Bug 738209 - LDAP: Failed to delete role when LDAP group is assigned to the role
Summary: LDAP: Failed to delete role when LDAP group is assigned to the role
Alias: None
Product: JBoss Operations Network
Classification: JBoss
Component: Security
Version: JON 3.0.0
Hardware: All
OS: All
Target Milestone: ---
: JON 3.1.0
Assignee: Larry O'Leary
QA Contact: Mike Foley
Depends On: 754693
Blocks: rhq42 808636 910832
TreeView+ depends on / blocked
Reported: 2011-09-14 10:37 UTC by Sunil Kondkar
Modified: 2018-11-27 20:06 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-03-14 15:06:29 UTC
Type: Bug

Attachments (Terms of Use)
ServerLog (34.79 KB, application/octet-stream)
2011-09-14 10:38 UTC, Sunil Kondkar
no flags Details

Description Sunil Kondkar 2011-09-14 10:37:54 UTC
Description of problem:

An LDAP user is a member of LDAP group. The LDAP group is assigned to the RHQ role. Logged in to RHQ as the ldap user. After logout and login as rhqadmin, tried to delete the role which gives the error "Failed to delete role" in UI and the server log displays errors. Please find attached the server log for more details.

Version-Release number of selected component (if applicable):
Build#394 (Version: 4.1.0-SNAPSHOT Build Number: 967a430)

LDAP configuration Details

Redhat Directory Server 8.2.0

URL-> ldap://
Username: cn=Directory manager
Search Base: dc=rajantest
Login Property: uid
Search Filter: objectclass=*

Group Search Filter: objectclass=groupofuniquenames
Group Member Filter: uniquemember

Users/Groups on Directory Server:

sunil1/Redhat123   member of group - testgroup3

How reproducible:

Steps to Reproduce:
1. Create a LDAP user in Redhat directory server (Ex: sunil1 )
2. Create a LDAP group in Redhat directory server (Ex: testgroup3)
3. Add the LDAP user to LDAP group.
4. Login to RHQ as rhqadmin and configure LDAP properties in 'Administration->System Settings->LDAP configuration properties.
5. Create a role (Ex: testrole ) in RHQ and assign the LDAP group (Ex: testgroup3) to the role.
6. Logout and login as LDAP user (Ex: sunil1/Redhat123 )to RHQ.
7. Register the user.
8. Logout
9. Login as rhqadmin to RHQ
10. Navigate to  'Administration->Roles
11. Select the role (Ex: testrole ) and click on 'Delete' button.
12. Click on 'Yes' button on the confirmation message.
Actual results:

The UI displays error "Failed to delete role".

Expected results:

The role should get deleted.

Additional info:

Deleted the LDAP user from Administration->Users and then tried to delete the role. The role was deleted successfully.

Comment 1 Sunil Kondkar 2011-09-14 10:38:29 UTC
Created attachment 523121 [details]

Comment 8 Larry O'Leary 2012-04-04 03:30:34 UTC
Committed to release/jon3.0.x branch
 [BZ 754693] ensure load of lazy references and update LDAP role relationship purge.
(cherry picked from commit 0753aae5cab0a3abd3997d093dad1d4866091619)

Comment 9 Larry O'Leary 2012-04-13 02:47:26 UTC
The commit mentioned in Comment 8 was for the 3.0.x branch. I have created Bug 812193 to track this against the 3.0.x branch in case there is a future release. 

The purpose of this bug is to verify this against JON 3.1.0. Leaving as MODIFIED until a 3.1.0 ER build is available.

Comment 11 Sunil Kondkar 2012-05-14 11:18:10 UTC
Verified on Version: 3.1.0.ER3 Build Number: ca099bc:3a46aff

Followed the steps and verified that the role linked to a LDAP group is deleted successfully without any error.
Verified on Redhat Directory Server 8.2.0 and Windows server 2003 active directory with and without SSL support.

Note You need to log in before you can comment on or make changes to this bug.