Bug #15286

hammer can't create external groups based on IPA/IdM integration

Added by Bryan Kearney 10 months ago. Updated 3 months ago.

Status:New
Priority:Normal
Assigned To:-
Category:Authorization
Target version:Team Marek backlog
Difficulty: Bugzilla link:1336236
Found in release: Pull request:
Story points-
Velocity based estimate-

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1336236
Description of problem:
hammer user-group external create requires auth_source_id which is not available when configuring IPA/IdM integration with
katello-installer --foreman-ipa-authentication=true

Version-Release number of selected component (if applicable):
6.1.8

How reproducible:
Always

Steps to Reproduce:
1. ipa-client-install
2. katello-installer --foreman-ipa-authentication=true
3. hammer user-group create --name=dummy --role-ids=1,2,3,4
User group [dummy] created
4. hammer user-group external create --name=dummy --user-group=dummy

Actual results:

Could not create external user group:
Missing arguments for 'auth_source_id'

--- No value of auth_source_id works

Expected results:

External group [dummy] created

Additional info:

[root@sat6 /]# hammer auth-source ldap list
---|------|--------|------|------------
ID | NAME | LDAPS? | PORT | SERVER TYPE
---|------|--------|------|------------

History

#1 Updated by Dominic Cleal 10 months ago

  • Category set to Authorization
  • Status changed from New to Feedback

requires auth_source_id which is not available when configuring IPA/IdM integration [..]

An auth source is created when configuring authorize_login_delegation_auth_source_user_autocreate and a user logs in with the external mechanism. The auth source can then be used to create external user groups.

#2 Updated by Marek Hulán 3 months ago

  • Status changed from Feedback to New
  • Target version set to Team Marek backlog

We should probably seed the external auth source, so the very first login attempt could already have some mapped external user groups. I hope that's acceptable fix, so reopening.

Also available in: Atom PDF