Description of problem:
An LDAP user is a member of LDAP group. The LDAP group is assigned to the RHQ role. Logged in to RHQ as the ldap user. After logout and login as rhqadmin, tried to delete the role which gives the error "Failed to delete role" in UI and the server log displays errors. Please find attached the server log for more details.
Version-Release number of selected component (if applicable):
Build#394 (Version: 4.1.0-SNAPSHOT Build Number: 967a430)
LDAP configuration Details
Redhat Directory Server 8.2.0
Username: cn=Directory manager
Search Base: dc=rajantest
Login Property: uid
Search Filter: objectclass=*
Group Search Filter: objectclass=groupofuniquenames
Group Member Filter: uniquemember
Users/Groups on Directory Server:
sunil1/Redhat123 member of group - testgroup3
Steps to Reproduce:
1. Create a LDAP user in Redhat directory server (Ex: sunil1 )
2. Create a LDAP group in Redhat directory server (Ex: testgroup3)
3. Add the LDAP user to LDAP group.
4. Login to RHQ as rhqadmin and configure LDAP properties in 'Administration->System Settings->LDAP configuration properties.
5. Create a role (Ex: testrole ) in RHQ and assign the LDAP group (Ex: testgroup3) to the role.
6. Logout and login as LDAP user (Ex: sunil1/Redhat123 )to RHQ.
7. Register the user.
9. Login as rhqadmin to RHQ
10. Navigate to 'Administration->Roles
11. Select the role (Ex: testrole ) and click on 'Delete' button.
12. Click on 'Yes' button on the confirmation message.
The UI displays error "Failed to delete role".
The role should get deleted.
Deleted the LDAP user from Administration->Users and then tried to delete the role. The role was deleted successfully.
Created attachment 523121 [details]
Committed to release/jon3.0.x branch
[BZ 754693] ensure load of lazy references and update LDAP role relationship purge.
(cherry picked from commit 0753aae5cab0a3abd3997d093dad1d4866091619)
The commit mentioned in Comment 8 was for the 3.0.x branch. I have created Bug 812193 to track this against the 3.0.x branch in case there is a future release.
The purpose of this bug is to verify this against JON 3.1.0. Leaving as MODIFIED until a 3.1.0 ER build is available.
Verified on Version: 3.1.0.ER3 Build Number: ca099bc:3a46aff
Followed the steps and verified that the role linked to a LDAP group is deleted successfully without any error.
Verified on Redhat Directory Server 8.2.0 and Windows server 2003 active directory with and without SSL support.