This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 892631 - When user log in to UserPortal(or UserLevelAPI) then user_name of this user is changed.
When user log in to UserPortal(or UserLevelAPI) then user_name of this user i...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 3.2.0
Assigned To: Ravi Nori
Ondra Machacek
infra
:
Depends On:
Blocks: 915537
  Show dependency treegraph
 
Reported: 2013-01-07 08:23 EST by Ondra Machacek
Modified: 2016-02-10 14:40 EST (History)
10 users (show)

See Also:
Fixed In Version: sf4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Backport upstream patch to RHEV 3.1 (1.33 KB, patch)
2013-02-05 19:30 EST, Ian Pilcher
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 10869 None None None Never

  None (edit)
Description Ondra Machacek 2013-01-07 08:23:08 EST
Description of problem:
When user log in to UserPortal(or UserLevelAPI) then user_name of this user is changed to it's previous name without domain.(user@domain => user)

Version-Release number of selected component (if applicable):
3.1.0-38.el6ev

How reproducible:
always

Steps to Reproduce:
1. Add user.
2. Give user login permissions.
3. Login as user.
  
Actual results:
User_name is changed after login.

Expected results:
User_name shouldn't be changed.

Additional info:

2013-01-07 14:15:21,314 INFO  [org.ovirt.engine.core.bll.RemoveUserCommand] (pool-4-thread-47) [581200e8] Running command: RemoveUserCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System
2013-01-07 14:15:37,955 INFO  [org.ovirt.engine.core.bll.AddUserCommand] (pool-4-thread-47) [494bb769] Running command: AddUserCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System
2013-01-07 14:16:01,675 INFO  [org.ovirt.engine.core.bll.AddPermissionCommand] (pool-4-thread-47) [205b515a] Running command: AddPermissionCommand internal: false. Entities affected :  ID: 5f88fda2-5d86-4010-a704-7fbcc3cf4137 Type: Storage
2013-01-07 14:16:20,653 INFO  [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-18) [39109076] Checking if user portaluser2 is an admin, result false
2013-01-07 14:16:20,654 INFO  [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/127.0.0.1:8702-18) [39109076] Running command: LoginUserCommand internal: false.

[BEFORE login]
<user>
<name>portaluser2</name>
<link .../> <domain .../>
<user_name>portaluser2@rhev.lab.eng.brq.redhat.com</user_name>
</user>

[AFTER login]
<user>
<name>portaluser2</name>
<link .../> <domain .../>
<user_name>portaluser2</user_name>
</user>
Comment 1 Ravi Nori 2013-01-10 10:17:08 EST
link : http://gerrit.ovirt.org/#/c/10869/

change id : I072f9aa8dc706533682b53d8b5a56e9b2dc09b82
Comment 4 Ian Pilcher 2013-02-05 19:30:10 EST
Created attachment 693596 [details]
Backport upstream patch to RHEV 3.1
Comment 5 Ian Pilcher 2013-02-05 20:50:16 EST
One thing to note is that my backported patch (and presumably the upstream patch) will cause the case of the domain portion of the username to change to lower case -- i.e. rhevadmin@EXAMPLE.COM becomes rhevadmin@example.com.

The use of upper case seems to be fairly traditional with Kerberos realms and Active Directory domains, so it seems like it might be a good idea to upper-case the domain (and possibly even "fix" any usernames that have somehow been lower-cased).  For example:

  private String getFullUserName(AdUser adUser) {
      String userName = adUser.getUserName();
      int i = userName.indexOf('@');
      if (i >= 0) {
          userName = userName.substring(0, i);
      }
      return userName + "@" + adUser.getDomainControler().toUpperCase();
  }
Comment 6 Ian Pilcher 2013-02-07 02:21:41 EST
(In reply to comment #5)
> One thing to note is that my backported patch (and presumably the upstream
> patch) will cause the case of the domain portion of the username to change
> to lower case -- i.e. rhevadmin@EXAMPLE.COM becomes rhevadmin@example.com.

After rebuilding with the patch from comment #4 and running for a while, I've noticed that *something* has upper-cased the domain portion of my usernames -- both in the database and as returned by the REST API.  So it doesn't look like any additional jiggery pokery is necessary on that front.
Comment 7 Itamar Heim 2013-06-11 05:49:11 EDT
3.2 has been released
Comment 8 Itamar Heim 2013-06-11 05:49:22 EDT
3.2 has been released
Comment 9 Itamar Heim 2013-06-11 05:57:36 EDT
3.2 has been released

Note You need to log in before you can comment on or make changes to this bug.