Bug 1296300 - ldap users are unable to switch to new ldap groups after re-authenticating [NEEDINFO]
ldap users are unable to switch to new ldap groups after re-authenticating
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance (Show other bugs)
All All
medium Severity medium
: GA
: cfme-future
Assigned To: Gregg Tanzillo
Matt Pusateri
Depends On:
  Show dependency treegraph
Reported: 2016-01-06 15:31 EST by Josh Carter
Modified: 2017-08-30 10:36 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-08-28 10:45:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
rcaldwell: needinfo? (gtanzill)

Attachments (Terms of Use)

  None (edit)
Description Josh Carter 2016-01-06 15:31:16 EST
Description of problem:

If a user is recently added to another ldap group that already exist as a cloudforms group that user is unable to switch to that group after re-authenticating. 

 However, what we are seeing is that the change in group membership is not noticed by the CFME engine.  The only way that we have found to make CFME aware of the group membership change is to go to Configure->Configuration->Access Control, then select the group that he/she was added to. From there, we have to click Configuration->Edit this Group, click the “Look Up LDAP Groups” check box, Type in the “User to Look Up”, Enter our AD credentials (Username/Password) with read access to all groups in LDAP, click the Retrieve button. This will present another list box with the groups that the “user” is a member of in AD. The box is called “LDAP Groups for User”. From the list box, we select the AD Group Name, which is exactly the same name of the Group we are editing.

Version-Release number of selected component (if applicable): 5.5.0

How reproducible:

Steps to Reproduce:
1. Use existing user-defined LDAP Groups, which are pre-defined in Active Directory.
2. Add these groups to CloudForms and assign a role to the user-defined group.
3. Add an AD user to another AD Group, which is already created in CloudForms.
4. Log out as that user and log back in as the same user. 
5. User is unable to switch to the newly added ldap group after re-authenticating 

Actual results:

User group membership is not being updated. 
Expected results:

User should have their group membership updated on each login to reflect an accurate group list. 

Additional info:
Comment 2 Chris Pelland 2017-08-28 10:45:59 EDT
This bug has been open for more than a year and is assigned to an older release of CloudForms. 
If you would like to keep this Bugzilla open and if the issue is still present in the latest version of the product, please file a new Bugzilla which will be added and assigned to the latest release of CloudForms.

Note You need to log in before you can comment on or make changes to this bug.