Bug 970517 - LDAP user login fails with when user did not log in through UI previously
LDAP user login fails with when user did not log in through UI previously
Status: ON_QA
Product: RHQ Project
Classification: Other
Component: REST (Show other bugs)
4.8
Unspecified Unspecified
unspecified Severity high (vote)
: ---
: ---
Assigned To: Heiko W. Rupp
Mike Foley
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-04 04:41 EDT by Libor Zoubek
Modified: 2015-11-01 19:45 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
server.log (18.07 KB, text/plain)
2013-06-04 04:41 EDT, Libor Zoubek
no flags Details

  None (edit)
Description Libor Zoubek 2013-06-04 04:41:38 EDT
Created attachment 756658 [details]
server.log

Description of problem: I am not able to login through REST API as a LDAP user when this LDAP user did not yet logged in through UI => does not yet exist in rhq database. 

Version-Release number of selected component (if applicable):
RHQ 4.8-master

How reproducible:always


Steps to Reproduce:
1.have a LDAP user, not yet "imported" to RHQ
2.login to REST API

Actual results: you get server errror with UndeclaredThrowable


Expected results:user should be able to login


Additional info:
Comment 1 Heiko W. Rupp 2013-06-04 04:48:41 EDT
I understand this is the same restriction as for the CLI
Comment 3 Heiko W. Rupp 2013-06-04 09:03:21 EDT
master 764f68b5674 now prints a message for the LDAP user case:

/devel/ZwitscherA hrupp$ curl -i -u user:pass http://localhost:7080/rest/.json
HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Content-Type: application/json
Transfer-Encoding: chunked
Date: Tue, 04 Jun 2013 12:29:18 GMT

{"message":"User was authorized, but has no rights for the operation. If this is an LDAP user, the user needs to log in to the UI and complete registration."}

If the user is completely invalid we return a normal 401 response (actually the container does this for us)
Comment 4 Heiko W. Rupp 2013-07-17 08:51:37 EDT
We should open a new BZ that lists that restriction for CLI and REST.

Note You need to log in before you can comment on or make changes to this bug.