Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1404507 - Issue with Submit of User Group
Summary: Issue with Submit of User Group
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.2.2
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: Unspecified
Assignee: Daniel Lobato Garcia
QA Contact: Sanket Jagtap
URL: http://projects.theforeman.org/issues...
Whiteboard:
Depends On: 1516684
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-14 00:41 UTC by Lester Claudio
Modified: 2019-10-30 02:32 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 16:54:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 18103 0 Normal Closed Errors when submitting external user groups not displayed 2021-01-21 16:19:10 UTC

Description Lester Claudio 2016-12-14 00:41:55 UTC 
Description of problem:
When navigating to Administer > User Groups, selecting a group, checking a user and pressing the Submit button we get a message saying that something went wrong on the GUI.  Checking the production.log file under /var/log/foreman we get the following error:
2016-12-13 16:22:05 [app] [I] Completed 500 Internal Server Error in 43ms
2016-12-13 16:22:05 [app] [F]
 | AbstractController::DoubleRenderError (Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".):
 |   app/controllers/application_controller.rb:295:in `generic_exception'
 |   lib/middleware/catch_json_parse_errors.rb:9:in `call'


Version-Release number of selected component (if applicable):
[root@r2-infr-rhsat foreman]# cat /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_theme_satellite*/lib/foreman_theme_satellite/version.rb
module ForemanThemeSatellite
  VERSION = "0.1.28"
  #this file indicates the satellite version that will be represented on the login page.
  SATELLITE_VERSION = "Satellite 6.2.2"
  #this file indicates the satellite version that will be uesd on links to documentation.
  SATELLITE_SHORT_VERSION = "6.2"
end


How reproducible:
Consistently see the error.

Steps to Reproduce:
1. Select the Administer menu option
2. Select the User Groups menu option
3. Select the group
4. Check the user you want to add to the group.  The user is an LDAP user that was added automatically from IDM.
5. Press Submit

ERROR: 
We're sorry, but something went wrong.

If you are the application owner check the logs for more information.


Actual results:

We're sorry, but something went wrong.

If you are the application owner check the logs for more information.


Expected results:
No Error

Additional info:
Any questions please contact Lester Claudio (claudiol) 719-331-0726

Thanks!
Lester
Comment 3 Tomer Brisker 2016-12-20 12:53:25 UTC 
Hello Lester,
Could you please provide the full error message from production.log with logging set to debug level?
Comment 6 Daniel Lobato Garcia 2017-01-17 09:18:24 UTC 
Lester, 

It looks like you have one or more LDAP authentication sources. In of these  sources, the username and password for FreeIPA is wrong, therefore when you submit the User group with external usergroups it fails, notice this in your logs:

 | LdapFluff::Generic::UnauthenticatedException: Could not bind to FreeIPA user admin

Now, I don't know how your FreeIPA setup looks like, but the username in the Foreman authentication source should be the full DN, like:

 "uid=foreman,cn=users,cn=accounts,dc=example,dc=com"

I realize this is a bit confusing taking into account that in Active Directory it's "DOMAIN\/Administator".

Please make sure the FreeIPA LDAP source credentials are set up correctly, and resubmit the usergroup. I believe it will work after taht.

I will nonetheless keep the issue open if you don't mind, as it's certainly not acceptable to handle the error like this, it should show in the UI whats going on.
Comment 7 Daniel Lobato Garcia 2017-01-17 09:32:17 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/18103 from this bug
Comment 9 Satellite Program 2017-05-30 08:17:29 UTC 
Upstream bug assigned to dhlavacd
Comment 10 Satellite Program 2017-05-30 08:17:34 UTC 
Upstream bug assigned to dhlavacd
Comment 11 Satellite Program 2017-05-30 10:17:53 UTC 
Upstream bug assigned to dlobatog
Comment 12 Satellite Program 2017-05-30 10:17:58 UTC 
Upstream bug assigned to dlobatog
Comment 14 Satellite Program 2017-10-24 10:25:31 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/18103 has been resolved.
Comment 16 Sanket Jagtap 2017-12-27 07:12:49 UTC 
Build: Satellite 6.3.0 snap30


When provided invalid creds Error was thrown
Unable to save
Could not refresh external usergroups: LdapFluff::Generic::UnauthenticatedException - Could not bind to FreeIPA user foreman - The authentication source of your external user groups could not connect to LDAP with the provided credentials. Please verify the credentials are still valid.

When Valid creds:

I am able to add the LDAP Auth, tested with AD and IDM
I was able to create usergroup and associate external usergroup from auth sources.
The users in the user group from auth sources successfully inherited the permissions from the user group
I was able to refresh the external groups.
No error or traceback was seen
Comment 17 Satellite Program 2018-02-21 16:54:37 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.