Description of problem: Appropriate role to existing user in rhq is not assigned against which the ldap group is mapped. Version-Release number of selected component (if applicable): 3.0.0-SNAPSHOT How reproducible: Steps to Reproduce: 1. Login to RHQ as rhqadmin and create a user without assigning a role. (Ex: sameuser) 2. Create a similar user in ldap as in #1. (Ex: sameuser) 3. Add the user to an already existing ldap group (which is mapped to a certain role in RHQ. Ex: All resources role) 4. Login to RHQ as the user created in #1.(Ex: sameuser) 5. Check if the appropriate role is assigned against which the ldap group is mapped. Actual results: The user is able to login to rhq but he is not assigned the role against which the ldap group is mapped. Expected results: User should be able to login and the appropriate role should be assigned against which the ldap group is mapped. Additional info:
Mapping RHQ users (created in step1) to LDAP users (created in step 2) is not supported. If you create a user in RHQ then you manage its roles through RHQ. If you create a user in LDAP then you manage its groups in LDAP and the role/group mapping in RHQ. In your case if you were to delete the RHQ user created in step1, then we should attempt to authenticate and authorize against ldap and everything should work as expected
Please retest by removing the RHQ database user and checking the ldap user is logged in as appropriate
Verified against the master build#153. Removed the user from RHQ users list and logged in as the same user in rhq. Observed that user is assigned the appropriate role against which the ldap group is mapped. Please suggest if this test case (mapping existing rhq users to ldap users) could be considered as an enhancement in future?
Mass-closure of verified bugs against JON.