Bug #21300
closedLDAP Authentication doesn't work for Foreman 1.16 RC1
Description
I have 2 installations of foreman 1.16 RC1 (old - after upgrade from nightly version and new - fresh).
Both on RHEL 7; old installation with puppetserver 5.1.3, new installation with puppetserver 5.0.0
In new inst I cannot create new LDAP source, in old one I cannot edit existed LDAP source (I created source before upgrade).
How to reproduce: go to "Administer" - "LDAP Authentication" - "Create Authentication Source" or select existed - fill the fields (even not all) or edit existed and click "Submit" button - you will be redirected on "LDAP Server" tab (if you are not on it already)and that's all (nothing happens and entry of source is not saved).
In production.log I see following lines (the same in both cases):
2017-10-11 14:03:43 ff2ff0aa [app] [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"LED9cgQA2VZHZf1vbbLFYgzq006HlXmnhgypsvD+G5BXMiv5dt8anUsOg7Tkr4Ob3TjMI40keO9ZQ5VKZoi/w==", "auth_source_ldap"=>{"name"=>"NEW_SOURCE", "host"=>"example.com", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_acc", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=com", "groups_base"=>"OU=Security Groups,DC=example,DC=com", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=com", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"uid", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-NEW_SOURCE"} 2017-10-11 14:03:43 ff2ff0aa [app] [I] Current user: admin (administrator) 2017-10-11 14:03:43 ff2ff0aa [app] [I] Failed to save: 2017-10-11 14:03:43 ff2ff0aa [app] [I] Rendered taxonomies/_loc_org_tabs.html.erb (0.2ms) 2017-10-11 14:03:43 ff2ff0aa [app] [I] Rendered auth_source_ldaps/_form.html.erb (16.0ms) 2017-10-11 14:03:43 ff2ff0aa [app] [I] Rendered auth_source_ldaps/edit.html.erb (16.6ms) 2017-10-11 14:03:43 ff2ff0aa [app] [I] Completed 200 OK in 31ms (Views: 17.3ms | ActiveRecord: 3.1ms) 2017-10-11 14:03:43 c152d8e9 [app] [I] Started PATCH "/auth_source_ldaps/3-NEW_SOURCE" for 172.16.28.83 at 2017-10-11 14:03:43 +0300 2017-10-11 14:03:43 c152d8e9 [app] [I] Processing by AuthSourceLdapsController#update as */*
Updated by Marek Hulán about 7 years ago
Could you please upload a bit more from the log? Ideally start capturing before you start reproducing and makd sure it contains response (Completed ...) line for the last query. What is your version of ldap_fluff library?
Updated by Ewoud Kohl van Wijngaarden almost 7 years ago
- Status changed from New to Need more information
Updated by Al Man almost 7 years ago
The output of production.log when I tried edit existed LDAP source (I clicked 'Submit' button 3 times):
2017-10-23 17:32:38 b3990428 [app] [I] Started GET "/auth_source_ldaps/3-EXAMPLE/edit" for 172.16.28.83 at 2017-10-23 17:32:38 +0300 2017-10-23 17:32:38 b3990428 [app] [I] Processing by AuthSourceLdapsController#edit as */* 2017-10-23 17:32:38 b3990428 [app] [I] Parameters: {"id"=>"3-EXAMPLE"} 2017-10-23 17:32:38 b3990428 [app] [I] Current user: admin (administrator) 2017-10-23 17:32:38 b3990428 [app] [I] Rendered taxonomies/_loc_org_tabs.html.erb (2.1ms) 2017-10-23 17:32:38 b3990428 [app] [I] Rendered auth_source_ldaps/_form.html.erb (27.0ms) 2017-10-23 17:32:38 b3990428 [app] [I] Rendered auth_source_ldaps/edit.html.erb (31.2ms) 2017-10-23 17:32:38 b3990428 [app] [I] Completed 200 OK in 49ms (Views: 34.0ms | ActiveRecord: 4.0ms) 2017-10-23 17:32:41 1fc466f7 [app] [I] Started GET "/notification_recipients" for 172.16.28.83 at 2017-10-23 17:32:41 +0300 2017-10-23 17:32:41 1fc466f7 [app] [I] Processing by NotificationRecipientsController#index as JSON 2017-10-23 17:32:41 1fc466f7 [app] [I] Current user: admin (administrator) 2017-10-23 17:32:41 1fc466f7 [app] [I] Completed 200 OK in 5ms (Views: 0.1ms | ActiveRecord: 0.8ms) 2017-10-23 17:32:45 4498b80a [app] [I] Started PATCH "/auth_source_ldaps/3-EXPAMPLE" for 172.16.28.83 at 2017-10-23 17:32:45 +0300 2017-10-23 17:32:45 4498b80a [app] [I] Processing by AuthSourceLdapsController#update as */* 2017-10-23 17:32:45 4498b80a [app] [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"GgES45cnqqLH7yTWKtL086Xgoqw40RCxy72Nl+RTiGtkbw+JwV4KUtvt2Vjl95oI76/4v22BEzn4pEEKcaWipQ==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-EXAMPLE"} 2017-10-23 17:32:45 4498b80a [app] [I] Current user: admin (administrator) 2017-10-23 17:32:45 4498b80a [app] [I] Failed to save: 2017-10-23 17:32:45 4498b80a [app] [I] Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms) 2017-10-23 17:32:45 4498b80a [app] [I] Rendered auth_source_ldaps/_form.html.erb (15.2ms) 2017-10-23 17:32:45 4498b80a [app] [I] Rendered auth_source_ldaps/edit.html.erb (15.7ms) 2017-10-23 17:32:45 4498b80a [app] [I] Completed 200 OK in 31ms (Views: 16.3ms | ActiveRecord: 3.8ms) 2017-10-23 17:32:50 c7eee74e [app] [I] Started PATCH "/auth_source_ldaps/3-example1" for 172.16.28.83 at 2017-10-23 17:32:50 +0300 2017-10-23 17:32:50 c7eee74e [app] [I] Processing by AuthSourceLdapsController#update as */* 2017-10-23 17:32:50 c7eee74e [app] [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"UcP2WN3jiATBb33PFcxMIjnn3N107LWl1S+Hq1lFLTYvresyi5oo9N1tgEHa6SLZc6iGziG8ti3mNks2zLMH+A==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-example1"} 2017-10-23 17:32:50 c7eee74e [app] [I] Current user: admin (administrator) 2017-10-23 17:32:50 c7eee74e [app] [I] Failed to save: 2017-10-23 17:32:50 c7eee74e [app] [I] Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms) 2017-10-23 17:32:50 c7eee74e [app] [I] Rendered auth_source_ldaps/_form.html.erb (13.8ms) 2017-10-23 17:32:50 c7eee74e [app] [I] Rendered auth_source_ldaps/edit.html.erb (14.3ms) 2017-10-23 17:32:50 c7eee74e [app] [I] Completed 200 OK in 27ms (Views: 14.8ms | ActiveRecord: 3.6ms) 2017-10-23 17:32:51 cdd5557a [app] [I] Started GET "/notification_recipients" for 172.16.28.83 at 2017-10-23 17:32:51 +0300 2017-10-23 17:32:51 cdd5557a [app] [I] Processing by NotificationRecipientsController#index as JSON 2017-10-23 17:32:51 cdd5557a [app] [I] Current user: admin (administrator) 2017-10-23 17:32:51 cdd5557a [app] [I] Completed 200 OK in 4ms (Views: 0.2ms | ActiveRecord: 0.8ms) 2017-10-23 17:32:54 68919a36 [app] [I] Started PATCH "/auth_source_ldaps/3-example1" for 172.16.28.83 at 2017-10-23 17:32:54 +0300 2017-10-23 17:32:54 68919a36 [app] [I] Processing by AuthSourceLdapsController#update as */* 2017-10-23 17:32:54 68919a36 [app] [I] Parameters: {"utf8"=>"✓", "authenticity_token"=>"pJwt/8FZnAT70vYI+EyK2As8a5oM4pFSQmIOOIXPWP7a8jCVlyA89OfQC4Y3aeQjQXMxiVmyktpxe8KlEDlyMA==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-example1"} 2017-10-23 17:32:54 68919a36 [app] [I] Current user: admin (administrator) 2017-10-23 17:32:54 68919a36 [app] [I] Failed to save: 2017-10-23 17:32:54 68919a36 [app] [I] Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms) 2017-10-23 17:32:54 68919a36 [app] [I] Rendered auth_source_ldaps/_form.html.erb (16.3ms) 2017-10-23 17:32:54 68919a36 [app] [I] Rendered auth_source_ldaps/edit.html.erb (16.8ms) 2017-10-23 17:32:54 68919a36 [app] [I] Completed 200 OK in 33ms (Views: 17.4ms | ActiveRecord: 4.3ms)
The versions of packages:
openldap.x86_64 2.4.44-5.el7 @rhel-base
tfm-rubygem-ldap_fluff.noarch 0.4.7-1.el7 @foreman
tfm-rubygem-net-ldap.noarch 0.15.0-1.el7 @foreman
Updated by Al Man almost 7 years ago
Any news about fixing of this issue? After upgrading to RC2 the problem is still exist
Updated by Marek Hulán almost 7 years ago
- Status changed from Need more information to New
- Translation missing: en.field_release set to 240
Is this active directory? If that's the case, it's most likely cause by #21175 which should have been cherry-picked but most likely was not as I noted at https://github.com/theforeman/foreman/pull/4885#issuecomment-340074271. Daniel, I'm setting the release here to 1.16 which should hopefully help to get this in.
Al, thanks a lot for testing RC. It would be great ff you could also try to apply the patch from #21175 manually to confirm it fixes the issue.
Updated by Marek Hulán almost 7 years ago
- Related to Bug #21175: Unable to add AD LDAP Auth Source added
Updated by Al Man almost 7 years ago
Marek Hulán wrote:
Is this active directory? If that's the case, it's most likely cause by #21175 which should have been cherry-picked but most likely was not as I noted at https://github.com/theforeman/foreman/pull/4885#issuecomment-340074271. Daniel, I'm setting the release here to 1.16 which should hopefully help to get this in.
Al, thanks a lot for testing RC. It would be great ff you could also try to apply the patch from #21175 manually to confirm it fixes the issue.
Yes, you are right, it's AD. I applied this patch and it solved this issue. Thank you, Marek!
Updated by Marek Hulán almost 7 years ago
Thanks for confirmation! Keeping this open as a 1.16.0 blocker.
Updated by Daniel Lobato Garcia almost 7 years ago
This was cherry-picked to 1.16.0 (RC3) as https://github.com/theforeman/foreman/commit/e1f6d739573b49dfa641fd5c2cc1af173340403e, closing
Updated by Daniel Lobato Garcia almost 7 years ago
- Status changed from New to Duplicate