Bug 961395 - ldap users cannot login to foreman
ldap users cannot login to foreman
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Infrastructure (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified (vote)
: Unspecified
: --
Assigned To: Marek Hulan
Og Maciel
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2013-05-09 10:29 EDT by Corey Welton
Modified: 2014-01-16 16:16 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-07-18 17:21:55 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Corey Welton 2013-05-09 10:29:53 EDT
Description of problem:

katello configured with ldap does not allow user to login to foreman portion of UI.
Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  install and katello-configure with the following options, where appropriate:

katello-configure --deployment=katello
                     --user-name=[your LDAP login]
                     --ldap-server=[hostname of your ldap server]
                     --ldap-port=[port of your ldap server, default=389]
                     --ldap-server-type=[free_ipa,active_directory,posix, default=posix]
                     --ldap_encryption=[start_tls, default=none]
                     --ldap-users-basedn=[base dn of users, eg ou=People,dc=company,dc=com]
                     --ldap-groups-basedn=[base dn of groups, eg ou=Groups,dc=company,dc=com. default = users basedn]
                     --ldap-anon-queries=[true if your FreeIPA or AD servers allow anonymous queries, default=false]
                     --ldap-service-user=[username of service user for free IPA & active directory. see below. default=empty]
                     --ldap-service-pass=[password of service user from above. default=empty]
                     --ldap-ad-domain=[domain for making AD queries. default=empty]
                     --ldap-roles=[Turns on mode 2 from above. default=false]                 

2.  Login to katello; assure everything functions as expected.
3.  Attempt to access foreman portion of UI; user may get a login screen, in which case, attempt to use ldap login
Actual results:
LDAP authed user cannot login nor access foreman UI

Expected results:
LDAP authed user can access foreman UI

Additional info:
Comment 2 Marek Hulan 2013-05-14 05:20:28 EDT
Possible fix is in https://github.com/Katello/katello-installer/pull/16
Comment 5 Sam Kottler 2013-05-23 19:41:16 EDT
Moving to ON_QA for drop 2.
Comment 6 Og Maciel 2013-06-02 17:35:56 EDT
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-cert-consumer-qeblade35.rhq.lab.eng.bos.redhat.com-1.0-1.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10002-44.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-postgresql-1.1.10002-44.noarch
* foreman-proxy-1.1.10002-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-8.f5ae2cd.el6sat.noarch
* katello-1.4.2-8.el6sat.noarch
* katello-all-1.4.2-8.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-6.el6sat.noarch
* katello-cli-common-1.4.2-6.el6sat.noarch
* katello-common-1.4.2-8.el6sat.noarch
* katello-configure-1.4.3-12.el6sat.noarch
* katello-configure-foreman-1.4.3-12.el6sat.noarch
* katello-foreman-all-1.4.2-8.el6sat.noarch
* katello-glue-candlepin-1.4.2-8.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-8.el6sat.noarch
* katello-glue-pulp-1.4.2-8.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.1-1.el6sat.noarch
* pulp-selinux-2.1.1-1.el6sat.noarch
* pulp-server-2.1.1-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.1.7-3.el6sat.noarch
* ruby193-rubygem-net-ldap-0.2.2-7.el6_4.noarch
* signo-0.0.15-1.el6sat.noarch
* signo-katello-0.0.15-1.el6sat.noarch
Comment 7 Mike McCune 2013-07-18 17:21:55 EDT
mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.
Comment 8 Mike McCune 2014-01-16 16:16:55 EST
removing signo component and moving these bugs to 'Infrastructure'

Note You need to log in before you can comment on or make changes to this bug.