+++ This bug was initially created as a clone of Bug #865523 +++ Created attachment 625584 [details] katello/production.log Description of problem: When switching between local database and ldap user modes the katello webUI sometimes does not return failed login error. The loading GIF spins and then stops. No new page is loaded. Version-Release number of selected component (if applicable): 1.1 [root@localhost katello]# rpm -qa |grep katello katello-glue-pulp-1.1.12-12.el6cf.noarch katello-certs-tools-1.1.8-1.el6cf.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-cli-common-1.1.8-6.el6cf.noarch katello-selinux-1.1.1-1.el6cf.noarch katello-qpid-broker-key-pair-1.0-1.noarch katello-common-1.1.12-12.el6cf.noarch katello-1.1.12-12.el6cf.noarch katello-qpid-client-key-pair-1.0-1.noarch katello-configure-1.1.9-6.el6cf.noarch katello-all-1.1.12-12.el6cf.noarch katello-cli-1.1.8-6.el6cf.noarch katello-glue-candlepin-1.1.12-12.el6cf.noarch How reproducible: Several times Steps to Reproduce: 1. run `katello-configure` with default settings (local database users) 2. update /etc/ldap_fluff.yml and /etc/katello/katello.yml for ldap server 3. `katello-service restart` 4. run `katello-configure` again with new username 5. login fails Actual results: no error message displayed Expected results: Display login failure Additional info: --- Additional comment from RHEL Product and Program Management on 2012-10-11 12:54:23 EDT --- Since this issue was entered in bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. --- Additional comment from James Laska on 2012-10-15 14:33:16 EDT --- Based on comment#0, my impression is that attempts to login with valid credentials are failing. There appears to be a traceback in the attached production.log (not clear whether that's related). I'm not aware of a reasonable workaround at the moment. This leads me to think that being unable to login to is rather serious. I've set severity=urgent. Feel free comment if I've assessed the severity incorrectly. --- Additional comment from Mike McCune on 2012-10-17 11:13:07 EDT --- Jordan will comment in this BZ as to why it is a medium and 2.0 and there is a workaround --- Additional comment from Jordan OMara on 2012-10-17 11:18:11 EDT --- This bug is specifically caused by creating a user (logging in for the first time) in LDAP mode, switching Katello to database mode and then trying to log in. The server throws an error because the user actually doesn't HAVE a password, not just that it doesn't match. Users are created with no passwords in LDAP mode. This is bad because we don't correctly catch / display that error and instead just spin infinitely Despite how bad it is, it requires a very specific set of steps to reproduce and I don't think this will be along any normal use case. You can also work around it by manually setting a password for the users in question in the DB. --- Additional comment from James Laska on 2012-10-17 11:31:11 EDT --- (In reply to comment #4) > Despite how bad it is, it requires a very specific set of steps to reproduce > and I don't think this will be along any normal use case. Thanks for the feedback Jordan. Are the steps to reproduce the normal recommended procedure for enabling LDAP in katello? > 1. run `katello-configure` with default settings (local database users) > 2. update /etc/ldap_fluff.yml and /etc/katello/katello.yml for ldap server > 3. `katello-service restart` > 4. run `katello-configure` again with new username > 5. login fails What I'm wondering is whether the steps to reproduce are the correct procedure for enabling LDAP support in katello. If so, it seems the frequency of users hitting this problem would be high. --- Additional comment from James Laska on 2012-10-18 10:39:45 EDT --- I appear to be seeing this while debugging other LDAP related login issues. No matter how many times I attempt to login with valid credentials, the result is the same. The login spinner appears, then goes away. No error (or success) notification is displayed. After <shift> reloading the login page, I was immediately able to login.
Closing in favor of CFSE duplicate issue