Red Hat Bugzilla – Bug 1296300
ldap users are unable to switch to new ldap groups after re-authenticating
Last modified: 2017-08-30 10:36:50 EDT
Description of problem:
If a user is recently added to another ldap group that already exist as a cloudforms group that user is unable to switch to that group after re-authenticating.
However, what we are seeing is that the change in group membership is not noticed by the CFME engine. The only way that we have found to make CFME aware of the group membership change is to go to Configure->Configuration->Access Control, then select the group that he/she was added to. From there, we have to click Configuration->Edit this Group, click the “Look Up LDAP Groups” check box, Type in the “User to Look Up”, Enter our AD credentials (Username/Password) with read access to all groups in LDAP, click the Retrieve button. This will present another list box with the groups that the “user” is a member of in AD. The box is called “LDAP Groups for User”. From the list box, we select the AD Group Name, which is exactly the same name of the Group we are editing.
Version-Release number of selected component (if applicable): 5.5.0
Steps to Reproduce:
1. Use existing user-defined LDAP Groups, which are pre-defined in Active Directory.
2. Add these groups to CloudForms and assign a role to the user-defined group.
3. Add an AD user to another AD Group, which is already created in CloudForms.
4. Log out as that user and log back in as the same user.
5. User is unable to switch to the newly added ldap group after re-authenticating
User group membership is not being updated.
User should have their group membership updated on each login to reflect an accurate group list.
This bug has been open for more than a year and is assigned to an older release of CloudForms.
If you would like to keep this Bugzilla open and if the issue is still present in the latest version of the product, please file a new Bugzilla which will be added and assigned to the latest release of CloudForms.