Hide Forgot
Description of problem: invalid authentication log message for the user without any valid groups is logged in evm.log and audit.log. This is observed when non default (Database) authentication modes are configured for cfme (e.g. miq_ldap, external_auth ipa, saml) Version-Release number of selected component (if applicable): 5.7.0.9-beta2.1.20161101182054_eb0afaa How reproducible: always. Steps to Reproduce: 1. configure cfme for miq ldap/external_auth ipa/saml 2. create a user 'noldapgroupuser' and do not assign any group to that user. 3. try to login to cfme as 'noldapgroupuser' and valid password. 4. monitor evm.log and audit.logs, observe that authentication successful for userid log message is displayed. which is not correct. Success: MIQ(Authenticator.authenticate) userid: [noldapgroupuser] - Authentication successful for user uid=noldapgroupuser Actual results: authentication successful for userid log message displayed in evm.log and audit.log, which is not correct. Expected results: Incorrect log messages needs to be removed from logging.
*** Bug 1456873 has been marked as a duplicate of this bug. ***
Please confirm if this is still an issue. I suspect it very likely has been addressed by improvements in this since it had been initially reported over a year ago.
I would say it's been addressed, at least in 5.9.0.20 it looks like this: [----] I, [2018-02-12T14:36:57.740886 #28778:1131c5c] INFO -- : MIQ(MiqLdap#bind) Binding to LDAP: Host: [10.16.4.75], User: [test-user7.bos.redhat.com]... [----] I, [2018-02-12T14:36:58.006972 #28778:1131c5c] INFO -- : MIQ(MiqLdap#bind) Binding to LDAP: Host: [10.16.4.75], User: [test-user7.bos.redhat.com]... successful [----] I, [2018-02-12T14:36:58.012558 #28778:1131c5c] INFO -- : <AuditSuccess> MIQ(Base.authenticate) userid: [test-user7] - User test-user7.bos.redhat.com successfully validated by LDAP [----] W, [2018-02-12T14:36:58.019264 #28778:1131c5c] WARN -- : <AuditFailure> MIQ(Base.authenticate) userid: [test-user7] - User test-user7.bos.redhat.com authenticated but not defined in EVM [----] W, [2018-02-12T14:36:58.019417 #28778:1131c5c] WARN -- : MIQ(Authenticator::Ldap#authenticate) User authenticated but not defined in EVM, please contact your EVM administrator
(In reply to Matt Pusateri from comment #5) > I would say it's been addressed, at least in 5.9.0.20 it looks like this: > > [----] I, [2018-02-12T14:36:57.740886 #28778:1131c5c] INFO -- : > MIQ(MiqLdap#bind) Binding to LDAP: Host: [10.16.4.75], User: > [test-user7.bos.redhat.com]... > [----] I, [2018-02-12T14:36:58.006972 #28778:1131c5c] INFO -- : > MIQ(MiqLdap#bind) Binding to LDAP: Host: [10.16.4.75], User: > [test-user7.bos.redhat.com]... successful > [----] I, [2018-02-12T14:36:58.012558 #28778:1131c5c] INFO -- : > <AuditSuccess> MIQ(Base.authenticate) userid: [test-user7] - User > test-user7.bos.redhat.com successfully validated by LDAP > [----] W, [2018-02-12T14:36:58.019264 #28778:1131c5c] WARN -- : > <AuditFailure> MIQ(Base.authenticate) userid: [test-user7] - User > test-user7.bos.redhat.com authenticated but not defined in EVM > [----] W, [2018-02-12T14:36:58.019417 #28778:1131c5c] WARN -- : > MIQ(Authenticator::Ldap#authenticate) User authenticated but not defined in > EVM, please contact your EVM administrator Thank you Matt. I'll marked this as CLOSED / WORKSFORME Please reopen if you feel it should not be closed. Thank you! JoeV