Bug 738209 - LDAP: Failed to delete role when LDAP group is assigned to the role
LDAP: Failed to delete role when LDAP group is assigned to the role
Product: JBoss Operations Network
Classification: JBoss
Component: Security (Show other bugs)
JON 3.0.0
All All
urgent Severity high
: ---
: JON 3.1.0
Assigned To: Larry O'Leary
Mike Foley
Depends On: 754693
Blocks: rhq42 808636 910832
  Show dependency treegraph
Reported: 2011-09-14 06:37 EDT by Sunil Kondkar
Modified: 2013-03-14 11:06 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-03-14 11:06:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
ServerLog (34.79 KB, application/octet-stream)
2011-09-14 06:38 EDT, Sunil Kondkar
no flags Details

  None (edit)
Description Sunil Kondkar 2011-09-14 06:37:54 EDT
Description of problem:

An LDAP user is a member of LDAP group. The LDAP group is assigned to the RHQ role. Logged in to RHQ as the ldap user. After logout and login as rhqadmin, tried to delete the role which gives the error "Failed to delete role" in UI and the server log displays errors. Please find attached the server log for more details.

Version-Release number of selected component (if applicable):
Build#394 (Version: 4.1.0-SNAPSHOT Build Number: 967a430)

LDAP configuration Details

Redhat Directory Server 8.2.0

URL-> ldap://
Username: cn=Directory manager
Search Base: dc=rajantest
Login Property: uid
Search Filter: objectclass=*

Group Search Filter: objectclass=groupofuniquenames
Group Member Filter: uniquemember

Users/Groups on Directory Server:

sunil1/Redhat123   member of group - testgroup3

How reproducible:

Steps to Reproduce:
1. Create a LDAP user in Redhat directory server (Ex: sunil1 )
2. Create a LDAP group in Redhat directory server (Ex: testgroup3)
3. Add the LDAP user to LDAP group.
4. Login to RHQ as rhqadmin and configure LDAP properties in 'Administration->System Settings->LDAP configuration properties.
5. Create a role (Ex: testrole ) in RHQ and assign the LDAP group (Ex: testgroup3) to the role.
6. Logout and login as LDAP user (Ex: sunil1/Redhat123 )to RHQ.
7. Register the user.
8. Logout
9. Login as rhqadmin to RHQ
10. Navigate to  'Administration->Roles
11. Select the role (Ex: testrole ) and click on 'Delete' button.
12. Click on 'Yes' button on the confirmation message.
Actual results:

The UI displays error "Failed to delete role".

Expected results:

The role should get deleted.

Additional info:

Deleted the LDAP user from Administration->Users and then tried to delete the role. The role was deleted successfully.
Comment 1 Sunil Kondkar 2011-09-14 06:38:29 EDT
Created attachment 523121 [details]
Comment 8 Larry O'Leary 2012-04-03 23:30:34 EDT
Committed to release/jon3.0.x branch
 [BZ 754693] ensure load of lazy references and update LDAP role relationship purge.
(cherry picked from commit 0753aae5cab0a3abd3997d093dad1d4866091619)
Comment 9 Larry O'Leary 2012-04-12 22:47:26 EDT
The commit mentioned in Comment 8 was for the 3.0.x branch. I have created Bug 812193 to track this against the 3.0.x branch in case there is a future release. 

The purpose of this bug is to verify this against JON 3.1.0. Leaving as MODIFIED until a 3.1.0 ER build is available.
Comment 11 Sunil Kondkar 2012-05-14 07:18:10 EDT
Verified on Version: 3.1.0.ER3 Build Number: ca099bc:3a46aff

Followed the steps and verified that the role linked to a LDAP group is deleted successfully without any error.
Verified on Redhat Directory Server 8.2.0 and Windows server 2003 active directory with and without SSL support.

Note You need to log in before you can comment on or make changes to this bug.