Project

General

Profile

Actions

Bug #21300

closed

LDAP Authentication doesn't work for Foreman 1.16 RC1

Added by Al Man about 7 years ago. Updated over 6 years ago.

Status:
Duplicate
Priority:
High
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

I have 2 installations of foreman 1.16 RC1 (old - after upgrade from nightly version and new - fresh).
Both on RHEL 7; old installation with puppetserver 5.1.3, new installation with puppetserver 5.0.0
In new inst I cannot create new LDAP source, in old one I cannot edit existed LDAP source (I created source before upgrade).
How to reproduce: go to "Administer" - "LDAP Authentication" - "Create Authentication Source" or select existed - fill the fields (even not all) or edit existed and click "Submit" button - you will be redirected on "LDAP Server" tab (if you are not on it already)and that's all (nothing happens and entry of source is not saved).
In production.log I see following lines (the same in both cases):

2017-10-11 14:03:43 ff2ff0aa [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"LED9cgQA2VZHZf1vbbLFYgzq006HlXmnhgypsvD+G5BXMiv5dt8anUsOg7Tkr4Ob3TjMI40keO9ZQ5VKZoi/w==", "auth_source_ldap"=>{"name"=>"NEW_SOURCE", "host"=>"example.com", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_acc", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=com", "groups_base"=>"OU=Security Groups,DC=example,DC=com", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=com", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"uid", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-NEW_SOURCE"}
2017-10-11 14:03:43 ff2ff0aa [app] [I] Current user: admin (administrator)
2017-10-11 14:03:43 ff2ff0aa [app] [I] Failed to save:
2017-10-11 14:03:43 ff2ff0aa [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.2ms)
2017-10-11 14:03:43 ff2ff0aa [app] [I]   Rendered auth_source_ldaps/_form.html.erb (16.0ms)
2017-10-11 14:03:43 ff2ff0aa [app] [I]   Rendered auth_source_ldaps/edit.html.erb (16.6ms)
2017-10-11 14:03:43 ff2ff0aa [app] [I] Completed 200 OK in 31ms (Views: 17.3ms | ActiveRecord: 3.1ms)
2017-10-11 14:03:43 c152d8e9 [app] [I] Started PATCH "/auth_source_ldaps/3-NEW_SOURCE" for 172.16.28.83 at 2017-10-11 14:03:43 +0300
2017-10-11 14:03:43 c152d8e9 [app] [I] Processing by AuthSourceLdapsController#update as */*


Related issues 1 (0 open1 closed)

Related to Foreman - Bug #21175: Unable to add AD LDAP Auth SourceClosedTomáš Strachota10/03/2017Actions
Actions #1

Updated by Marek Hulán about 7 years ago

Could you please upload a bit more from the log? Ideally start capturing before you start reproducing and makd sure it contains response (Completed ...) line for the last query. What is your version of ldap_fluff library?

Actions #2

Updated by Ewoud Kohl van Wijngaarden almost 7 years ago

  • Status changed from New to Need more information
Actions #3

Updated by Al Man almost 7 years ago

The output of production.log when I tried edit existed LDAP source (I clicked 'Submit' button 3 times):

2017-10-23 17:32:38 b3990428 [app] [I] Started GET "/auth_source_ldaps/3-EXAMPLE/edit" for 172.16.28.83 at 2017-10-23 17:32:38 +0300
2017-10-23 17:32:38 b3990428 [app] [I] Processing by AuthSourceLdapsController#edit as */*
2017-10-23 17:32:38 b3990428 [app] [I]   Parameters: {"id"=>"3-EXAMPLE"}
2017-10-23 17:32:38 b3990428 [app] [I] Current user: admin (administrator)
2017-10-23 17:32:38 b3990428 [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (2.1ms)
2017-10-23 17:32:38 b3990428 [app] [I]   Rendered auth_source_ldaps/_form.html.erb (27.0ms)
2017-10-23 17:32:38 b3990428 [app] [I]   Rendered auth_source_ldaps/edit.html.erb (31.2ms)
2017-10-23 17:32:38 b3990428 [app] [I] Completed 200 OK in 49ms (Views: 34.0ms | ActiveRecord: 4.0ms)
2017-10-23 17:32:41 1fc466f7 [app] [I] Started GET "/notification_recipients" for 172.16.28.83 at 2017-10-23 17:32:41 +0300
2017-10-23 17:32:41 1fc466f7 [app] [I] Processing by NotificationRecipientsController#index as JSON
2017-10-23 17:32:41 1fc466f7 [app] [I] Current user: admin (administrator)
2017-10-23 17:32:41 1fc466f7 [app] [I] Completed 200 OK in 5ms (Views: 0.1ms | ActiveRecord: 0.8ms)
2017-10-23 17:32:45 4498b80a [app] [I] Started PATCH "/auth_source_ldaps/3-EXPAMPLE" for 172.16.28.83 at 2017-10-23 17:32:45 +0300
2017-10-23 17:32:45 4498b80a [app] [I] Processing by AuthSourceLdapsController#update as */*
2017-10-23 17:32:45 4498b80a [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"GgES45cnqqLH7yTWKtL086Xgoqw40RCxy72Nl+RTiGtkbw+JwV4KUtvt2Vjl95oI76/4v22BEzn4pEEKcaWipQ==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-EXAMPLE"}
2017-10-23 17:32:45 4498b80a [app] [I] Current user: admin (administrator)
2017-10-23 17:32:45 4498b80a [app] [I] Failed to save:
2017-10-23 17:32:45 4498b80a [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms)
2017-10-23 17:32:45 4498b80a [app] [I]   Rendered auth_source_ldaps/_form.html.erb (15.2ms)
2017-10-23 17:32:45 4498b80a [app] [I]   Rendered auth_source_ldaps/edit.html.erb (15.7ms)
2017-10-23 17:32:45 4498b80a [app] [I] Completed 200 OK in 31ms (Views: 16.3ms | ActiveRecord: 3.8ms)
2017-10-23 17:32:50 c7eee74e [app] [I] Started PATCH "/auth_source_ldaps/3-example1" for 172.16.28.83 at 2017-10-23 17:32:50 +0300
2017-10-23 17:32:50 c7eee74e [app] [I] Processing by AuthSourceLdapsController#update as */*
2017-10-23 17:32:50 c7eee74e [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"UcP2WN3jiATBb33PFcxMIjnn3N107LWl1S+Hq1lFLTYvresyi5oo9N1tgEHa6SLZc6iGziG8ti3mNks2zLMH+A==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-example1"}
2017-10-23 17:32:50 c7eee74e [app] [I] Current user: admin (administrator)
2017-10-23 17:32:50 c7eee74e [app] [I] Failed to save:
2017-10-23 17:32:50 c7eee74e [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms)
2017-10-23 17:32:50 c7eee74e [app] [I]   Rendered auth_source_ldaps/_form.html.erb (13.8ms)
2017-10-23 17:32:50 c7eee74e [app] [I]   Rendered auth_source_ldaps/edit.html.erb (14.3ms)
2017-10-23 17:32:50 c7eee74e [app] [I] Completed 200 OK in 27ms (Views: 14.8ms | ActiveRecord: 3.6ms)
2017-10-23 17:32:51 cdd5557a [app] [I] Started GET "/notification_recipients" for 172.16.28.83 at 2017-10-23 17:32:51 +0300
2017-10-23 17:32:51 cdd5557a [app] [I] Processing by NotificationRecipientsController#index as JSON
2017-10-23 17:32:51 cdd5557a [app] [I] Current user: admin (administrator)
2017-10-23 17:32:51 cdd5557a [app] [I] Completed 200 OK in 4ms (Views: 0.2ms | ActiveRecord: 0.8ms)
2017-10-23 17:32:54 68919a36 [app] [I] Started PATCH "/auth_source_ldaps/3-example1" for 172.16.28.83 at 2017-10-23 17:32:54 +0300
2017-10-23 17:32:54 68919a36 [app] [I] Processing by AuthSourceLdapsController#update as */*
2017-10-23 17:32:54 68919a36 [app] [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"pJwt/8FZnAT70vYI+EyK2As8a5oM4pFSQmIOOIXPWP7a8jCVlyA89OfQC4Y3aeQjQXMxiVmyktpxe8KlEDlyMA==", "auth_source_ldap"=>{"name"=>"example1", "host"=>"example.ru", "tls"=>"0", "port"=>"389", "server_type"=>"active_directory", "account"=>"ad_auth", "account_password"=>"[FILTERED]", "base_dn"=>"DC=example,DC=ru", "groups_base"=>"OU=Security Groups,DC=example,DC=ru", "use_netgroups"=>"0", "ldap_filter"=>"memberOf=CN=puppet,OU=Security Groups,DC=example,DC=ru", "onthefly_register"=>"0", "usergroup_sync"=>"1", "attr_login"=>"userPrincipalName", "attr_firstname"=>"givenName", "attr_lastname"=>"sn", "attr_mail"=>"mail", "attr_photo"=>""}, "_ie_support"=>"", "id"=>"3-example1"}
2017-10-23 17:32:54 68919a36 [app] [I] Current user: admin (administrator)
2017-10-23 17:32:54 68919a36 [app] [I] Failed to save:
2017-10-23 17:32:54 68919a36 [app] [I]   Rendered taxonomies/_loc_org_tabs.html.erb (0.1ms)
2017-10-23 17:32:54 68919a36 [app] [I]   Rendered auth_source_ldaps/_form.html.erb (16.3ms)
2017-10-23 17:32:54 68919a36 [app] [I]   Rendered auth_source_ldaps/edit.html.erb (16.8ms)
2017-10-23 17:32:54 68919a36 [app] [I] Completed 200 OK in 33ms (Views: 17.4ms | ActiveRecord: 4.3ms)

The versions of packages:
openldap.x86_64 2.4.44-5.el7 @rhel-base
tfm-rubygem-ldap_fluff.noarch 0.4.7-1.el7 @foreman
tfm-rubygem-net-ldap.noarch 0.15.0-1.el7 @foreman

Actions #4

Updated by Al Man almost 7 years ago

Any news about fixing of this issue? After upgrading to RC2 the problem is still exist

Actions #5

Updated by Marek Hulán almost 7 years ago

  • Status changed from Need more information to New
  • Translation missing: en.field_release set to 240

Is this active directory? If that's the case, it's most likely cause by #21175 which should have been cherry-picked but most likely was not as I noted at https://github.com/theforeman/foreman/pull/4885#issuecomment-340074271. Daniel, I'm setting the release here to 1.16 which should hopefully help to get this in.

Al, thanks a lot for testing RC. It would be great ff you could also try to apply the patch from #21175 manually to confirm it fixes the issue.

Actions #6

Updated by Marek Hulán almost 7 years ago

  • Related to Bug #21175: Unable to add AD LDAP Auth Source added
Actions #7

Updated by Al Man almost 7 years ago

Marek Hulán wrote:

Is this active directory? If that's the case, it's most likely cause by #21175 which should have been cherry-picked but most likely was not as I noted at https://github.com/theforeman/foreman/pull/4885#issuecomment-340074271. Daniel, I'm setting the release here to 1.16 which should hopefully help to get this in.

Al, thanks a lot for testing RC. It would be great ff you could also try to apply the patch from #21175 manually to confirm it fixes the issue.

Yes, you are right, it's AD. I applied this patch and it solved this issue. Thank you, Marek!

Actions #8

Updated by Marek Hulán almost 7 years ago

Thanks for confirmation! Keeping this open as a 1.16.0 blocker.

Actions #10

Updated by Daniel Lobato Garcia almost 7 years ago

  • Status changed from New to Duplicate
Actions

Also available in: Atom PDF