Bug #27402
closedThe Foreman "forgets" group members after update to 1.22.0
Description
I've just updated from 1.21.3 to 1.22.0 and found that users got permission denied messages after logging in, for example because of missing "view_hosts" permissions. After logging in as admin I recognized that the groups didn't have any members anymore. So I added the members again, saved the change, reloaded the group again to verify (members where still there), logged out from admin and logged in as normal user -> No view_hosts permission. Logged back in as admin and saw that the group had no members again.
How reproducible:
always
Steps to Reproduce:
1. Set up LDAP authentication with synchronization enabled
2. Create simple Satellite Usergroup with no external user group link
3. Add users from the LDAP auth source to the Usergroup
4. Log-in as any of the LDAP users aded to the Usergroup
Actual results:
LDAP users are no longer members of the Satellite Usergroup.
Expected results:
No change in the Usergroup memberships.
Updated by Marek Hulán over 5 years ago
I assume you use LDAP and you are syncing external user groups in cron, is that correct? Do you see some related changes in Monitor -> Audits?
Updated by Dirk Heinrichs over 5 years ago
No. The only entries there are those for when I re-added the members.
Updated by Dirk Heinrichs over 5 years ago
It works if I assign the roles to the users directly.
Updated by Dirk Heinrichs over 5 years ago
Oh, and yes, I'm using LDAP (synchronized groups manually using the button, though).
Updated by Tomer Brisker over 5 years ago
- Related to Bug #25795: LDAP - When User Group sync is enabled, user wait long time to authenticate / login added
Updated by Ondřej Ezr over 5 years ago
I am unable to reproduce :(
Do I understand correctly you have the `Usergroup Sync` disabled on the ldap definition?
What ldap provider are you using?
Updated by Dirk Heinrichs over 5 years ago
Yes, did it manually when configuring the LDAP connection. Groups don't change so often in our environment. The LDAP provider is AD.
Updated by Tomer Brisker about 5 years ago
- Priority changed from Urgent to High
- Target version deleted (
1.22.1)
Could you please provide some more information regarding your setup to help reproduce? do you have any plugins installed or special configuration?
we are having difficulty reproducing this issue.
Updated by Dirk Heinrichs about 5 years ago
No, there are no plugins installed and there is no special configuration.
Updated by Ondřej Ezr about 5 years ago
Hi Dirk,
I have been able to reproduce an issue where the LDAP users are removed from groups, which are not synced with LDAP (do not have any external user groups).
Is that your setup?
Updated by The Foreman Bot about 5 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/7045 added
Updated by Dirk Heinrichs about 5 years ago
Not sure what you mean by "LDAP users are removed from groups". Do mean inside Foreman, or in LDAP itself?
Updated by Ondřej Ezr about 5 years ago
- Description updated (diff)
I have specified the reproducer.
Does that describe your issue?
Updated by Ondřej Ezr about 5 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset 1a1551359b2d287fd68208292c73531e86440ba6.
Updated by Tomer Brisker about 5 years ago
- Fixed in Releases 1.22.2, 1.23.1 added
Updated by Dirk Heinrichs almost 5 years ago
Just updated to 1.22.2 and then to 1.23.1. Both releases still have the problem.
Updated by The Foreman Bot over 4 years ago
- Pull request https://github.com/theforeman/foreman/pull/7461 added