Project

General

Profile

Actions

Bug #27402

closed

The Foreman "forgets" group members after update to 1.22.0

Added by Dirk Heinrichs over 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
Authentication
Target version:
Fixed in Releases:
Found in Releases:

Description

I've just updated from 1.21.3 to 1.22.0 and found that users got permission denied messages after logging in, for example because of missing "view_hosts" permissions. After logging in as admin I recognized that the groups didn't have any members anymore. So I added the members again, saved the change, reloaded the group again to verify (members where still there), logged out from admin and logged in as normal user -> No view_hosts permission. Logged back in as admin and saw that the group had no members again.

How reproducible:
always

Steps to Reproduce:
1. Set up LDAP authentication with synchronization enabled
2. Create simple Satellite Usergroup with no external user group link
3. Add users from the LDAP auth source to the Usergroup
4. Log-in as any of the LDAP users aded to the Usergroup

Actual results:
LDAP users are no longer members of the Satellite Usergroup.

Expected results:
No change in the Usergroup memberships.


Related issues 1 (0 open1 closed)

Related to Foreman - Bug #25795: LDAP - When User Group sync is enabled, user wait long time to authenticate / loginClosedOndřej EzrActions
Actions #1

Updated by Marek Hulán over 5 years ago

I assume you use LDAP and you are syncing external user groups in cron, is that correct? Do you see some related changes in Monitor -> Audits?

Actions #2

Updated by Dirk Heinrichs over 5 years ago

No. The only entries there are those for when I re-added the members.

Actions #3

Updated by Dirk Heinrichs over 5 years ago

It works if I assign the roles to the users directly.

Actions #4

Updated by Dirk Heinrichs over 5 years ago

Oh, and yes, I'm using LDAP (synchronized groups manually using the button, though).

Actions #5

Updated by Tomer Brisker over 5 years ago

  • Category set to Authentication
Actions #6

Updated by Tomer Brisker over 5 years ago

  • Target version set to 1.22.1
Actions #7

Updated by Tomer Brisker over 5 years ago

  • Related to Bug #25795: LDAP - When User Group sync is enabled, user wait long time to authenticate / login added
Actions #8

Updated by Tomer Brisker over 5 years ago

  • Assignee set to Ondřej Ezr
Actions #9

Updated by Ondřej Ezr over 5 years ago

I am unable to reproduce :(
Do I understand correctly you have the `Usergroup Sync` disabled on the ldap definition?
What ldap provider are you using?

Actions #10

Updated by Dirk Heinrichs over 5 years ago

Yes, did it manually when configuring the LDAP connection. Groups don't change so often in our environment. The LDAP provider is AD.

Actions #11

Updated by Tomer Brisker about 5 years ago

  • Priority changed from Urgent to High
  • Target version deleted (1.22.1)

Could you please provide some more information regarding your setup to help reproduce? do you have any plugins installed or special configuration?
we are having difficulty reproducing this issue.

Actions #12

Updated by Dirk Heinrichs about 5 years ago

No, there are no plugins installed and there is no special configuration.

Actions #13

Updated by Ondřej Ezr about 5 years ago

Hi Dirk,

I have been able to reproduce an issue where the LDAP users are removed from groups, which are not synced with LDAP (do not have any external user groups).
Is that your setup?

Actions #14

Updated by The Foreman Bot about 5 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/7045 added
Actions #15

Updated by Dirk Heinrichs about 5 years ago

Not sure what you mean by "LDAP users are removed from groups". Do mean inside Foreman, or in LDAP itself?

Actions #16

Updated by Tomer Brisker about 5 years ago

  • Target version set to 1.22.2
Actions #17

Updated by Ondřej Ezr about 5 years ago

  • Description updated (diff)

I have specified the reproducer.
Does that describe your issue?

Actions #18

Updated by Ondřej Ezr about 5 years ago

  • Bugzilla link set to 1753907
Actions #19

Updated by The Foreman Bot about 5 years ago

  • Fixed in Releases 1.24.0 added
Actions #20

Updated by Ondřej Ezr about 5 years ago

  • Status changed from Ready For Testing to Closed
Actions #21

Updated by Tomer Brisker about 5 years ago

  • Fixed in Releases 1.22.2, 1.23.1 added
Actions #22

Updated by Dirk Heinrichs almost 5 years ago

Just updated to 1.22.2 and then to 1.23.1. Both releases still have the problem.

Actions #23

Updated by The Foreman Bot over 4 years ago

  • Pull request https://github.com/theforeman/foreman/pull/7461 added
Actions

Also available in: Atom PDF