Description of problem: Attempt to change LDAP settings in the RHQ UI -> Administration -> System Settings -> LDAP configuration properties via RHQ CLI does not work completely. New values will be set in the RHQ UI but they will not be propagated to the RHQ Server's JAAS Login module. Version-Release number of selected component (if applicable): RHQ 4.12 How reproducible: Always Steps to Reproduce: 1. Start RHQ; 2. Navigate to $RHQ_CLI_HOME/bin and connect (./rhq-cli.sh -u rhqadmin -p rhqadmin -s <rhq_server> -t <rhq_port> ); 3. On the command line execute: ************************************* $ var mySystemSettings = SystemManager.getSystemSettings(); $ mySystemSettings.put(SystemSetting.LDAP_BASED_JAAS_PROVIDER, "true"); false $ SystemManager.setSystemSettings(mySystemSettings) ... ************************************* 4. Navigate to RHQ UI -> Administration -> System Settings -> LDAP Configuration Properties and confirm that "Enable LDAP" is set to "Yes"; 5. Log out and try to log in again using ldap username and password Actual results: Message: "The username or password provided does not match our records. Please, fill in the fields again." is shown and user is not able to log in; Expected results: LDAP user is logged in. Additional info: To get this change properly propagated, one has to press button "Save" at the bottom of the "System Settings" page or to restart RHQ Server; The following is logged in the server.log file after button "Save" is pressed: ************************************ 10:49:09,966 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Updating RHQ Server's JAAS login modules 10:49:09,967 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Security domain [RHQUserSecurityDomain] already exists, it will be replaced. 10:49:10,630 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] (http-/0.0.0.0:7080-5) Security domain [RHQUserSecurityDomain] re-created with login modules [LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.JDBCLoginModule, flag=LoginModuleControlFlag: sufficient, moduleOptionProperties={hashAlgorithm=MD5, hashEncoding=base64}], LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.JDBCPrincipalCheckLoginModule, flag=LoginModuleControlFlag: requisite, moduleOptionProperties={hashAlgorithm=MD5, hashEncoding=base64}], LoginModuleRequest [loginModuleFQCN=org.rhq.enterprise.server.core.jaas.LdapLoginModule, flag=LoginModuleControlFlag: requisite, moduleOptionProperties={BindDN=uid=jon300, ou=People, dc=example,dc=com, Filter=, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, LoginProperty=uid, java.naming.referral=ignore, BaseDN=dc=example,dc=com, GroupFilter=cn=JON300-Users, java.naming.provider.url=ldap://my.ldap.com:389, java.naming.security.protocol=null, GroupMemberFilter=uniqueMember, BindPW=-193e3492bebd6712}]] ************************************
Fixed in the master: commit 6139191d08987ab32a3df680b0f6e3ba4852bd68 Author: Michael Burman <miburman> Date: Wed Feb 10 14:47:57 2016 +0200 [BZ 1306231] Expose reconfigureSystem in SystemManagerRemote API