Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1516684 - Unable to refresh/submit user groups with linked external group used for Ldap auth
Summary: Unable to refresh/submit user groups with linked external group used for Ldap...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: LDAP
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: Unspecified
Assignee: Marek Hulan
QA Contact: Sanket Jagtap
URL:
Whiteboard:
: 1526757 (view as bug list)
Depends On:
Blocks: 1404507
TreeView+ depends on / blocked
 
Reported: 2017-11-23 09:34 UTC by Sanket Jagtap
Modified: 2019-09-26 17:28 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-21 16:54:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Whole traceback from UI on refresh (16.90 KB, text/plain)
2017-11-23 09:34 UTC, Sanket Jagtap 		no flags Details
Whole traceback from UI on submit (241.02 KB, text/plain)
2017-11-23 09:36 UTC, Sanket Jagtap 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 11153 0 Low Closed Traceback when LDAP authentication password is incorrect 2020-04-01 10:12:10 UTC
Github /theforeman/foreman/commit/60b7b98d42b905084acd63515c823ac965b608 0 None None None 2020-04-01 10:12:09 UTC
Red Hat Bugzilla 1526757 1 None None None 2021-01-20 06:05:38 UTC

Internal Links: 1526757

Description Sanket Jagtap 2017-11-23 09:34:46 UTC 
Created attachment 1358088 [details]
Whole traceback from UI on refresh

Description of problem:


Version-Release number of selected component (if applicable):
Build : Satellite 6.3.0 snap 25

How reproducible:
Always

Steps to Reproduce:
1. Add a external Auth source. Here I added a IDM 
2. Create a Usergroup
3. Associate the external group from LDAP to the create user group
4. Try and hit refresh for the external linked user group


Actual results:
1 )Traceback for refresh
Oops, we're sorry but something went wrong Missing template external_usergroups/refresh, application/refresh with {:locale=>[:en], :formats=>[:html], :variants=>[], :handlers=>[:erb, :builder, :raw, :ruby, :rabl]}. Searched in: * "/usr/share/foreman/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_openscap-0.7.10/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_remote_execution-1.3.7/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_theme_satellite-1.0.4.12/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/redhat_access-2.0.12/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_virt_who_configure-0.1.8/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_bootdisk-9.0.0/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_discovery-9.1.5/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.4.5.27/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/bastion-5.1.1/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_docker-3.1.0/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-0.9.6/app/views" * "/opt/theforeman/tfm/root/usr/share/gems/gems/apipie-rails-0.5.4/app/views"

2) Traceback on submitting the usergroup
Oops, we're sorry but something went wrong stack level too deep

Expected results:
The user group should be refreshed successfully

Additional info:
I am unable to configure user group with LDAP external groups
Also , a regression from 6.2
Comment 2 Sanket Jagtap 2017-11-23 09:36:14 UTC 
Created attachment 1358089 [details]
Whole traceback from UI on submit
Comment 3 Daniel Lobato Garcia 2017-11-23 13:28:48 UTC 
Could you provide more details about the structure of the LDAP user group you're trying to add? Does it work with other auth sources? If I'm not wrong this was working on other snaps, so I'd like to be able to reproduce to fix it asap.

Thanks Sanket!
Comment 4 Sanket Jagtap 2017-11-23 14:14:19 UTC 
I tried with both AD and IDM. Both got me same traceback on refresh. I can provide you the reproducer.

 I am not sure, when this was broken.
Comment 7 Satellite Program 2017-12-13 13:09:31 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/11153 has been resolved.
Comment 8 Sanket Jagtap 2017-12-18 07:16:31 UTC 
Build: Satellite 6.3.0 snap 29

I was unable to create a Usergroup with external group , when clicked on Submit i get a Traceback

PFA,
Comment 10 Sanket Jagtap 2017-12-18 07:36:50 UTC 
Comment https://bugzilla.redhat.com/show_bug.cgi?id=1516684#c8 happens when I add the IPA LDAP Auth source with some user other than admin.

When I try the same with admin user I am able to create Usergroup but when i refresh the linked external group I am still able to reproduce the Original error from https://bugzilla.redhat.com/show_bug.cgi?id=1516684#c0
PFA https://bugzilla.redhat.com/attachment.cgi?id=1358088
Comment 11 Marek Hulan 2017-12-19 18:06:50 UTC 
> Comment https://bugzilla.redhat.com/show_bug.cgi?id=1516684#c8 happens when I add the IPA LDAP Auth source with some user other than admin.

you're hitting separate issue, this was fixed it for updating existing auth source, creation was missed :-( I'll address this together with the proper fix

> When I try the same with admin user I am able to create Usergroup but when i
> refresh the linked external group I am still able to reproduce the Original error 
> from https://bugzilla.redhat.com/show_bug.cgi?id=1516684#c0

this was introduced by a different commit that was cherrypicked together, I've opened another PR upstream that will need to be cherrypicked, once the PR is merged - https://github.com/theforeman/foreman/pull/5102
Comment 12 Marek Hulan 2017-12-20 11:01:24 UTC 
Ready for another cherrypick, this time https://github.com/theforeman/foreman/commit/60b7b98d42b905084acd63515c823ac965b608a4 is needed
Comment 13 Sanket Jagtap 2017-12-27 06:47:16 UTC 
Build: Satellite 6.3.0 snap30 

I am able to add the LDAP Auth, tested with AD and IDM
I was able to create usergroup and associate external usergroup from auth sources.
The users in the user group from auth sources successfully inherited the permissions from the user group
I was able to refresh the external groups.
No error or traceback was seen
Comment 14 Nagoor Shaik 2017-12-27 11:29:49 UTC 
*** Bug 1526757 has been marked as a duplicate of this bug. ***
Comment 15 Satellite Program 2018-02-21 16:54:37 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.