Bug 1492835 - Test connection fails to work while creating ldap auth source
Summary: Test connection fails to work while creating ldap auth source
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: LDAP
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: Daniel Lobato Garcia
QA Contact: Kedar Bidarkar
URL:
Whiteboard:
: 1493031 (view as bug list)
Depends On: 1293538
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-18 17:30 UTC by Kedar Bidarkar
Modified: 2019-09-26 14:37 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 17:06:40 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Unable to Add LDAP Auth Source (15.19 KB, text/plain)
2017-09-18 17:45 UTC, Kedar Bidarkar
no flags Details

Description Kedar Bidarkar 2017-09-18 17:30:59 UTC
Description of problem:

"Test Connection" fails after adding LDAP Auth source related to IDM or AD.

Version-Release number of selected component (if applicable):

Sat6.3.0 snap16.0


How reproducible:

Hit "Test Connection" after adding LDAP Auth Source

Steps to Reproduce:
1. Add an LDAP Auth Source, ( IPA or AD )
2. Hit, "Test Connection"
3.

Actual results:
"Test Connection" fails.


Expected results:
"Test Connection" works.

Additional info:

Comment 1 Kedar Bidarkar 2017-09-18 17:36:06 UTC
We see the below message while we hit the "Test Connection".

2017-09-18 13:07:12 ec526c4c [app] [I] Current user: admin (administrator)
2017-09-18 13:07:12 ec526c4c [app] [W] Failed to connect to LDAP server
 | Foreman::WrappedException: ERF50-1006 [Foreman::WrappedException]: Unable to connect to LDAP server ([LdapFluff::Config::ConfigError]: unknown configuration keys: use_netgroups)
 | /usr/share/foreman/app/models/auth_sources/auth_source_ldap.rb:156:in `rescue in test_connection'
 | /usr/share/foreman/app/models/auth_sources/auth_source_ldap.rb:149:in `test_connection'
 | /usr/share/foreman/app/controllers/auth_source_ldaps_controller.rb:44:in `test_connection'
 | /opt/rh/rh-ror42/root/usr/share/gems/gems/actionpack-4.2.6/lib/action_controller/metal/implicit_render.rb:4:in `send_action'
 | /opt/rh/rh-ror42/root/usr/share/gems/gems/actionpack-4.2.6/lib/abstract_controller/base.rb:198:in `process_action'
 | /opt/rh/rh-ror42/root/usr/share/gems/gems/actionpack-4.2.6/lib/action_controller/metal/rendering.rb:10:in `process_action'
 | /opt/rh/rh-ror42/root/usr/share/gems/gems/actionpack-4.2.6/lib/abstract_controller/callbacks.rb:20:in `block in process_action'


Also, I see a new option as mentioned below, I wonder if this change was planned for Sat6.3?

Use netgroups
Use NIS netgroups instead of posix groups.

Comment 3 Kedar Bidarkar 2017-09-18 17:45:58 UTC
Created attachment 1327563 [details]
Unable to Add LDAP Auth Source

We see the attached traceback, while hitting the "Test Connection" button from the UI.

Comment 4 Tomas Strachota 2017-09-19 10:06:40 UTC
Kedar, could you please:
rpm -qa | grep ldap_fluff

I wonder what the version is. It seems like only the foreman side of netgroups support was merged, without the corresponding update in ldap_fluff.

Comment 5 Marek Hulan 2017-09-19 10:42:34 UTC
*** Bug 1493031 has been marked as a duplicate of this bug. ***

Comment 6 Marek Hulan 2017-09-19 10:53:21 UTC
In the linked bz it was reported we ship 0.4.6, I added needinfo in 1293538 which introduced the change but didn't pull new version of ldap_fluff (0.4.7 is needed).

Comment 7 Roman Plevka 2017-09-19 11:33:27 UTC
also, trying to create the auth source using cli/api results in 500 - 'resource has no error'

Comment 8 Bryan Kearney 2017-09-19 12:06:46 UTC
Marek, this just requires the new ldap_fluff or another change as well?

Comment 9 Kedar Bidarkar 2017-09-19 18:56:28 UTC
~]# rpm -qav | grep -i ldap_fluff
tfm-rubygem-ldap_fluff-0.4.6-1.el7sat.noarch

From the setup of Sat6.3.0-snap16

Comment 10 Marek Hulan 2017-09-20 10:23:25 UTC
Yes, it seems just updating ldap_fluff to 0.4.7 is enough. I think this can be closed since it will be addressed by BZ 1293538 but if you want to keep this open for later verification that's fine too. Re-linking the issue that was removed in comment 7 by accident.

Comment 12 Kedar Bidarkar 2017-09-22 10:55:02 UTC
Yeah , I think we should track this bug independently of the above bug mentioned.

Just to ensure, the "Basic LDAP authentication" functionality is working fine.

The above bug, would track mostly the RFE related to "Netgroup LDAP authentication".

Comment 16 Kedar Bidarkar 2017-09-28 19:08:09 UTC
Tested this for both IPA and AD LDAP auth source.

Test Connection works for both IPA and AD LDAP Auth Source successfully.

NOTE: Though "Test Connection" works for both AD and IPA LDAP auth source, we are currently unable to add AD LDAP auth source in this snap.

VERIFIED with Sat6.3.0-snap17.0

Comment 17 Bryan Kearney 2018-02-21 17:06:40 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336


Note You need to log in before you can comment on or make changes to this bug.