Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
When navigating to Administer > User Groups, selecting a group, checking a user and pressing the Submit button we get a message saying that something went wrong on the GUI. Checking the production.log file under /var/log/foreman we get the following error:
2016-12-13 16:22:05 [app] [I] Completed 500 Internal Server Error in 43ms
2016-12-13 16:22:05 [app] [F]
| AbstractController::DoubleRenderError (Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return".):
| app/controllers/application_controller.rb:295:in `generic_exception'
| lib/middleware/catch_json_parse_errors.rb:9:in `call'
Version-Release number of selected component (if applicable):
[root@r2-infr-rhsat foreman]# cat /opt/theforeman/tfm/root/usr/share/gems/gems/foreman_theme_satellite*/lib/foreman_theme_satellite/version.rb
module ForemanThemeSatellite
VERSION = "0.1.28"
#this file indicates the satellite version that will be represented on the login page.
SATELLITE_VERSION = "Satellite 6.2.2"
#this file indicates the satellite version that will be uesd on links to documentation.
SATELLITE_SHORT_VERSION = "6.2"
end
How reproducible:
Consistently see the error.
Steps to Reproduce:
1. Select the Administer menu option
2. Select the User Groups menu option
3. Select the group
4. Check the user you want to add to the group. The user is an LDAP user that was added automatically from IDM.
5. Press Submit
ERROR:
We're sorry, but something went wrong.
If you are the application owner check the logs for more information.
Actual results:
We're sorry, but something went wrong.
If you are the application owner check the logs for more information.
Expected results:
No Error
Additional info:
Any questions please contact Lester Claudio (claudiol) 719-331-0726
Thanks!
Lester
Hello Lester,
Could you please provide the full error message from production.log with logging set to debug level?
Comment 6Daniel Lobato Garcia
2017-01-17 09:18:24 UTC
Lester,
It looks like you have one or more LDAP authentication sources. In of these sources, the username and password for FreeIPA is wrong, therefore when you submit the User group with external usergroups it fails, notice this in your logs:
| LdapFluff::Generic::UnauthenticatedException: Could not bind to FreeIPA user admin
Now, I don't know how your FreeIPA setup looks like, but the username in the Foreman authentication source should be the full DN, like:
"uid=foreman,cn=users,cn=accounts,dc=example,dc=com"
I realize this is a bit confusing taking into account that in Active Directory it's "DOMAIN\/Administator".
Please make sure the FreeIPA LDAP source credentials are set up correctly, and resubmit the usergroup. I believe it will work after taht.
I will nonetheless keep the issue open if you don't mind, as it's certainly not acceptable to handle the error like this, it should show in the UI whats going on.
Comment 7Daniel Lobato Garcia
2017-01-17 09:32:17 UTC
Build: Satellite 6.3.0 snap30
When provided invalid creds Error was thrown
Unable to save
Could not refresh external usergroups: LdapFluff::Generic::UnauthenticatedException - Could not bind to FreeIPA user foreman - The authentication source of your external user groups could not connect to LDAP with the provided credentials. Please verify the credentials are still valid.
When Valid creds:
I am able to add the LDAP Auth, tested with AD and IDM
I was able to create usergroup and associate external usergroup from auth sources.
The users in the user group from auth sources successfully inherited the permissions from the user group
I was able to refresh the external groups.
No error or traceback was seen
Comment 17Satellite Program
2018-02-21 16:54:37 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> >
> > For information on the advisory, and where to find the updated files, follow the link below.
> >
> > If the solution does not work for you, open a new bug report.
> >
> > https://access.redhat.com/errata/RHSA-2018:0336