Hide Forgot
Description of problem: When navigating to Administer > User Groups, selecting a group, checking a user and pressing the Submit button we get a message saying that something went wrong on the GUI. Checking the production.log file under /var/log/foreman we get the following error: 2016-12-13 16:22:05 [app] [I] Completed 500 Internal Server Error in 43ms 2016-12-13 16:22:05 [app] [F] | AbstractController::DoubleRenderError (Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".): | app/controllers/application_controller.rb:295:in `generic_exception' | lib/middleware/catch_json_parse_errors.rb:9:in `call' Version-Release number of selected component (if applicable): [root@r2-infr-rhsat foreman]# cat /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_theme_satellite*/lib/foreman_theme_satellite/version.rb module ForemanThemeSatellite VERSION = "0.1.28" #this file indicates the satellite version that will be represented on the login page. SATELLITE_VERSION = "Satellite 6.2.2" #this file indicates the satellite version that will be uesd on links to documentation. SATELLITE_SHORT_VERSION = "6.2" end How reproducible: Consistently see the error. Steps to Reproduce: 1. Select the Administer menu option 2. Select the User Groups menu option 3. Select the group 4. Check the user you want to add to the group. The user is an LDAP user that was added automatically from IDM. 5. Press Submit ERROR: We're sorry, but something went wrong. If you are the application owner check the logs for more information. Actual results: We're sorry, but something went wrong. If you are the application owner check the logs for more information. Expected results: No Error Additional info: Any questions please contact Lester Claudio (claudiol) 719-331-0726 Thanks! Lester
Hello Lester, Could you please provide the full error message from production.log with logging set to debug level?
Lester, It looks like you have one or more LDAP authentication sources. In of these sources, the username and password for FreeIPA is wrong, therefore when you submit the User group with external usergroups it fails, notice this in your logs: | LdapFluff::Generic::UnauthenticatedException: Could not bind to FreeIPA user admin Now, I don't know how your FreeIPA setup looks like, but the username in the Foreman authentication source should be the full DN, like: "uid=foreman,cn=users,cn=accounts,dc=example,dc=com" I realize this is a bit confusing taking into account that in Active Directory it's "DOMAIN\/Administator". Please make sure the FreeIPA LDAP source credentials are set up correctly, and resubmit the usergroup. I believe it will work after taht. I will nonetheless keep the issue open if you don't mind, as it's certainly not acceptable to handle the error like this, it should show in the UI whats going on.
Connecting redmine issue http://projects.theforeman.org/issues/18103 from this bug
Upstream bug assigned to dhlavacd
Upstream bug assigned to dlobatog
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/18103 has been resolved.
Build: Satellite 6.3.0 snap30 When provided invalid creds Error was thrown Unable to save Could not refresh external usergroups: LdapFluff::Generic::UnauthenticatedException - Could not bind to FreeIPA user foreman - The authentication source of your external user groups could not connect to LDAP with the provided credentials. Please verify the credentials are still valid. When Valid creds: I am able to add the LDAP Auth, tested with AD and IDM I was able to create usergroup and associate external usergroup from auth sources. The users in the user group from auth sources successfully inherited the permissions from the user group I was able to refresh the external groups. No error or traceback was seen
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. > > > > For information on the advisory, and where to find the updated files, follow the link below. > > > > If the solution does not work for you, open a new bug report. > > > > https://access.redhat.com/errata/RHSA-2018:0336