1326129 – user groups from ldap trusted forest are not retrieved.

Bug 1326129 - user groups from ldap trusted forest are not retrieved.

Summary: user groups from ldap trusted forest are not retrieved.

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat CloudForms Management Engine
Classification:	Red Hat
Component:	Appliance
Sub Component:
Version:	5.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	GA
Target Release:	cfme-future
Assignee:	Gregg Tanzillo
QA Contact:	Matt Pusateri
Docs Contact:
URL:
Whiteboard:	ldap
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-04-11 22:18 UTC by amogh
Modified:	2019-12-16 05:38 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-28 14:46:40 UTC
Category:	---
Cloudforms Team:	---
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description amogh 2016-04-11 22:18:39 UTC

Description of problem:

user groups from ldap trusted forest are not retrieved.

Version-Release number of selected component (if applicable):

5.5.3.4.20160407153134_b3e2a83

How reproducible:
always

Configuration:
1. Create the user "ldaptest" and group "engineering" in ldap:"cfme-qe-ldap", and add "ldaptest" user to "engineering" group.
2. Create the user "ldaptest" and group "cfme" in ldap:"cfme-qe-ipa" and add "ldaptest" user to "cfme" group.

Steps to Reproduce:
1. Login as "admin" and navigate to configure->configuration->authentication
2. change the authentication mode to 'ldap'
3. specify the hostname for the "cfme-qe-ipa", as the primary ldap.
4. in the "Role Settings" check "Get User Groups from LDAP", observe that "Trusted Forest Settings" table displayed below. specify "Base DN" and "Bind DN"
5. click on '+' to add "Trusted Forest Settings", specify HostName as "cfme-qe-ldap",enter valid Base DN, Bind DN and 'Bind Password' click add the trusted forest and click "Save"
6. navigate to "access control"-> "groups"->"add new group", check (Look Up LDAP Groups), specify the user "ldaptest", click retrieve. Observe that only the groups(cfme) from Primary ldap (cfme-qe-ipa) are retrieved. no group(engineering) from "cfme-qe-ldap" is reqtrieved.
7. manually add the group "engineering", logout and login as "ldaptest". Observe that login fails for the user "ldaptest"

however, the "engineering" group retrieve works and login for "ldaptest" works if "cfme-qe-ldap" is specified as the primary ldap.

Actual results:
user groups from ldap trusted forest are not retrieved.

Expected results:
CloudForms Management Engine is expected to first collect all of the user’s groups from the primary LDAP directory. Then it is expected to collect any additional groups that the user is a member of from all of the configured forests.

Additional info:
section 3.1.4.2.6 in https://access.redhat.com/webassets/avalon/d/Red_Hat_CloudForms-4.0-General_Configuration-en-US/Red_Hat_CloudForms-4.0-General_Configuration-en-US.pdf describes how to add trusted forests and expected results in cfme.

Comment 12 Chris Pelland 2017-08-28 14:46:40 UTC

This bug has been open for more than a year and is assigned to an older release of CloudForms. 
If you would like to keep this Bugzilla open and if the issue is still present in the latest version of the product, please file a new Bugzilla which will be added and assigned to the latest release of CloudForms.

Note You need to log in before you can comment on or make changes to this bug.