Description of problem: Unable to add AD LDAP Authentication Source WEBUI: Trying to add "AD LDAP Authentication Source" results in "no error". CLI: hammer -u admin -p changeme auth-source ldap create --account foobar --account-password Xyz@123 --attr-firstname givenName --attr-login sAMAccountName --attr-lastname sn --attr-mail mail --base-dn "cn=Users,dc=satqe,dc=redhat,dc=com" --groups-base "cn=foobargroup,dc=satqe,dc=redhat,dc=com" --onthefly-register true --name win10452 --organization-ids 1 --location-ids 2 --port 389 --server-type active_directory --tls false --usergroup-sync true --host 10.xx.yy.zz . Could not create the Auth Source: resource have no errors Version-Release number of selected component (if applicable): Sat6.3.0-snap17.0 How reproducible: when try to create only "AD LDAP Auth Source". Creating "IPA LDAP Auth Source" works fine. Trying to create "AD LDAP Auth Source" via the same hammer-cli command on a sat6.2 setup works. Steps to Reproduce: 1. 2. 3. Actual results: Fails to save the "AD LDAP Auth Source". production.log throws the below output, when run via WEBUI: 2017-09-28 14:11:00 4c241c2b [app] [I] Current user: admin (administrator) 2017-09-28 14:11:00 4c241c2b [app] [I] Failed to save: 2017-09-28 14:11:00 4c241c2b [app] [I] Rendered taxonomies/_loc_org_tabs.html.erb (9.7ms) 2017-09-28 14:11:00 4c241c2b [app] [I] Rendered auth_source_ldaps/_form.html.erb (28.2ms) 2017-09-28 14:11:00 4c241c2b [app] [I] Rendered auth_source_ldaps/new.html.erb (29.0ms) 2017-09-28 14:11:00 4c241c2b [app] [I] Completed 200 OK in 66ms (Views: 28.4ms | ActiveRecord: 5.9ms) production.log throws the below output, when run via CLI: 2017-09-28 15:27:14 e2915bdb [app] [I] Current user: foreman_admin (administrator) 2017-09-28 15:27:14 e2915bdb [app] [I] Authorized user admin(Admin User) 2017-09-28 15:27:14 e2915bdb [app] [I] Current user: admin (administrator) 2017-09-28 15:27:14 e2915bdb [app] [W] Action failed | RuntimeError: resource have no errors | /usr/share/foreman/app/controllers/api/base_controller.rb:124:in `process_resource_error' | /usr/share/foreman/app/controllers/api/base_controller.rb:144:in `process_response' | /usr/share/foreman/app/controllers/api/v2/auth_source_ldaps_controller.rb:60:in `create' Expected results: We should be able to save the "AD LDAP Auth Source". Additional info:
Created attachment 1332880 [details] Before hitting sumbit we don't see netgroup option upon selecting server-type
Created attachment 1332881 [details] After hitting sumbit and submit fails we do see netgroup option under account tab
So feel, "Unable to add AD LDAP Auth Source" could be related to the introduction of, "Use NIS netgroups instead of posix groups" under the Accounts Tab of "LDAP Auth Source" creation.
*** Bug 1497722 has been marked as a duplicate of this bug. ***
Created redmine issue http://projects.theforeman.org/issues/21175 from this bug
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/21175 has been resolved.
We can now add AD LDAP auth source successfully. VERIFIED with sat6.3.0-snap19.0 NOTE: But, now currently creation of AD Usergroup is broken.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336