possible to configure an appliance running the new version of CloudForms Manamgent Engine to authenticate against an IPA domain with a domain name composed of only a top-level domain.
Story Points: ---
Clone Of: 1247787
Last Closed: 2016-02-10 10:23:35 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 2 Tim Wade 2015-12-14 11:52:36 EST
PR: https://github.com/ManageIQ/manageiq/pull/5812
Comment 3 Marianne Feifer 2016-01-10 19:39:31 EST
GT, I'm trying to draft doc text for this, but I'm finding it hard to follow.  

What we need is:

What caused the problem?

What was the consequence?

What fixed it?
Comment 4 Tim Wade 2016-01-12 11:08:25 EST

I'll try my best to summarize:

| What caused the problem?

Validation for external authentication prevented the customer from entering a top-level domain under IPA server domain.

| What was the consequence?

They couldn't configure external authentication

| What fixed it?

We relaxed the validation to allow top-level domains.

Let me know if you have any further questions.

Comment 9 Milan Falešník 2016-01-25 05:32:39 EST
# vmdb

# appliance_console   # Then Enter, 10, Enter

Configure External Authentication (httpd)

IPA Server Parameters:

Enter the IPA Server Hostname: test1.domain
Enter the IPA Server Domain: domain
Enter the IPA Server Realm: |DOMAIN| 
Enter the IPA Server Principal: |admin| 
Enter the IPA Server Principal Password: ***

External Authentication (httpd) Configuration:
IPA Server Details:
  Hostname:       test1.domain
  Domain:         domain
  Realm:          DOMAIN
  Naming Context: dc=domain
  Principal:      admin

Proceed? (Y/N):
So it now accepts the TLD as a domain.
Comment 10 errata-xmlrpc 2016-02-10 10:23:35 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.