Bug 961395 – ldap users cannot login to foreman

Bug 961395 - ldap users cannot login to foreman

Summary:	ldap users cannot login to foreman

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Satellite 6
Classification:	Red Hat
Component:	Infrastructure (Show other bugs)
Sub Component:
Version:	Nightly
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified (vote)
Target Milestone:	Unspecified
Target Release:	--
Assigned To:	Marek Hulan
QA Contact:	Og Maciel
Docs Contact:

URL:
Whiteboard:
Keywords:	Triaged

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2013-05-09 10:29 EDT by Corey Welton
Modified:	2014-01-16 16:16 EST (History)
CC List:	4 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2013-07-18 17:21:55 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Corey Welton 2013-05-09 10:29:53 EDT

Description of problem:

katello configured with ldap does not allow user to login to foreman portion of UI.
 
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.  install and katello-configure with the following options, where appropriate:

katello-configure --deployment=katello
                     --auth-method=ldap
                     --user-name=[your LDAP login]
                     --ldap-server=[hostname of your ldap server]
                     --ldap-port=[port of your ldap server, default=389]
                     --ldap-server-type=[free_ipa,active_directory,posix, default=posix]
                     --ldap_encryption=[start_tls, default=none]
                     --ldap-users-basedn=[base dn of users, eg ou=People,dc=company,dc=com]
                     --ldap-groups-basedn=[base dn of groups, eg ou=Groups,dc=company,dc=com. default = users basedn]
                     --ldap-anon-queries=[true if your FreeIPA or AD servers allow anonymous queries, default=false]
                     --ldap-service-user=[username of service user for free IPA & active directory. see below. default=empty]
                     --ldap-service-pass=[password of service user from above. default=empty]
                     --ldap-ad-domain=[domain for making AD queries. default=empty]
                     --ldap-roles=[Turns on mode 2 from above. default=false]                 


2.  Login to katello; assure everything functions as expected.
3.  Attempt to access foreman portion of UI; user may get a login screen, in which case, attempt to use ldap login
  
Actual results:
LDAP authed user cannot login nor access foreman UI

Expected results:
LDAP authed user can access foreman UI

Additional info:

Comment 2 Marek Hulan 2013-05-14 05:20:28 EDT

Possible fix is in https://github.com/Katello/katello-installer/pull/16

Comment 3 Marek Hulan 2013-05-15 08:31:20 EDT

Merged in https://github.com/Katello/katello-installer/commit/0f2005e90f5f59fc4d34360dd025541faa5a0671

Comment 5 Sam Kottler 2013-05-23 19:41:16 EDT

Moving to ON_QA for drop 2.

Comment 6 Og Maciel 2013-06-02 17:35:56 EDT

Verified:
* apr-util-ldap-1.3.9-3.el6_0.1.x86_64
* candlepin-0.8.9-1.el6_4.noarch
* candlepin-cert-consumer-qeblade35.rhq.lab.eng.bos.redhat.com-1.0-1.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.9-1.el6_4.noarch
* candlepin-tomcat6-0.8.9-1.el6_4.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* foreman-1.1.10002-44.noarch
* foreman-installer-puppet-concat-0-2.d776701.git.0.21ef926.el6sat.noarch
* foreman-installer-puppet-dhcp-0-5.3a4a13c.el6sat.noarch
* foreman-installer-puppet-dns-0-7.fcae203.el6sat.noarch
* foreman-installer-puppet-foreman-0-6.568c5c4.el6sat.noarch
* foreman-installer-puppet-foreman_proxy-0-8.bd1e35d.el6sat.noarch
* foreman-installer-puppet-puppet-0-3.ab46748.el6sat.noarch
* foreman-installer-puppet-tftp-0-5.ea6c5e5.el6sat.noarch
* foreman-installer-puppet-xinetd-0-50a267b8.git.0.44aca6a.el6sat.noarch
* foreman-postgresql-1.1.10002-44.noarch
* foreman-proxy-1.1.10002-1.el6sat.noarch
* foreman-proxy-installer-1.0.1-8.f5ae2cd.el6sat.noarch
* katello-1.4.2-8.el6sat.noarch
* katello-all-1.4.2-8.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.2-6.el6sat.noarch
* katello-cli-common-1.4.2-6.el6sat.noarch
* katello-common-1.4.2-8.el6sat.noarch
* katello-configure-1.4.3-12.el6sat.noarch
* katello-configure-foreman-1.4.3-12.el6sat.noarch
* katello-foreman-all-1.4.2-8.el6sat.noarch
* katello-glue-candlepin-1.4.2-8.el6sat.noarch
* katello-glue-elasticsearch-1.4.2-8.el6sat.noarch
* katello-glue-pulp-1.4.2-8.el6sat.noarch
* katello-qpid-broker-key-pair-1.0-1.noarch
* katello-qpid-client-key-pair-1.0-1.noarch
* katello-selinux-1.4.3-3.el6sat.noarch
* openldap-2.4.23-31.el6.x86_64
* pulp-rpm-plugins-2.1.1-1.el6sat.noarch
* pulp-selinux-2.1.1-1.el6sat.noarch
* pulp-server-2.1.1-1.el6sat.noarch
* python-ldap-2.3.10-1.el6.x86_64
* ruby193-rubygem-ldap_fluff-0.1.7-3.el6sat.noarch
* ruby193-rubygem-net-ldap-0.2.2-7.el6_4.noarch
* signo-0.0.15-1.el6sat.noarch
* signo-katello-0.0.15-1.el6sat.noarch

Comment 7 Mike McCune 2013-07-18 17:21:55 EDT

mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.

Comment 8 Mike McCune 2014-01-16 16:16:55 EST

removing signo component and moving these bugs to 'Infrastructure'

Note You need to log in before you can comment on or make changes to this bug.