Description of problem: Attempt to change LDAP settings in the JBoss ON UI -> Administration -> System Settings -> LDAP configuration properties via JBoss ON CLI does not work completely. New values will be set in the JBoss ON UI but they will not be propagated to the RHQ Server's JAAS Login module. Version-Release number of selected component (if applicable): JBoss ON 3.3.4, 3.3.5 How reproducible: Always Steps to Reproduce: 1. Start JBoss ON; 2. Navigate to $JON_CLI_HOME/bin and connect (./rhq-cli.sh -u rhqadmin -p rhqadmin -s <jon_server> -t <jon_port> ); 3. On the command line execute: ************************************* $ var mySystemSettings = SystemManager.getSystemSettings(); $ mySystemSettings.put(SystemSetting.LDAP_BASED_JAAS_PROVIDER, "true"); false $ SystemManager.setSystemSettings(mySystemSettings) ... ************************************* 4. Navigate to JBoss ON UI -> Administration -> System Settings -> LDAP Configuration Properties and confirm that "Enable LDAP" is set to "Yes"; 5. Log out and try to log in again using ldap username and password Actual results: Message: "The username or password provided does not match our records. Please, fill in the fields again." is shown and user is not able to log in; Expected results: LDAP user is logged in. Additional info: To get this change properly propagated, one has to press button "Save" at the bottom of the "System Settings" page or to restart JBoss ON Server; The following is logged in the server.log file after button "Save" is pressed: ************************************ 10:49:09,966 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Updating RHQ Server's JAAS login modules 10:49:09,967 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Security domain [RHQUserSecurityDomain] already exists, it will be replaced. 10:49:10,630 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Security domain [RHQUserSecurityDomain] re-created with login modules [LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.JDBCLoginModule, flag=LoginModuleControlFlag: sufficient, moduleOptionProperties={hashAlgorithm=MD5, hashEncoding=base64}], LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.JDBCPrincipalCheckLoginModule, flag=LoginModuleControlFlag: requisite, moduleOptionProperties={hashAlgorithm=MD5, hashEncoding=base64}], LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.LdapLoginModule, flag=LoginModuleControlFlag: requisite, moduleOptionProperties={BindDN=uid=jon300, ou=People, dc=example,dc=com, Filter=, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, LoginProperty=uid, java.naming.referral=ignore, BaseDN=dc=example,dc=com, GroupFilter=cn=JON300-Users, java.naming.provider.url=ldap://my.ldap.com:389, java.naming.security.protocol=null, GroupMemberFilter=uniqueMember, BindPW=-193e3492bebd6712}]] ************************************
You forgot to call SystemManager.reconfigureSystem(). This is what the UI does: public void setSystemSettings(SystemSettings settings) throws RuntimeException { try { systemManager.setSystemSettings(getSessionSubject(), settings); systemManager.reconfigureSystem(getSessionSubject()); So two steps are required to set settings to be active.
(In reply to Michael Burman from comment #1) > You forgot to call SystemManager.reconfigureSystem(). This is what the UI > does: > > public void setSystemSettings(SystemSettings settings) throws > RuntimeException { > try { > systemManager.setSystemSettings(getSessionSubject(), settings); > systemManager.reconfigureSystem(getSessionSubject()); > > So two steps are required to set settings to be active. I know that this method exists but it is not exposed in the SystemManagerRemote - see: https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Remote_API/files/remote-api/org/rhq/enterprise/server/system/SystemManagerRemote.html So, I guess, this bugzilla should be changed to request exposure of the method reconfigureSystem?
Yes, that would seem to be the more consistent solution. Changing the existing SystemManager.setSystemSettings() to do the reconfigure would cause changes elsewhere.
Fixed in the master: commit 6139191d08987ab32a3df680b0f6e3ba4852bd68 Author: Michael Burman <miburman> Date: Wed Feb 10 14:47:57 2016 +0200 [BZ 1306231] Expose reconfigureSystem in SystemManagerRemote API
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Moving to ON_QA as available to test with JON 3.3.6 DR01 brew build: https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=499890
Verified on version : 3.3.0.GA Update 06 Build Number : 675641d:2fcd5b7 Verified that reconfigureSystem is exposed in SystemManagerRemote API rhqadmin.202.219:7080$ SystemManager. productInfo reconfigureSystem serverDetails setSystemConfiguration systemConfiguration systemSettings toString rhqadmin.202.219:7080$ SystemManager.reconfigureSystem() Verified that after following below steps: systems LDAP settings in UI shows "Enable LDAP" set to "Yes" and LDAP user is able to login successfully. $ var mySystemSettings = SystemManager.getSystemSettings(); $ mySystemSettings.put(SystemSetting.LDAP_BASED_JAAS_PROVIDER, "true"); false $ SystemManager.setSystemSettings(mySystemSettings) $ SystemManager.reconfigureSystem()
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-1519.html