Bug 534809 - (RHQ-156) test LDAP integration
test LDAP integration
Product: RHQ Project
Classification: Other
Component: No Component (Show other bugs)
All All
high Severity medium (vote)
: ---
: ---
Assigned To: Heiko W. Rupp
Heiko W. Rupp
: Task
Depends On:
  Show dependency treegraph
Reported: 2008-03-19 10:16 EDT by John Mazzitelli
Modified: 2008-06-19 06:03 EDT (History)
0 users

See Also:
Fixed In Version: 1.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Mazzitelli 2008-03-19 10:16:00 EDT
we should test the LDAP integration - it hasn't been looked at in a while.

test misconfiguring the LDAP settings and make sure it doesn't blow up all our JAAS modules (I've seen a case where misconfiguring the port number in the LDAP configuration settings (put a quote in the number to force a number format exception) causes all our JAAS modules to fail to deploy and you couldn't log in as any user, including rhqadmin - very bad).
Comment 1 Charles Crouch 2008-04-02 12:23:00 EDT
Testing this includes testing all the user-registration stuff for users defined only in LDAP
Comment 2 Heiko W. Rupp 2008-04-07 07:56:24 EDT
When the connection to ldap is not possible it is still possible to log in as the default admin.
Comment 3 John Mazzitelli 2008-04-07 08:20:34 EDT
re: the last comment about "still possible to log in as default rhqadmin".  Just to be clear, this is to be expected.  From http://support.rhq-project.org/display/RHQ/Design-LDAP+Integration:

"Irrespective of whether LDAP is selected for authentication, the credentials of the root user rhqadmin (and those of the built-in super-user, Overlord) are stored in the internal database."
Comment 4 Heiko W. Rupp 2008-04-07 08:28:53 EDT
Well, the reporter of that case stated:
" ... and you couldn't log in as any user, including rhqadmin - very bad "  ...

Comment 5 John Mazzitelli 2008-04-07 08:46:09 EDT
Ah, right - that was due to the fact that the user entered an invalid LDAP server port number, which caused a NumberFormatException which in turn caused all of our JAAS modules to fail to deploy (including our JDBC login module).
Comment 6 Heiko W. Rupp 2008-04-07 09:24:15 EDT
Authenticating a user through ldap works. A user with a bad password is correctly rejected. The rejection message is not nice, but the functionality is there.
Comment 7 Heiko W. Rupp 2008-04-07 10:13:25 EDT
Using ssl gives
15:29:37,367 INFO  [CustomJaasDeploymentService] Disabling JON LDAP JAAS Provider: localhost:636
javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.ClassNotFoundException: No ClassLoaders found for: net.hyperic.util.security.UntrustedSSLSocketFactory]

But even after supplying the packages, there are still issues, that I am looking in.

Comment 8 Heiko W. Rupp 2008-04-07 11:45:05 EDT
Fixed in r547.
The remaining issue was an issue with the SSL cert on the openldap side and no RHQ issue.
Comment 9 Heiko W. Rupp 2008-06-19 06:00:13 EDT
Code level fixes - already in 1.0
Comment 10 Red Hat Bugzilla 2009-11-10 15:35:50 EST
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-156

Note You need to log in before you can comment on or make changes to this bug.