Red Hat Bugzilla – Bug 534809
test LDAP integration
Last modified: 2008-06-19 06:03:00 EDT
we should test the LDAP integration - it hasn't been looked at in a while.
test misconfiguring the LDAP settings and make sure it doesn't blow up all our JAAS modules (I've seen a case where misconfiguring the port number in the LDAP configuration settings (put a quote in the number to force a number format exception) causes all our JAAS modules to fail to deploy and you couldn't log in as any user, including rhqadmin - very bad).
Testing this includes testing all the user-registration stuff for users defined only in LDAP
When the connection to ldap is not possible it is still possible to log in as the default admin.
re: the last comment about "still possible to log in as default rhqadmin". Just to be clear, this is to be expected. From http://support.rhq-project.org/display/RHQ/Design-LDAP+Integration:
"Irrespective of whether LDAP is selected for authentication, the credentials of the root user rhqadmin (and those of the built-in super-user, Overlord) are stored in the internal database."
Well, the reporter of that case stated:
" ... and you couldn't log in as any user, including rhqadmin - very bad " ...
Ah, right - that was due to the fact that the user entered an invalid LDAP server port number, which caused a NumberFormatException which in turn caused all of our JAAS modules to fail to deploy (including our JDBC login module).
Authenticating a user through ldap works. A user with a bad password is correctly rejected. The rejection message is not nice, but the functionality is there.
Using ssl gives
15:29:37,367 INFO [CustomJaasDeploymentService] Disabling JON LDAP JAAS Provider: localhost:636
javax.naming.CommunicationException: localhost:636 [Root exception is java.lang.ClassNotFoundException: No ClassLoaders found for: net.hyperic.util.security.UntrustedSSLSocketFactory]
But even after supplying the packages, there are still issues, that I am looking in.
Fixed in r547.
The remaining issue was an issue with the SSL cert on the openldap side and no RHQ issue.
Code level fixes - already in 1.0
This bug was previously known as http://jira.rhq-project.org/browse/RHQ-156