Bug 1317745 - If the email address is not updated correctly in the LDAP server then while logining in to satellite webui with same username should throw valid error message.
Summary: If the email address is not updated correctly in the LDAP server then while l...
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.1.7
Hardware: x86_64
OS: Linux
medium vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Ivan Necas
URL: http://projects.theforeman.org/issues...
Depends On:
TreeView+ depends on / blocked
Reported: 2016-03-15 04:44 UTC by Ashish Humbe
Modified: 2019-08-12 16:18 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2018-02-21 16:51:07 UTC
Target Upstream Version:

Attachments (Terms of Use)
verification screenshot (39.91 KB, image/png)
2017-08-30 08:40 UTC, Ivan Necas
no flags Details

System ID Priority Status Summary Last Updated
Foreman Issue Tracker 14720 None None None 2016-04-26 16:59:42 UTC
Red Hat Bugzilla 1342019 None None None Never
Red Hat Knowledge Base (Solution) 2198711 None None None 2016-03-15 04:56:19 UTC

Internal Links: 1342019

Description Ashish Humbe 2016-03-15 04:44:10 UTC
Description of problem:

If the email address is not updated correctly in the LDAP, then while logging to satellite webui with same username fails with error "Incorrect username or password" error. 

But the error message from production log says "Email address is invalid"

Error message from log file: 

2016-03-11 04:18:15 [I] Failed to save User 'sat6-user2' ["Email address is invalid"]
2016-03-11 04:18:15 [I] invalid user
2016-03-11 04:18:15 [I] Redirected to https://satellite.example.com/users/login
2016-03-11 04:18:15 [I] Completed 302 Found in 945ms (ActiveRecord: 2.7ms)

The error message in the webui is misleading, so the customer's expectation is to have a proper error message in WEB GUI like "XXX (here email) parameter(s) are not correct please correct it".

Version-Release number of selected component (if applicable):
Satellite v 6.1.9

How reproducible:
Always when the invalid email address is stored in the LDAP server.

Steps to Reproduce:
1. Create a user in LDAP with invalid email ie: user#domain
2. Setup LDAP authentication on the satellite server
3. Try to login as a LDAP user to the satellite webui.

Actual results:
User login fails with error "Incorrect username or password" error. 

Expected results:
Correct error message should be displayed on the login page if any of the LDAP parameter is not set correctly. 

Additional info:

Comment 3 Bryan Kearney 2016-04-19 19:28:42 UTC
Connecting redmine issue http://projects.theforeman.org/issues/14720 from this bug

Comment 5 Bryan Kearney 2016-07-13 20:12:02 UTC
Moving to POST since upstream bug http://projects.theforeman.org/issues/14720 has been closed

Comment 10 Ivan Necas 2017-08-30 08:39:39 UTC
Verification version: Satellite 6.3 Snap 13

1. configure the ldap authentication
2. set the user email to invalid. I was using FreeIPA, that didn't let me to
set up the email incorrectly via WebUI, so I did this

cat change-mail.ldif 
dn: uid=test2,cn=users,cn=accounts,dc=example,dc=test
changetype: modify
replace: mail
mail: test#domain

ldapmodify -D "uid=admin,cn=users,cn=accounts,dc=example,dc=test" -w Secret123  -h ibm-dx360m4-01.rhts.eng.bos.redhat.com -f change-mail.ldif 

3. try to login

Got: user created with info about invalid data and asking the user to update (see the screenhost)

Comment 11 Ivan Necas 2017-08-30 08:40:15 UTC
Created attachment 1319934 [details]
verification screenshot

Comment 12 pm-sat@redhat.com 2018-02-21 16:51:07 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> For information on the advisory, and where to find the updated files, follow the link below.
> If the solution does not work for you, open a new bug report.
> https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.