Description of problem: "Test Connection" fails after adding LDAP Auth source related to IDM or AD. Version-Release number of selected component (if applicable): Sat6.3.0 snap16.0 How reproducible: Hit "Test Connection" after adding LDAP Auth Source Steps to Reproduce: 1. Add an LDAP Auth Source, ( IPA or AD ) 2. Hit, "Test Connection" 3. Actual results: "Test Connection" fails. Expected results: "Test Connection" works. Additional info:
We see the below message while we hit the "Test Connection". 2017-09-18 13:07:12 ec526c4c [app] [I] Current user: admin (administrator) 2017-09-18 13:07:12 ec526c4c [app] [W] Failed to connect to LDAP server | Foreman::WrappedException: ERF50-1006 [Foreman::WrappedException]: Unable to connect to LDAP server ([LdapFluff::Config::ConfigError]: unknown configuration keys: use_netgroups) | /usr/share/foreman/app/models/auth_sources/auth_source_ldap.rb:156:in `rescue in test_connection' | /usr/share/foreman/app/models/auth_sources/auth_source_ldap.rb:149:in `test_connection' | /usr/share/foreman/app/controllers/auth_source_ldaps_controller.rb:44:in `test_connection' | /opt/rh/rh-ror42/root/usr/share/gems/gems/actionpack-4.2.6/lib/action_controller/metal/implicit_render.rb:4:in `send_action' | /opt/rh/rh-ror42/root/usr/share/gems/gems/actionpack-4.2.6/lib/abstract_controller/base.rb:198:in `process_action' | /opt/rh/rh-ror42/root/usr/share/gems/gems/actionpack-4.2.6/lib/action_controller/metal/rendering.rb:10:in `process_action' | /opt/rh/rh-ror42/root/usr/share/gems/gems/actionpack-4.2.6/lib/abstract_controller/callbacks.rb:20:in `block in process_action' Also, I see a new option as mentioned below, I wonder if this change was planned for Sat6.3? Use netgroups Use NIS netgroups instead of posix groups.
Created attachment 1327563 [details] Unable to Add LDAP Auth Source We see the attached traceback, while hitting the "Test Connection" button from the UI.
Kedar, could you please: rpm -qa | grep ldap_fluff I wonder what the version is. It seems like only the foreman side of netgroups support was merged, without the corresponding update in ldap_fluff.
*** Bug 1493031 has been marked as a duplicate of this bug. ***
In the linked bz it was reported we ship 0.4.6, I added needinfo in 1293538 which introduced the change but didn't pull new version of ldap_fluff (0.4.7 is needed).
also, trying to create the auth source using cli/api results in 500 - 'resource has no error'
Marek, this just requires the new ldap_fluff or another change as well?
~]# rpm -qav | grep -i ldap_fluff tfm-rubygem-ldap_fluff-0.4.6-1.el7sat.noarch From the setup of Sat6.3.0-snap16
Yes, it seems just updating ldap_fluff to 0.4.7 is enough. I think this can be closed since it will be addressed by BZ 1293538 but if you want to keep this open for later verification that's fine too. Re-linking the issue that was removed in comment 7 by accident.
Yeah , I think we should track this bug independently of the above bug mentioned. Just to ensure, the "Basic LDAP authentication" functionality is working fine. The above bug, would track mostly the RFE related to "Netgroup LDAP authentication".
Tested this for both IPA and AD LDAP auth source. Test Connection works for both IPA and AD LDAP Auth Source successfully. NOTE: Though "Test Connection" works for both AD and IPA LDAP auth source, we are currently unable to add AD LDAP auth source in this snap. VERIFIED with Sat6.3.0-snap17.0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336