Bug 820626 - Hide password and email creation fields at user creation time if LDAP auth is enabled in CFSE
Hide password and email creation fields at user creation time if LDAP auth is...
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Content Management (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: Unspecified
: --
Assigned To: Jordan OMara
Og Maciel
: FutureFeature, Triaged
Depends On: 819002 858358
  Show dependency treegraph
Reported: 2012-05-10 10:09 EDT by Eric Sammons
Modified: 2014-11-09 17:56 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Enabled LDAP authentication in System Engine, disables the password and email creation fields. This feature was implemented to prevent confusion from LDAP users who authenticate to the LDAP server.
Story Points: ---
Clone Of: 819002
Last Closed: 2012-12-04 14:45:30 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eric Sammons 2012-05-10 10:09:56 EDT
+++ This bug was initially created as a clone of Bug #819002 +++

Description of problem:
When warden is set to ldap the New User option should not be visible as local users are not supported.  When a new user is created via the New User option from a LDAP configured instance that user will be unable to login due to the warden value being set to ldap.

Version-Release number of selected component (if applicable):

Steps to Reproduce:
1. Configure SAM (Katello) with auth type ldap.
2. Login with an administrative user
3. Navigate to the Administrator / Users tab
4. Note the New User option is available
5. Create new user
6. logout
7. Attempt to login with new user
Actual results:
Unable to login

Expected results:
Either support multiple wardens, r/w access to the ldap to create new users, or disable the new user link when warden is ldap.

--- Additional comment from jomara@redhat.com on 2012-05-07 15:07:06 EDT ---

The new user option is still valid under LDAP. Adding a user w/ a valid LDAP username allows you to set additional roles for that user. 

It might be worthwhile to remove the ability to set a password for the user, since that password would never get used in LDAP mode

--- Additional comment from jomara@redhat.com on 2012-05-08 17:10:26 EDT ---

Changing to RFE to disallow password setting on new user creation in LDAP auth mode
Comment 1 Mike McCune 2012-05-10 15:14:18 EDT
Moving this to severity High:

"Severity Two issues are defined as high-impact issues. The customer's operation is disrupted, but there is some capacity to produce. "
Comment 4 Ivan Necas 2012-09-13 14:48:24 EDT
https://bugzilla.redhat.com/show_bug.cgi?id=819002#c4 says:

merged https://github.com/Katello/katello/pull/213/

Admins are no longer prompted for email/password when creating LDAP users

However, if for some reason they disable LDAP mode after install (I'm not sure if this is supported or not) those users will not be able to login until a password is set by an admin
Comment 6 Og Maciel 2012-09-28 12:20:33 EDT
Verified using:

* candlepin-0.7.8-1.el6cf.noarch
* candlepin-selinux-0.7.8-1.el6cf.noarch
* candlepin-tomcat6-0.7.8-1.el6cf.noarch
* katello-1.1.12-9.el6cf.noarch
* katello-all-1.1.12-9.el6cf.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.1.8-1.el6cf.noarch
* katello-cli-1.1.8-5.el6cf.noarch
* katello-cli-common-1.1.8-5.el6cf.noarch
* katello-common-1.1.12-9.el6cf.noarch
* katello-configure-1.1.9-4.el6cf.noarch
* katello-glue-candlepin-1.1.12-9.el6cf.noarch
* katello-glue-pulp-1.1.12-9.el6cf.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.1.1-1.el6cf.noarch
* pulp-1.1.12-1.el6cf.noarch
* pulp-common-1.1.12-1.el6cf.noarch
* pulp-selinux-server-1.1.12-1.el6cf.noarch
Comment 8 errata-xmlrpc 2012-12-04 14:45:30 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

Comment 9 Mike McCune 2013-08-16 14:15:32 EDT
getting rid of 6.0.0 version since that doesn't exist

Note You need to log in before you can comment on or make changes to this bug.