Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-3559

[RFE] Netgroup LDAP Authentication with Satellite 6.

XMLWordPrintable

    • False
    • False
    • 0
    • Undefined
    • None

      >> Description of problem:

      Netgroup LDAP Authentication with Satellite 6.

      Version-Release number of selected component (if applicable):

      >> How reproducible:

      A RHEL 7.1 installation with Satellite 6.1.1 configured to use external LDAP authentication (created using hammer)

      1. hammer auth-source ldap create --name LDAP1 --host ldap.example.org --server-type posix --tls yes --port 636 \
        --base-dn ou=People,ou=example,o=org,c=au --groups-base ou=netgroup,ou=example,o=org,c=au --attr-login uid

      The User Group can then be created and an External Group linked to it (also using hammer)...

      1. hammer user-group create --name Test
      2. hammer user-group external create --auth-source-id 3 --name test-netgroup --user-group Test

      >> Actual results:

      This returns a "500 Internal Server Error" - but checking in the Web UI the external group is displayed as linked correctly.
      Trying to then refresh the display to show the users in the LDAP netgroup does nothing - no users are found within the group.
      (Creating the user group and external linking via the Web UI returns NO errors - only via hammer do we get a clue something is wrong)

      In the foreman production.log we see the 500 error:

      2015-12-09 09:30:19 [I] Processing by Api::V2::ExternalUsergroupsController#create as JSON
      2015-12-09 09:30:19 [I] Parameters: {"external_usergroup"=>

      {"name"=>"test-netgroup", "auth_source_id"=>"3"}

      , "apiv"=>"2", "usergroup-id"=>"5"}
      2015-12-09 09:30:20 [W] Creating scope :completer_scope. Overwriting existing method Organization.completer_scope.
      2015-12-09 09:30:20 [I] Authorized user ggatward(Geoff Gatward)
      2015-12-09 09:30:20 [I] Rendered api/v2/external_usergroups/create.json.rabl (2.3ms)
      2015-12-09 09:30:20 [E] Group does not have any members (RuntimeError)
      /opt/rh/ruby193/root/usr/share/gems/gems/ldap_fluff-0.3.2/lib/ldap_fluff/generic.rb:47:in 'users_for_gid'
      /opt/rh/ruby193/root/usr/share/gems/gems/ldap_fluff-0.3.2/lib/ldap_fluff/ldap_fluff.rb:35:in 'user_list'
      /usr/share/foreman/app/models/auth_sources/auth_source_ldap.rb:107:in 'users_in_group'
      /usr/share/foreman/app/models/external_usergroup.rb:33:in 'users'
      ...
      ...
      2015-12-09 09:30:20 [I] Completed 500 Internal Server Error in 441ms
      2015-12-09 09:30:20 [F]

      If we do the same setup but use a posix group from LDAP instead, everything works as expected (no 500 error and users are resolved)

      >> Expected results:

      everything works as expected (no 500 error)

      Additional info:

              jira-bugzilla-migration RH Bugzilla Integration
              jira-bugzilla-migration RH Bugzilla Integration
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: