This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 1306231 - Method SystemManager.setSystemSettings(settings) does not propagate LDAP changes into the RHQ Server's JAAS login modules
Method SystemManager.setSystemSettings(settings) does not propagate LDAP chan...
Status: CLOSED ERRATA
Product: JBoss Operations Network
Classification: JBoss
Component: Core Server, CLI (Show other bugs)
JON 3.3.4,JON 3.3.5
Unspecified Unspecified
high Severity high
: DR01
: JON 3.3.6
Assigned To: Michael Burman
Sunil Kondkar
: Triaged
Depends On: 1306233
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-10 06:14 EST by bkramer
Modified: 2016-07-27 11:32 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-07-27 11:32:36 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2157441 None None None 2016-02-10 07:05 EST

  None (edit)
Description bkramer 2016-02-10 06:14:32 EST
Description of problem:
Attempt to change LDAP settings in the JBoss ON UI -> Administration -> System Settings -> LDAP configuration properties via JBoss ON CLI does not work completely. New values will be set in the JBoss ON UI but they will not be propagated to the RHQ Server's JAAS Login module.  

Version-Release number of selected component (if applicable):
JBoss ON 3.3.4, 3.3.5

How reproducible:
Always

Steps to Reproduce:
1. Start JBoss ON;

2. Navigate to $JON_CLI_HOME/bin and connect (./rhq-cli.sh -u rhqadmin -p rhqadmin -s <jon_server> -t <jon_port> );

3. On the command line execute:

*************************************
$ var mySystemSettings = SystemManager.getSystemSettings();
$ mySystemSettings.put(SystemSetting.LDAP_BASED_JAAS_PROVIDER, "true");
false
$ SystemManager.setSystemSettings(mySystemSettings)
...
*************************************
4. Navigate to JBoss ON UI -> Administration -> System Settings -> LDAP Configuration Properties and confirm that "Enable LDAP" is set to "Yes";
5. Log out and try to log in again using ldap username and password

Actual results:
Message: "The username or password provided does not match our records. Please, fill in the fields again." is shown and user is not able to log in;


Expected results:
LDAP user is logged in.

Additional info:
To get this change properly propagated, one has to press button "Save" at the bottom of the "System Settings" page or to restart JBoss ON Server; The following is logged in the server.log file after button "Save" is pressed:

************************************
10:49:09,966 INFO  [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Updating RHQ Server's JAAS login modules
10:49:09,967 INFO  [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Security domain [RHQUserSecurityDomain] already exists, it will be replaced.
10:49:10,630 INFO  [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Security domain [RHQUserSecurityDomain] re-created with login modules [LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.JDBCLoginModule, flag=LoginModuleControlFlag: sufficient, moduleOptionProperties={hashAlgorithm=MD5, hashEncoding=base64}], LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.JDBCPrincipalCheckLoginModule, flag=LoginModuleControlFlag: requisite, moduleOptionProperties={hashAlgorithm=MD5, hashEncoding=base64}], LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.LdapLoginModule, flag=LoginModuleControlFlag: requisite, moduleOptionProperties={BindDN=uid=jon300, ou=People, dc=example,dc=com, Filter=, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, LoginProperty=uid, java.naming.referral=ignore, BaseDN=dc=example,dc=com, GroupFilter=cn=JON300-Users, java.naming.provider.url=ldap://my.ldap.com:389, java.naming.security.protocol=null, GroupMemberFilter=uniqueMember, BindPW=-193e3492bebd6712}]]
************************************
Comment 1 Michael Burman 2016-02-10 06:46:46 EST
You forgot to call SystemManager.reconfigureSystem(). This is what the UI does:

    public void setSystemSettings(SystemSettings settings) throws RuntimeException {
        try {
            systemManager.setSystemSettings(getSessionSubject(), settings);
            systemManager.reconfigureSystem(getSessionSubject());

So two steps are required to set settings to be active.
Comment 2 bkramer 2016-02-10 06:53:34 EST
(In reply to Michael Burman from comment #1)
> You forgot to call SystemManager.reconfigureSystem(). This is what the UI
> does:
> 
>     public void setSystemSettings(SystemSettings settings) throws
> RuntimeException {
>         try {
>             systemManager.setSystemSettings(getSessionSubject(), settings);
>             systemManager.reconfigureSystem(getSessionSubject());
> 
> So two steps are required to set settings to be active.

I know that this method exists but it is not exposed in the SystemManagerRemote - see: https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.3/html/Remote_API/files/remote-api/org/rhq/enterprise/server/system/SystemManagerRemote.html

So, I guess, this bugzilla should be changed to request exposure of the method reconfigureSystem?
Comment 3 Michael Burman 2016-02-10 07:37:35 EST
Yes, that would seem to be the more consistent solution. Changing the existing SystemManager.setSystemSettings() to do the reconfigure would cause changes elsewhere.
Comment 4 Michael Burman 2016-02-10 07:48:57 EST
Fixed in the master:

commit 6139191d08987ab32a3df680b0f6e3ba4852bd68
Author: Michael Burman <miburman@redhat.com>
Date:   Wed Feb 10 14:47:57 2016 +0200

    [BZ 1306231] Expose reconfigureSystem in SystemManagerRemote API
Comment 5 Mike McCune 2016-03-28 19:06:24 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 8 Simeon Pinder 2016-06-17 21:11:39 EDT
Moving to ON_QA as available to test with JON 3.3.6 DR01 brew build:
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=499890
Comment 9 Sunil Kondkar 2016-06-27 04:01:08 EDT
Verified on version : 3.3.0.GA Update 06 Build Number :	675641d:2fcd5b7

Verified that reconfigureSystem is exposed in SystemManagerRemote API

rhqadmin@10.65.202.219:7080$ SystemManager.                   

productInfo              reconfigureSystem        serverDetails            setSystemConfiguration   systemConfiguration      systemSettings
toString
rhqadmin@10.65.202.219:7080$ SystemManager.reconfigureSystem()

Verified that after following below steps:
systems LDAP settings in UI shows "Enable LDAP" set to "Yes" and LDAP user is able to login successfully.

$ var mySystemSettings = SystemManager.getSystemSettings();
$ mySystemSettings.put(SystemSetting.LDAP_BASED_JAAS_PROVIDER, "true");
false
$ SystemManager.setSystemSettings(mySystemSettings)
$ SystemManager.reconfigureSystem()
Comment 10 errata-xmlrpc 2016-07-27 11:32:36 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-1519.html

Note You need to log in before you can comment on or make changes to this bug.