Description of problem: An LDAP user is a member of LDAP group. The LDAP group is assigned to the RHQ role. Logged in to RHQ as the ldap user. After logout and login as rhqadmin, tried to delete the role which gives the error "Failed to delete role" in UI and the server log displays errors. Please find attached the server log for more details. Version-Release number of selected component (if applicable): Build#394 (Version: 4.1.0-SNAPSHOT Build Number: 967a430) LDAP configuration Details Redhat Directory Server 8.2.0 URL-> ldap://10.65.201.169:1389 Username: cn=Directory manager Search Base: dc=rajantest Login Property: uid Password=Redhat123 Search Filter: objectclass=* Group Search Filter: objectclass=groupofuniquenames Group Member Filter: uniquemember Users/Groups on Directory Server: sunil1/Redhat123 member of group - testgroup3 How reproducible: Always Steps to Reproduce: 1. Create a LDAP user in Redhat directory server (Ex: sunil1 ) 2. Create a LDAP group in Redhat directory server (Ex: testgroup3) 3. Add the LDAP user to LDAP group. 4. Login to RHQ as rhqadmin and configure LDAP properties in 'Administration->System Settings->LDAP configuration properties. 5. Create a role (Ex: testrole ) in RHQ and assign the LDAP group (Ex: testgroup3) to the role. 6. Logout and login as LDAP user (Ex: sunil1/Redhat123 )to RHQ. 7. Register the user. 8. Logout 9. Login as rhqadmin to RHQ 10. Navigate to 'Administration->Roles 11. Select the role (Ex: testrole ) and click on 'Delete' button. 12. Click on 'Yes' button on the confirmation message. Actual results: The UI displays error "Failed to delete role". Expected results: The role should get deleted. Additional info: Deleted the LDAP user from Administration->Users and then tried to delete the role. The role was deleted successfully.
Created attachment 523121 [details] ServerLog
Committed to release/jon3.0.x branch http://git.fedorahosted.org/git/?p=rhq/rhq.git;a=commit;h=73e4ad95242efe4451204294584ffb01aac797f2 [BZ 754693] ensure load of lazy references and update LDAP role relationship purge. (cherry picked from commit 0753aae5cab0a3abd3997d093dad1d4866091619)
The commit mentioned in Comment 8 was for the 3.0.x branch. I have created Bug 812193 to track this against the 3.0.x branch in case there is a future release. The purpose of this bug is to verify this against JON 3.1.0. Leaving as MODIFIED until a 3.1.0 ER build is available.
Verified on Version: 3.1.0.ER3 Build Number: ca099bc:3a46aff Followed the steps and verified that the role linked to a LDAP group is deleted successfully without any error. Verified on Redhat Directory Server 8.2.0 and Windows server 2003 active directory with and without SSL support.