Bug 1603058 - AD authentication failing cross region.
Summary: AD authentication failing cross region.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Replication
Version: 5.9.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: GA
: 5.9.4
Assignee: Joe Vlcek
QA Contact: Mike Shriver
URL:
Whiteboard: auth:miqldap:ad
Depends On: 1594641
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-19 04:27 UTC by Satoe Imaishi
Modified: 2018-09-04 18:02 UTC (History)
10 users (show)

Fixed In Version: 5.9.4.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1594641
Environment:
Last Closed: 2018-09-04 18:01:40 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2561 None None None 2018-09-04 18:02:39 UTC
Red Hat Knowledge Base (Solution) 3525081 None None None 2018-07-19 04:27:48 UTC

Comment 2 CFME Bot 2018-07-19 13:20:48 UTC
New commit detected on ManageIQ/manageiq/gaprindashvili:

https://github.com/ManageIQ/manageiq/commit/5fa5d3c700ec00e2b96d45b5dc81f10f442abb68
commit 5fa5d3c700ec00e2b96d45b5dc81f10f442abb68
Author:     Alberto Bellotti <abellotti@users.noreply.github.com>
AuthorDate: Tue Jul 17 13:50:30 2018 -0400
Commit:     Alberto Bellotti <abellotti@users.noreply.github.com>
CommitDate: Tue Jul 17 13:50:30 2018 -0400

    Merge pull request #17690 from jvlcek/bz_1594641_ad_upn

    Force user_type to UPN when username is a UPN
    (cherry picked from commit c14bb2cd97ef584a70f34434245ec53c50b2418f)

    Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1603058

 lib/miq_ldap.rb | 22 +-
 spec/lib/miq_ldap_spec.rb | 61 +
 2 files changed, 77 insertions(+), 6 deletions(-)

Comment 5 Mike Shriver 2018-08-08 18:36:58 UTC
Tested in CFME 5.9.4.2.20180802030318_f91df08

I configured two CFME regions, with Appliance A as global, and Appliance B as remote replication partners.

I configured LDAP auth with an AD server and SAM Account Name user type, on both Appliance A and Appliance B.

I configured a catalog item and catalog to order through service requests.

This service order was successful while logged in as an AD SAM account user on both Appliance A and Appliance B, a cross-region service order as described in the original BZ comment.

Comment 7 errata-xmlrpc 2018-09-04 18:01:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2561


Note You need to log in before you can comment on or make changes to this bug.