Bug 994557 - DS stops to work after disabled or expired user try to login.
DS stops to work after disabled or expired user try to login.
Status: CLOSED DUPLICATE of bug 994604
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ---
: 3.3.0
Assigned To: Ravi Nori
: Regression, Triaged
Depends On:
  Show dependency treegraph
Reported: 2013-08-07 09:49 EDT by Ondra Machacek
Modified: 2016-02-10 14:43 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-08 11:10:18 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ondra Machacek 2013-08-07 09:49:13 EDT
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add disabled/expired user UserVmManager role on cluster.
2. Try to login to UserPortal. - Denied
3. Try to add new user to rhevm from same domain as disabled/expired user is.

Actual results:
Domain don't respond

Expected results:
Domain respond

Additional info:
Login/logout don't help.
service ovirt-engine restart solve it, then domain work correctly.

engine logs:
2013-08-07 15:46:08,535 INFO  [org.ovirt.engine.core.bll.AddPermissionCommand] (pool-5-thread-7) [30d4cb02] Running command: AddPermissionCommand internal: false. Entities affected :  ID: 99408929-82cf-4dc7-a532-9d998063fa95 Type: VdsGroups
2013-08-07 15:46:08,873 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (pool-5-thread-7) [30d4cb02] Correlation ID: 30d4cb02, Call Stack: null, Custom Event ID: -1, Message: User/Group disabled@rhev.lab.eng.brq.redhat.com was granted permission for Role UserRole on Cluster Default, by admin@internal.
2013-08-07 15:46:21,493 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp-/ Correlation ID: null, Call Stack: null, Custom Event ID: -1, Message: User disabled@RHEV.LAB.ENG.BRQ.REDHAT.COM cannot login, as it got disabled or locked. Please contact the system administrator.
2013-08-07 15:46:21,493 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp-/ Kerberos error: Clients credentials have been revoked (18)
2013-08-07 15:46:21,493 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp-/ Authentication failed. The user is either locked or disabled
2013-08-07 15:46:21,501 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp-/ Failed ldap search server LDAP://dc-01.rhev.lab.eng.brq.redhat.com:389 using user disabled@RHEV.LAB.ENG.BRQ.REDHAT.COM due to Authentication failed. The user is either locked or disabled. We should not try the next server
2013-08-07 15:46:21,501 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (ajp-/ Failed authenticating user: disabled to domain rhev.lab.eng.brq.redhat.com. Ldap Query Type is getUserByName
2013-08-07 15:46:21,502 ERROR [org.ovirt.engine.core.bll.adbroker.LdapAuthenticateUserCommand] (ajp-/ Authentication failed. The user is either locked or disabled
2013-08-07 15:46:21,502 ERROR [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/ USER_FAILED_TO_AUTHENTICATE_ACCOUNT_IS_LOCKED_OR_DISABLED : disabled
2013-08-07 15:46:21,504 WARN  [org.ovirt.engine.core.bll.LoginUserCommand] (ajp-/ CanDoAction of action LoginUser failed. Reasons:USER_FAILED_TO_AUTHENTICATE_ACCOUNT_IS_LOCKED_OR_DISABLED
2013-08-07 15:46:51,593 INFO  [org.ovirt.engine.core.WelcomeServlet] (ajp-/ Detected Locale: en-US
Comment 2 Ondra Machacek 2013-08-08 07:21:30 EDT
It also stops to work when active/correct user tries to login with incorrect password, or when tries to login with nonexistent user.
Comment 3 Ravi Nori 2013-08-08 11:10:18 EDT

*** This bug has been marked as a duplicate of bug 994604 ***

Note You need to log in before you can comment on or make changes to this bug.