Description of problem: I am logged in as "rhqadmin" and when deleting a role which is linked to an LDAP group, I'm getting the following error: You do not have permission to remove selected role(s). The following is logged in rhq-server-log4j.log file: ... WARN [org.hibernate.util.JDBCExceptionReporter] SQL Error: 2292, SQLState: 23000 WARN [org.hibernate.util.JDBCExceptionReporter] SQL Error: 2292, SQLState: 23000 ERROR [org.hibernate.util.JDBCExceptionReporter] ORA-02292: integrity constraint (JONDBUSR.SYS_C0013011) violated - child record found ERROR [org.hibernate.event.def.AbstractFlushingEventListener] Could not synchronize database state with session org.hibernate.exception.ConstraintViolationException: Could not execute JDBC batch update Version-Release number of selected component (if applicable): JON 2.4.1 How reproducible: always Steps to Reproduce: 1. In the LDAP server, create a group and a user belonging to this group 2. setup JON to use LDAP authentication, and add the needed group filter to find said group. 3. In JON, create a role, and assign the LDAP group to it 4. Login with the user, and register in JON as normal. 5. You can now see an entry in RHQ_SUBJECT_ROLE_LDAP_MAP 6. Delete the role now Actual results: Step 6 fails with above error + Exception Expected results: That the role is deleted Additional info: workaround is: Start with removing the LDAP group(s) from the role you wish to delete. Now use this SQL to find the role id: SELECT * FROM rhq_role_ldap_group WHERE ldap_group_name LIKE 'the group you want'; Next delete from the join table, where (for example) 12345 is the role_id you got from the aboev select: DELETE FROM RHQ_SUBJECT_ROLE_LDAP_MAP WHERE role_id=12345; Lastly remove the role as normal An alternative solution is to delete all the users belonging to this role; followed by normally removing the role.
This is fixed with commit 0753aae5cab0 to master. For some reason hibernate was not loading the external LDAP Groups correctly. Fix was to explicitly load the lazy references before updating on a remove. Moving this to ON_QA.
Verified in latest master build#827 (Version: 4.3.0-SNAPSHOT Build Number: 0753aae) Followed the steps and verified that the role which is linked to an LDAP group is deleted successfully. No errors are observed in server log. marking as verified.
<removing erroneous comment> Putting this bug back to VERIFIED since its only been fixed in master currently
Bulk close of old bugs in VERIFIED state.