Bug #27402
closed
The Foreman "forgets" group members after update to 1.22.0
Added by Dirk Heinrichs almost 5 years ago.
Updated about 4 years ago.
Description
I've just updated from 1.21.3 to 1.22.0 and found that users got permission denied messages after logging in, for example because of missing "view_hosts" permissions. After logging in as admin I recognized that the groups didn't have any members anymore. So I added the members again, saved the change, reloaded the group again to verify (members where still there), logged out from admin and logged in as normal user -> No view_hosts permission. Logged back in as admin and saw that the group had no members again.
How reproducible:
always
Steps to Reproduce:
1. Set up LDAP authentication with synchronization enabled
2. Create simple Satellite Usergroup with no external user group link
3. Add users from the LDAP auth source to the Usergroup
4. Log-in as any of the LDAP users aded to the Usergroup
Actual results:
LDAP users are no longer members of the Satellite Usergroup.
Expected results:
No change in the Usergroup memberships.
I assume you use LDAP and you are syncing external user groups in cron, is that correct? Do you see some related changes in Monitor -> Audits?
No. The only entries there are those for when I re-added the members.
It works if I assign the roles to the users directly.
Oh, and yes, I'm using LDAP (synchronized groups manually using the button, though).
- Category set to Authentication
- Target version set to 1.22.1
- Related to Bug #25795: LDAP - When User Group sync is enabled, user wait long time to authenticate / login added
- Assignee set to Ondřej Ezr
I am unable to reproduce :(
Do I understand correctly you have the `Usergroup Sync` disabled on the ldap definition?
What ldap provider are you using?
Yes, did it manually when configuring the LDAP connection. Groups don't change so often in our environment. The LDAP provider is AD.
- Priority changed from Urgent to High
- Target version deleted (
1.22.1)
Could you please provide some more information regarding your setup to help reproduce? do you have any plugins installed or special configuration?
we are having difficulty reproducing this issue.
No, there are no plugins installed and there is no special configuration.
Hi Dirk,
I have been able to reproduce an issue where the LDAP users are removed from groups, which are not synced with LDAP (do not have any external user groups).
Is that your setup?
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/7045 added
Not sure what you mean by "LDAP users are removed from groups". Do mean inside Foreman, or in LDAP itself?
- Target version set to 1.22.2
- Description updated (diff)
I have specified the reproducer.
Does that describe your issue?
- Bugzilla link set to 1753907
- Fixed in Releases 1.24.0 added
- Status changed from Ready For Testing to Closed
- Fixed in Releases 1.22.2, 1.23.1 added
Just updated to 1.22.2 and then to 1.23.1. Both releases still have the problem.
- Pull request https://github.com/theforeman/foreman/pull/7461 added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by