Project

General

Profile

Actions
Copy link

Bug #21300

closed

LDAP Authentication doesn't work for Foreman 1.16 RC1

Added by Al Man over 6 years ago. Updated almost 6 years ago.

Status:
Duplicate
Priority:
High
Assignee:
-
Category:
-
Target version:
1.16.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
1.16.0
Red Hat JIRA:

Description

I have 2 installations of foreman 1.16 RC1 (old - after upgrade from nightly version and new - fresh).
Both on RHEL 7; old installation with puppetserver 5.1.3, new installation with puppetserver 5.0.0
In new inst I cannot create new LDAP source, in old one I cannot edit existed LDAP source (I created source before upgrade).
How to reproduce: go to "Administer" - "LDAP Authentication" - "Create Authentication Source" or select existed - fill the fields (even not all) or edit existed and click "Submit" button - you will be redirected on "LDAP Server" tab (if you are not on it already)and that's all (nothing happens and entry of source is not saved).
In production.log I see following lines (the same in both cases):

2017-10-11 14:03:43 ff2ff0aa [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"LED9cgQA2VZHZf1vbbLFYgzq006HlXmnhgypsvD+G5BXMiv5dt8anUsOg7Tkr4Ob3TjMI40keO9ZQ5VKZoi/w==", "auth_source_ldap"=>{"name"=>"NEW_SOURCE", "host"=>"example.com", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_acc", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=com", "groups_base"=>"OU=Security Groups,DC=example,DC=com", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=com", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"uid", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-NEW_SOURCE"}
2017-10-11 14:03:43 ff2ff0aa [app] [I] Current user: admin (administrator)
2017-10-11 14:03:43 ff2ff0aa [app] [I] Failed to save:
2017-10-11 14:03:43 ff2ff0aa [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.2ms)
2017-10-11 14:03:43 ff2ff0aa [app] [I]   Rendered auth_source_ldaps/_form.html.erb (16.0ms)
2017-10-11 14:03:43 ff2ff0aa [app] [I]   Rendered auth_source_ldaps/edit.html.erb (16.6ms)
2017-10-11 14:03:43 ff2ff0aa [app] [I] Completed 200 OK in 31ms (Views: 17.3ms | ActiveRecord: 3.1ms)
2017-10-11 14:03:43 c152d8e9 [app] [I] Started PATCH "/auth_source_ldaps/3-NEW_SOURCE" for 172.16.28.83 at 2017-10-11 14:03:43 +0300
2017-10-11 14:03:43 c152d8e9 [app] [I] Processing by AuthSourceLdapsController#update as */*

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #21175: Unable to add AD LDAP Auth SourceClosedTomáš Strachota10/03/2017Actions
Actions
Copy link
 #1

Updated by Marek Hulán over 6 years ago

Could you please upload a bit more from the log? Ideally start capturing before you start reproducing and makd sure it contains response (Completed ...) line for the last query. What is your version of ldap_fluff library?

Actions
Copy link
 #2

Updated by Ewoud Kohl van Wijngaarden over 6 years ago

  • Status changed from New to Need more information
Actions
Copy link
 #3

Updated by Al Man over 6 years ago

The output of production.log when I tried edit existed LDAP source (I clicked 'Submit' button 3 times):

2017-10-23 17:32:38 b3990428 [app] [I] Started GET "/auth_source_ldaps/3-EXAMPLE/edit" for 172.16.28.83 at 2017-10-23 17:32:38 +0300
2017-10-23 17:32:38 b3990428 [app] [I] Processing by AuthSourceLdapsController#edit as */*
2017-10-23 17:32:38 b3990428 [app] [I]   Parameters: {"id"=>"3-EXAMPLE"}
2017-10-23 17:32:38 b3990428 [app] [I] Current user: admin (administrator)
2017-10-23 17:32:38 b3990428 [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (2.1ms)
2017-10-23 17:32:38 b3990428 [app] [I]   Rendered auth_source_ldaps/_form.html.erb (27.0ms)
2017-10-23 17:32:38 b3990428 [app] [I]   Rendered auth_source_ldaps/edit.html.erb (31.2ms)
2017-10-23 17:32:38 b3990428 [app] [I] Completed 200 OK in 49ms (Views: 34.0ms | ActiveRecord: 4.0ms)
2017-10-23 17:32:41 1fc466f7 [app] [I] Started GET "/notification_recipients" for 172.16.28.83 at 2017-10-23 17:32:41 +0300
2017-10-23 17:32:41 1fc466f7 [app] [I] Processing by NotificationRecipientsController#index as JSON
2017-10-23 17:32:41 1fc466f7 [app] [I] Current user: admin (administrator)
2017-10-23 17:32:41 1fc466f7 [app] [I] Completed 200 OK in 5ms (Views: 0.1ms | ActiveRecord: 0.8ms)
2017-10-23 17:32:45 4498b80a [app] [I] Started PATCH "/auth_source_ldaps/3-EXPAMPLE" for 172.16.28.83 at 2017-10-23 17:32:45 +0300
2017-10-23 17:32:45 4498b80a [app] [I] Processing by AuthSourceLdapsController#update as */*
2017-10-23 17:32:45 4498b80a [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"GgES45cnqqLH7yTWKtL086Xgoqw40RCxy72Nl+RTiGtkbw+JwV4KUtvt2Vjl95oI76/4v22BEzn4pEEKcaWipQ==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-EXAMPLE"}
2017-10-23 17:32:45 4498b80a [app] [I] Current user: admin (administrator)
2017-10-23 17:32:45 4498b80a [app] [I] Failed to save:
2017-10-23 17:32:45 4498b80a [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms)
2017-10-23 17:32:45 4498b80a [app] [I]   Rendered auth_source_ldaps/_form.html.erb (15.2ms)
2017-10-23 17:32:45 4498b80a [app] [I]   Rendered auth_source_ldaps/edit.html.erb (15.7ms)
2017-10-23 17:32:45 4498b80a [app] [I] Completed 200 OK in 31ms (Views: 16.3ms | ActiveRecord: 3.8ms)
2017-10-23 17:32:50 c7eee74e [app] [I] Started PATCH "/auth_source_ldaps/3-example1" for 172.16.28.83 at 2017-10-23 17:32:50 +0300
2017-10-23 17:32:50 c7eee74e [app] [I] Processing by AuthSourceLdapsController#update as */*
2017-10-23 17:32:50 c7eee74e [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"UcP2WN3jiATBb33PFcxMIjnn3N107LWl1S+Hq1lFLTYvresyi5oo9N1tgEHa6SLZc6iGziG8ti3mNks2zLMH+A==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-example1"}
2017-10-23 17:32:50 c7eee74e [app] [I] Current user: admin (administrator)
2017-10-23 17:32:50 c7eee74e [app] [I] Failed to save:
2017-10-23 17:32:50 c7eee74e [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms)
2017-10-23 17:32:50 c7eee74e [app] [I]   Rendered auth_source_ldaps/_form.html.erb (13.8ms)
2017-10-23 17:32:50 c7eee74e [app] [I]   Rendered auth_source_ldaps/edit.html.erb (14.3ms)
2017-10-23 17:32:50 c7eee74e [app] [I] Completed 200 OK in 27ms (Views: 14.8ms | ActiveRecord: 3.6ms)
2017-10-23 17:32:51 cdd5557a [app] [I] Started GET "/notification_recipients" for 172.16.28.83 at 2017-10-23 17:32:51 +0300
2017-10-23 17:32:51 cdd5557a [app] [I] Processing by NotificationRecipientsController#index as JSON
2017-10-23 17:32:51 cdd5557a [app] [I] Current user: admin (administrator)
2017-10-23 17:32:51 cdd5557a [app] [I] Completed 200 OK in 4ms (Views: 0.2ms | ActiveRecord: 0.8ms)
2017-10-23 17:32:54 68919a36 [app] [I] Started PATCH "/auth_source_ldaps/3-example1" for 172.16.28.83 at 2017-10-23 17:32:54 +0300
2017-10-23 17:32:54 68919a36 [app] [I] Processing by AuthSourceLdapsController#update as */*
2017-10-23 17:32:54 68919a36 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"pJwt/8FZnAT70vYI+EyK2As8a5oM4pFSQmIOOIXPWP7a8jCVlyA89OfQC4Y3aeQjQXMxiVmyktpxe8KlEDlyMA==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-example1"}
2017-10-23 17:32:54 68919a36 [app] [I] Current user: admin (administrator)
2017-10-23 17:32:54 68919a36 [app] [I] Failed to save:
2017-10-23 17:32:54 68919a36 [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms)
2017-10-23 17:32:54 68919a36 [app] [I]   Rendered auth_source_ldaps/_form.html.erb (16.3ms)
2017-10-23 17:32:54 68919a36 [app] [I]   Rendered auth_source_ldaps/edit.html.erb (16.8ms)
2017-10-23 17:32:54 68919a36 [app] [I] Completed 200 OK in 33ms (Views: 17.4ms | ActiveRecord: 4.3ms)

The versions of packages:
openldap.x86_64 2.4.44-5.el7 @rhel-base
tfm-rubygem-ldap_fluff.noarch 0.4.7-1.el7 @foreman
tfm-rubygem-net-ldap.noarch 0.15.0-1.el7 @foreman

Actions
Copy link
 #4

Updated by Al Man over 6 years ago

Any news about fixing of this issue? After upgrading to RC2 the problem is still exist

Actions
Copy link
 #5

Updated by Marek Hulán over 6 years ago

  • Status changed from Need more information to New
  • translation missing: en.field_release set to 240

Is this active directory? If that's the case, it's most likely cause by #21175 which should have been cherry-picked but most likely was not as I noted at https://github.com/theforeman/foreman/pull/4885#issuecomment-340074271. Daniel, I'm setting the release here to 1.16 which should hopefully help to get this in.

Al, thanks a lot for testing RC. It would be great ff you could also try to apply the patch from #21175 manually to confirm it fixes the issue.

Actions
Copy link
 #6

Updated by Marek Hulán over 6 years ago

  • Related to Bug #21175: Unable to add AD LDAP Auth Source added
Actions
Copy link
 #7

Updated by Al Man over 6 years ago

Marek Hulán wrote:

Is this active directory? If that's the case, it's most likely cause by #21175 which should have been cherry-picked but most likely was not as I noted at https://github.com/theforeman/foreman/pull/4885#issuecomment-340074271. Daniel, I'm setting the release here to 1.16 which should hopefully help to get this in.

Al, thanks a lot for testing RC. It would be great ff you could also try to apply the patch from #21175 manually to confirm it fixes the issue.

Yes, you are right, it's AD. I applied this patch and it solved this issue. Thank you, Marek!

Actions
Copy link
 #8

Updated by Marek Hulán over 6 years ago

Thanks for confirmation! Keeping this open as a 1.16.0 blocker.

Actions
Copy link
 #10

Updated by Daniel Lobato Garcia over 6 years ago

  • Status changed from New to Duplicate
Actions
Copy link

Also available in: Atom PDF