Created attachment 751907 [details] webui login error Description of problem: Unable to log in webui and cli after katello-configure in free_ipa mode Version-Release number of selected component (if applicable): * candlepin-0.8.7-1.el6_4.noarch * candlepin-scl-1-5.el6_4.noarch * candlepin-scl-quartz-2.1.5-5.el6_4.noarch * candlepin-scl-rhino-1.7R3-1.el6_4.noarch * candlepin-scl-runtime-1-5.el6_4.noarch * candlepin-selinux-0.8.7-1.el6_4.noarch * candlepin-tomcat6-0.8.7-1.el6_4.noarch * elasticsearch-0.19.9-8.el6sat.noarch * foreman-1.1.10002-29.noarch * foreman-postgresql-1.1.10002-29.noarch * katello-1.4.2-6.el6sat.noarch * katello-all-1.4.2-6.el6sat.noarch * katello-certs-tools-1.4.2-2.el6sat.noarch * katello-cli-1.4.2-5.el6sat.noarch * katello-cli-common-1.4.2-5.el6sat.noarch * katello-common-1.4.2-6.el6sat.noarch * katello-configure-1.4.3-9.el6sat.noarch * katello-configure-foreman-1.4.3-9.el6sat.noarch * katello-foreman-all-1.4.2-6.el6sat.noarch * katello-glue-candlepin-1.4.2-6.el6sat.noarch * katello-glue-elasticsearch-1.4.2-6.el6sat.noarch * katello-glue-pulp-1.4.2-6.el6sat.noarch * katello-selinux-1.4.3-3.el6sat.noarch * pulp-rpm-plugins-2.1.1-1.el6sat.noarch * pulp-selinux-2.1.1-1.el6sat.noarch * pulp-server-2.1.1-1.el6sat.noarch How reproducible: Always Steps to Reproduce: 1. Install Satellite 6 2. Run katello-configure command in free_ipa mode mode katello-configure --user-name=$user --user-email=$email --ldap-server=$server --auth-method=ldap --ldap-port=389 --ldap-server-type='free_ipa' --ldap-users-basedn=$usersbasedn --ldap-group-basedn=$groupsbasedn --ldap-roles=true --ldap-anon-queries=false --ldap-service-user=$user --ldap-service-pass=$pass --ldap-encryption=start_tls 3. Attempt to login to webui and cli Actual results: Not able to login to webui and cli. 1. Webui error (also see attached screenshot) /var/log/signo/production.log: [FATAL 2013-05-22 15:39:28 app #19792] | TypeError (can't convert Symbol into Integer): | app/models/backends/ldap.rb:21:in `do_auth' | app/models/backends/ldap.rb:8:in `authenticate' | app/models/backends/base.rb:14:in `block in authenticate' | app/models/backends/base.rb:4:in `each' | app/models/backends/base.rb:4:in `any?' | app/models/backends/base.rb:4:in `authenticate' | app/models/user.rb:15:in `authenticate' | app/controllers/login_controller.rb:23:in `login' 2. cli error: # katello -u $user -p $pass org list undefined method `empty?' for false:FalseClass (also see /var/log/katello/production.log attached) Expected results: Successful log in using webui and cli Additional info:
Created attachment 751908 [details] production.log for cli log in failure
The same error is observed in testing ldap in posix server mode katello-configure command: # katello-configure --user-name=*** --ldap-server=*** --auth-method=ldap --ldap-port=389 --ldap-server-type='posix' --ldap-users-basedn=*** --ldap-group-basedn=*** --ldap-encryption=start_tls --ldap-anon-queries=true For now I am tracking this issue in this same bug. If needed, I can create a separate Bugzilla issue in future.
The problem is (for the 1. part at least), that during katello-configure a string was used instead of symbol. As a workaround you may specify :start_tls instead of start_tls however I'll modify ldap_fluff to accept string as valid option as well.
*** Bug 963329 has been marked as a duplicate of this bug. ***
1. part is fixed in ldap_fluff 0.2.0, commit https://github.com/Katello/ldap_fluff/commit/dbd99bb81cae5ab4946ea7b698c629d79af08c3d 2. part is related to ldap_fluff, we need recent version of net-ldap gem, I built it in koji. For a new ldap_fluff some changes in katello and katello-installer are required, they are in https://github.com/Katello/katello/pull/2396 and https://github.com/Katello/katello-installer/pull/27 When these PR are merged I'll build and release ldap_fluff in koji and will put related revisions from katello third party here.
Mass move to ON_QA
Verified in revision: candlepin-0.8.9-1.el6_4.noarch candlepin-cert-consumer-cfseserver2.usersys.redhat.com-1.0-1.noarch candlepin-scl-1-5.el6_4.noarch candlepin-scl-quartz-2.1.5-5.el6_4.noarch candlepin-scl-rhino-1.7R3-1.el6_4.noarch candlepin-scl-runtime-1-5.el6_4.noarch candlepin-selinux-0.8.9-1.el6_4.noarch candlepin-tomcat6-0.8.9-1.el6_4.noarch elasticsearch-0.19.9-8.el6sat.noarch katello-1.4.2-10.el6sat.noarch katello-agent-1.4.2-4.el6sat.noarch katello-all-1.4.2-10.el6sat.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-certs-tools-1.4.2-2.el6sat.noarch katello-cli-1.4.2-7.el6sat.noarch katello-cli-common-1.4.2-7.el6sat.noarch katello-common-1.4.2-10.el6sat.noarch katello-configure-1.4.3-14.el6sat.noarch katello-configure-foreman-1.4.3-14.el6sat.noarch katello-foreman-all-1.4.2-10.el6sat.noarch katello-glue-candlepin-1.4.2-10.el6sat.noarch katello-glue-elasticsearch-1.4.2-10.el6sat.noarch katello-glue-pulp-1.4.2-10.el6sat.noarch katello-qpid-broker-key-pair-1.0-1.noarch katello-qpid-client-key-pair-1.0-1.noarch katello-selinux-1.4.3-3.el6sat.noarch m2crypto-0.21.1.pulp-8.el6sat.x86_64 mod_wsgi-3.4-1.pulp.el6sat.x86_64 pulp-rpm-handlers-2.1.1-1.el6sat.noarch pulp-rpm-plugins-2.1.1-1.el6sat.noarch pulp-selinux-2.1.1-1.el6sat.noarch pulp-server-2.1.1-1.el6sat.noarch python-isodate-0.5.0-1.pulp.el6sat.noarch python-oauth2-1.5.170-3.pulp.el6sat.noarch python-pulp-agent-lib-2.1.1-1.el6sat.noarch python-pulp-common-2.1.1-1.el6sat.noarch python-pulp-rpm-common-2.1.1-1.el6sat.noarch python-qpid-0.18-5.el6_4.noarch python-rhsm-1.8.0-1.pulp.el6sat.x86_64 qpid-cpp-client-0.14-22.el6_3.x86_64 qpid-cpp-client-ssl-0.14-22.el6_3.x86_64 qpid-cpp-server-0.14-22.el6_3.x86_64 qpid-cpp-server-ssl-0.14-22.el6_3.x86_64 ruby193-rubygem-foreman-katello-engine-0.0.8-5.el6sat.noarch ruby193-rubygem-katello-foreman-engine-0.0.3-4.el6sat.noarch ruby193-rubygem-katello_api-0.0.3-2.el6_4.noarch ruby193-rubygem-ldap_fluff-0.2.2-1.el6sat.noarch signo-katello-0.0.16-1.el6sat.noarch Now it is able to login and execute commands.
mass move to CLOSED:CURRENTRELEASE since MDP1 has been released.