Bug 996535 - Adding user from IPA with many groups return error but user is added successfully to system.
Adding user from IPA with many groups return error but user is added successf...
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine (Show other bugs)
Unspecified Unspecified
unspecified Severity medium
: ---
: 3.4.0
Assigned To: Nobody's working on this, feel free to take it
: Triaged
Depends On:
  Show dependency treegraph
Reported: 2013-08-13 07:37 EDT by Ondra Machacek
Modified: 2016-02-10 14:16 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-08-26 08:19:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ondra Machacek 2013-08-13 07:37:15 EDT
Description of problem:
When adding user which has many of groups assigned, action fails and user is added to system. (tested on IPA with user who has ~96groups)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Add user with many groups to rhevm.

Actual results:
Error while executing action: A Request to the Server failed with the following Status Code: 500

Expected results:
Added successfully and don't return any error.

Additional info:

2013-08-13 13:32:13,598 INFO  [org.ovirt.engine.core.bll.AddUserCommand] (pool-5-thread-49) [24ae529b] Running command: AddUserCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-123456789aaa Type: System
2013-08-13 13:32:13,647 INFO  [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (pool-5-thread-49) [24ae529b] Correlation ID: 24ae529b, Call Stack: null, Custom Event ID: -1, Message: User 'vdcalladmin@BRQ-IPA.RHEV.LAB.ENG.BRQ.REDHAT.COM' was added successfully to the system.
Comment 1 Yair Zaslavsky 2013-08-13 21:52:30 EDT
manage-domains does not try to perform group population (i.e - calculate the groups of the added user), therefore a user with any number of groups (even way more than 96) will be successfully added to the system.

Engine however has to take into consideration the groups, and checks group membership (as it may change).
Please attach the full engine.log to this bug.
Comment 2 Yair Zaslavsky 2013-08-13 21:54:03 EDT
Suggesting this to 3.4 as part of authentication + user/group information retrieval  rewrite effort.
Comment 3 Ondra Machacek 2013-08-26 08:19:15 EDT
Did not repruduce on is11, closing as current release.

Note You need to log in before you can comment on or make changes to this bug.