Bug 1417134 - Usergroup Sync Using Wrong Base DN
Summary: Usergroup Sync Using Wrong Base DN
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Users & Roles
Version: 6.2.2
Hardware: x86_64
OS: Linux
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Ivan Necas
Depends On: 1387383
TreeView+ depends on / blocked
Reported: 2017-01-27 09:40 UTC by pm-sat@redhat.com
Modified: 2019-04-01 20:27 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1387383
Last Closed: 2018-02-21 16:51:07 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github https://github.com/theforeman ldap_fluff pull 55 0 None None None 2017-01-27 09:40:29 UTC

Comment 2 Ivan Necas 2017-08-30 09:05:52 UTC
Verification version: Satellite 6.3 Snap 13

Verification steps:

1. enable ldap debug level logging in /etc/foreman/settings.yaml

    :enabled: true
    :level: debug

2. configure POSIX ldap authentication, set group_base_dn to base=ou=groups,dc=example,dc=com 

3. log in as the ldap user, watching the logs about what base was used:

2017-08-30 05:00:42 a5fa6925 [ldap] [D]   op bind (10.8ms)  [ result=success ]
2017-08-30 05:00:42 a5fa6925 [ldap] [D]   authenticate (39.9ms)  [ user=test1 ]
2017-08-30 05:00:42 a5fa6925 [ldap] [D]   op bind (11.1ms)  [ result=success ]
2017-08-30 05:00:42 a5fa6925 [ldap] [D]   op search (16.8ms)  [ filter=, base= ]
2017-08-30 05:00:42 a5fa6925 [ldap] [D]   op search (15.1ms)  [ filter=(memberuid=test1), base=ou=groups,dc=example,dc=com ]
2017-08-30 05:00:42 a5fa6925 [ldap] [D]   group_list (45.2ms)  [ user=test1 ]

Comment 3 pm-sat@redhat.com 2018-02-21 16:51:07 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> For information on the advisory, and where to find the updated files, follow the link below.
> If the solution does not work for you, open a new bug report.
> https://access.redhat.com/errata/RHSA-2018:0336

Note You need to log in before you can comment on or make changes to this bug.