Bug #37757
closedLDAP not working on high availability foreman environment
Description
We have a load balancer that round robins to each of our 4 foreman servers, they all point to the same redis/postgres server. If I setup a single instance of LDAP, it will auth on one of those servers. If someone tries to log in and the auth gets sent to a different server, it will fail. My current work around was to create 4 duplicate instances of the ldap server, within the UI. I had to make sure that the settings change went to each individual server. Now they can all auth, but that seems like a really poor work around.
Foreman version: 3.10.0
Plugins:
- foreman-tasks 9.1.1
- foreman_default_hostgroup 7.0.0
- foreman_kubevirt 0.1.9
- foreman_puppet 6.2.0
- foreman_remote_execution 13.0.0
- foreman_salt 16.0.2
- foreman_statistics 2.1.0
- foreman_templates 9.4.0
- foreman_vault 2.0.0
2024-08-21T11:08:01 [I|app|78c50d65] Started POST "/users/login" for 10.222.218.3 at 2024-08-21 11:08:01 +0000
2024-08-21T11:08:01 [I|app|78c50d65] Processing by UsersController#login as HTML
2024-08-21T11:08:01 [I|app|78c50d65] Parameters: {"login"=>{"login"=>"jsparrow", "password"=>"[FILTERED]"}, "authenticity_token"=>"[FILTERED]"}
2024-08-21T11:08:01 [W|app|78c50d65] Could not bind to ActiveDirectory user svc_sse_ldap
2024-08-21T11:08:01 [I|app|78c50d65] Backtrace for 'Could not bind to ActiveDirectory user svc_sse_ldap' error (LdapFluff::Generic::UnauthenticatedException): Could not bind to ActiveDirectory user svc_sse_ldap
78c50d65 | /usr/share/gems/gems/ldap_fluff-0.6.0/lib/ldap_fluff/generic.rb:76:in `service_bind'
78c50d65 | /usr/share/gems/gems/ldap_fluff-0.6.0/lib/ldap_fluff/generic.rb:21:in `user_exists?'
78c50d65 | /usr/share/gems/gems/ldap_fluff-0.6.0/lib/ldap_fluff/ldap_fluff.rb:63:in `block in valid_user?'
78c50d65 | /usr/share/gems/gems/ldap_fluff-0.6.0/lib/ldap_fluff/ldap_fluff.rb:94:in `block in instrument'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/notifications.rb:203:in `block in instrument'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/notifications/instrumenter.rb:24:in `instrument'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/notifications.rb:203:in `instrument'
78c50d65 | /usr/share/gems/gems/ldap_fluff-0.6.0/lib/ldap_fluff/ldap_fluff.rb:93:in `instrument'
78c50d65 | /usr/share/gems/gems/ldap_fluff-0.6.0/lib/ldap_fluff/ldap_fluff.rb:62:in `valid_user?'
78c50d65 | /usr/share/foreman/app/models/auth_sources/auth_source_ldap.rb:62:in `authenticate'
78c50d65 | /usr/share/foreman/app/models/user.rb:271:in `try_to_login'
78c50d65 | /usr/share/foreman/app/controllers/users_controller.rb:127:in `login'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/abstract_controller/base.rb:228:in `process_action'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_controller/metal/rendering.rb:30:in `process_action'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/abstract_controller/callbacks.rb:42:in `block in process_action'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/callbacks.rb:117:in `block in run_callbacks'
78c50d65 | /usr/share/foreman/app/controllers/concerns/foreman/controller/timezone.rb:10:in `set_timezone'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
78c50d65 | /usr/share/foreman/app/models/concerns/foreman/thread_session.rb:32:in `clear_thread'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
78c50d65 | /usr/share/foreman/app/controllers/concerns/foreman/controller/topbar_sweeper.rb:12:in `set_topbar_sweeper_controller'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
78c50d65 | /usr/share/gems/gems/audited-5.4.3/lib/audited/sweeper.rb:16:in `around'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
78c50d65 | /usr/share/gems/gems/audited-5.4.3/lib/audited/sweeper.rb:16:in `around'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/callbacks.rb:126:in `block in run_callbacks'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/callbacks.rb:137:in `run_callbacks'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/abstract_controller/callbacks.rb:41:in `process_action'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_controller/metal/rescue.rb:22:in `process_action'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_controller/metal/instrumentation.rb:34:in `block in process_action'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/notifications.rb:203:in `block in instrument'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/notifications/instrumenter.rb:24:in `instrument'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/notifications.rb:203:in `instrument'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_controller/metal/instrumentation.rb:33:in `process_action'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_controller/metal/params_wrapper.rb:249:in `process_action'
78c50d65 | /usr/share/gems/gems/activerecord-6.1.7.7/lib/active_record/railties/controller_runtime.rb:27:in `process_action'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/abstract_controller/base.rb:165:in `process'
78c50d65 | /usr/share/gems/gems/actionview-6.1.7.7/lib/action_view/rendering.rb:39:in `process'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_controller/metal.rb:190:in `dispatch'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_controller/metal.rb:254:in `dispatch'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/routing/route_set.rb:50:in `dispatch'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/routing/route_set.rb:33:in `serve'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/journey/router.rb:50:in `block in serve'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/journey/router.rb:32:in `each'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/journey/router.rb:32:in `serve'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/routing/route_set.rb:842:in `call'
78c50d65 | /usr/share/gems/gems/apipie-dsl-2.6.2/lib/apipie_dsl/static_dispatcher.rb:67:in `call'
78c50d65 | /usr/share/gems/gems/apipie-rails-1.3.0/lib/apipie/static_dispatcher.rb:74:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/static.rb:24:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/static.rb:24:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/static.rb:24:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/static.rb:24:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/static.rb:24:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/static.rb:24:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/static.rb:24:in `call'
78c50d65 | /usr/share/foreman/lib/foreman/middleware/libvirt_connection_cleaner.rb:9:in `call'
78c50d65 | /usr/share/foreman/lib/foreman/middleware/telemetry.rb:10:in `call'
78c50d65 | /usr/share/gems/gems/apipie-rails-1.3.0/lib/apipie/middleware/checksum_in_headers.rb:27:in `call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/tempfile_reaper.rb:15:in `call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/etag.rb:27:in `call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/conditional_get.rb:40:in `call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/head.rb:12:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/http/permissions_policy.rb:22:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/http/content_security_policy.rb:19:in `call'
78c50d65 | /usr/share/foreman/lib/foreman/middleware/logging_context_session.rb:22:in `call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/session/abstract/id.rb:266:in `context'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/session/abstract/id.rb:260:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/cookies.rb:697:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/callbacks.rb:27:in `block in call'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/callbacks.rb:98:in `run_callbacks'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/callbacks.rb:26:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/actionable_exceptions.rb:18:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/debug_exceptions.rb:29:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
78c50d65 | /usr/share/gems/gems/railties-6.1.7.7/lib/rails/rack/logger.rb:37:in `call_app'
78c50d65 | /usr/share/gems/gems/railties-6.1.7.7/lib/rails/rack/logger.rb:28:in `call'
78c50d65 | /usr/share/gems/gems/sprockets-rails-3.4.2/lib/sprockets/rails/quiet_assets.rb:13:in `call'
78c50d65 | /usr/share/foreman/lib/foreman/middleware/logging_context_request.rb:11:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
78c50d65 | /usr/share/gems/gems/request_store-1.6.0/lib/request_store/middleware.rb:19:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/request_id.rb:26:in `call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/method_override.rb:24:in `call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/runtime.rb:22:in `call'
78c50d65 | /usr/share/gems/gems/activesupport-6.1.7.7/lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/executor.rb:14:in `call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/sendfile.rb:110:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/ssl.rb:77:in `call'
78c50d65 | /usr/share/gems/gems/actionpack-6.1.7.7/lib/action_dispatch/middleware/host_authorization.rb:142:in `call'
78c50d65 | /usr/share/gems/gems/secure_headers-6.5.0/lib/secure_headers/middleware.rb:11:in `call'
78c50d65 | /usr/share/gems/gems/railties-6.1.7.7/lib/rails/engine.rb:539:in `call'
78c50d65 | /usr/share/gems/gems/railties-6.1.7.7/lib/rails/railtie.rb:207:in `public_send'
78c50d65 | /usr/share/gems/gems/railties-6.1.7.7/lib/rails/railtie.rb:207:in `method_missing'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/urlmap.rb:74:in `block in call'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/urlmap.rb:58:in `each'
78c50d65 | /usr/share/gems/gems/rack-2.2.4/lib/rack/urlmap.rb:58:in `call'
78c50d65 | /usr/share/gems/gems/puma-6.4.2/lib/puma/configuration.rb:272:in `call'
78c50d65 | /usr/share/gems/gems/puma-6.4.2/lib/puma/request.rb:100:in `block in handle_request'
78c50d65 | /usr/share/gems/gems/puma-6.4.2/lib/puma/thread_pool.rb:378:in `with_force_shutdown'
78c50d65 | /usr/share/gems/gems/puma-6.4.2/lib/puma/request.rb:99:in `handle_request'
78c50d65 | /usr/share/gems/gems/puma-6.4.2/lib/puma/server.rb:464:in `process_client'
78c50d65 | /usr/share/gems/gems/puma-6.4.2/lib/puma/server.rb:245:in `block in run'
78c50d65 | /usr/share/gems/gems/puma-6.4.2/lib/puma/thread_pool.rb:155:in `block in spawn_thread'
78c50d65 | /usr/share/gems/gems/logging-2.3.1/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context'
2024-08-21T11:08:01 [I|app|78c50d65] Rendered common/500.html.erb within layouts/application (Duration: 1.2ms | Allocations: 562)
2024-08-21T11:08:01 [I|app|78c50d65] Rendered layouts/base.html.erb (Duration: 2.3ms | Allocations: 1837)
2024-08-21T11:08:01 [I|app|78c50d65] Rendered layout layouts/application.html.erb (Duration: 4.1ms | Allocations: 2677)
2024-08-21T11:08:01 [I|app|78c50d65] Completed 500 Internal Server Error in 58ms (Views: 4.6ms | ActiveRecord: 23.3ms | Allocations: 6094)
Here is a successful rails login on .152:
1724238948.915660 [0 10.222.206.152:34402] "get" "foreman:failed_login_10.222.218.3"
1724238948.918630 [0 10.222.206.152:34402] "get" "foreman:webpack_foreman_vendor_js"
1724238955.658344 [0 10.222.206.152:34402] "get" "foreman:failed_login_10.222.218.3"
1724238955.864366 [0 10.222.206.152:34402] "del" "foreman:user/5/taxonomy_and_child_ids/organizations"
1724238955.864929 [0 10.222.206.152:34402] "del" "foreman:user/5/taxonomy_and_child_ids/locations"
1724238955.865940 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5"
1724238956.130330 [0 10.222.206.152:34402] "del" "foreman:user/5/taxonomy_and_child_ids/organizations"
1724238956.130868 [0 10.222.206.152:34402] "del" "foreman:user/5/taxonomy_and_child_ids/locations"
1724238956.132013 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5"
1724238956.143475 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5"
1724238956.216965 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5"
1724238956.330156 [0 10.222.206.152:34402] "get" "foreman:webpack_foreman_vendor_js"
1724238956.332011 [0 10.222.206.152:34402] "get" "foreman:views/tabs_and_title_records-5"
1724238956.345126 [0 10.222.206.152:34402] "set" "foreman:views/tabs_and_title_records-5" "\x04\bo: ActiveSupport::Cache::Entry\n:\x0b@value\"\x02~\ax\x9c\xed[\xedo\xd46\x1c\x96\xa6\tM\xfb+\xa2N\xdb\x17\xb8\xf7\x17\xda\x1b\xb0u\xb40&\n\xa8w\xa0I\bE>\xc7\xb93ulc;w\x1cS\xff\xf7\xd9y\xe9\xc5\xb9K\x13(M\x90\xb6~h\xaa\xe4\xf9\xd9\x8f\x9d\xdf\xcbc;\xfd\xfe\x87g\a\xdf\xfd=t\x92\x9f\a>\x13(\x00\xb4%\x10\x80\xaa\x05Y\xc0\x19ET9\x14\x04\xe8\xe1\xc1\xb9\xb9{\xcc\xf9\x81\xe3\x01\x05Z\\0.\x1f\x1e\xfc\xf3\xcb\x87\x90\xa9_\t\xd8\xb0P\xc5\x7fO\x92{\x01\xa2ar\xe7mrKm8Jn\xc5\x17\x19\xce\xdd-\xee^|1\xfdY\xa83F\xb1b\xc2\x02a\xc8\xa8\x05\xf2\x81\xe3\x83\x96\x02p\xc9\x02\xa4\x90\x8d\x86KL<\x81h\x19\x1f\xacP`\x19\xa2\x8fz\xd4\tD\x89\x10%\xb7\x97* .\xe3\n3*\xd3Q_\x16\xd1?\x01r9g@xV\xcb\xa1 \x16\xaa\x13_.\xef}\x117\x1f\x10\xf9E\xe4\xfedR9S\x05T(\x91\xbc\x9e\xe0RC]iA\xebf\xfbD\xb7Q\xc2\xd2\xd7\x10w\x05H\xd8\x14\xc7\xe3\xd0\xc3e$A\x06S7\xbf\x99\x8e\x03\xafl\x12\xe3T\x10\xbdm,\x15\x86\xb2\xa32fuS\x9e^\xd1\xf8l\xda2gZ7\xf5\xbf\xd8\xbc\x84\xf4{6w1]1\b2-\x16\xd3\xf4\xf0\n{\xb9\xf4\xb6\xd3\xeb9\xe2L4\xe5`\x8f\x19\xf5\xf1\xc29\x03\x14,\x90\xce\xee\xea\xfa\xf1\xc3\b\xee\x8a\x98\xf2o\x12\x01\x01\x97\x0f\xd1J\x1b\xfa!\xb9\xfb\xf3\xe0\xe4\xae\xc9\xbc\xcd\x8c%\x9eHg\x86\x02N\x80*\xcb\x90*\x85u\xe2\xd1\xb8\xca\xb6\xbb\xe1[}\x12\xbb\xb73\x03\xf2\xa2\xa9\xe4\xb1\xed\xba,\b\x95\x81vTs\\\xcf\x11\x0c\x85\xc0t\xe1<g\x8b\xca\xb9#\xa6-R[\x97dl/\xdf\x15\x8f\xa1\x9a\x941\xe5\xd6&R d$\x12\xab\xdb\x101_^\xd6\bqv\xd9\xef\x15\tM\xe5\x1d-\\\x15\x8aHV\xe0\xd8\xa1h\xdd\x94_.tEB\xa22S\x91\x18|\x95$\xf2J\xb0\x15\x96\x9a\xa8\t\x8c)R!of\x16\x8eu\x96\xd7-C\x15\x8a\xb2\xb4\nv\xa1\xb5\xcbd-\xdf\xd7@ \xe7\x8cy\x88\x94\xf0\r2\x98\xba\x89>\xa3Z\xf1\x10\x12i\t\xe7\x0cy\x18\x94p\xddB\xea\xa6\xfa\x92#\xa1y\x1a7\xdch\xf7\x0eJf\x95\xa5p\x99E\xdf0\x1afU\x0b\xf4-\t\xdb\r\x85\x9f+.\\\xa9\x8d\x1a\xe2\xfb\n\b\x85#\xd7\x9a\x819\xa9.\x87\xb8\xca\xc0k'\x9d\xcdx\x9f\xad\xe4x\xc6\xba\xba\x9e\xbb\xb5\xc5\x84\xa3\xaa\r\xc0\xac*\xf2lo\xac^be\xaf\xb3\xb0\x05+P0k-U\xe0\xd2B6\xab`\xa2\xad\x8e\xa7\x82\x85\xbc\x82\x86Ydpu\xbf\xe6\xa7\x84\xcd\x01qt\xb0\x81h+\xab\x84.dA\xc0\xa8\xcbs\xf0\x9b\xea\x84\x90s\xa4\x9c\xd3\x17\x8f\x9b\x99\x84S\xba\xc2\x82Q\xb3~\xac\xa8\xdcy\xc4\xb8\x83v\x0ck\x17\xa2\x04\xc8\xd2\xdd\xb4\x1c\xeb\xf8\x02\xb3\x96\r\xad\xdb\xabDH\x8e|\xb2\x84o2f\xa6\x81.MN4\xf3\x95\x03\xa7\xf8\x15\xe8U\x1f\xbb\b\xb9{\x816_'\x9a\xa6\x80\xa8o=\x8e\xa4\xe6\x18\xfdr\x9b\x0f!\xb3\xe3W\x16A[\xbeZp\x87\x8d\xc9\x8b7@\xe0\nbh\xcbve\x1b\xdc\xbc,?\xa3\xbe\x00R\x890Z!Y\xd8\x9d\xda\xcc}s\xcb\x89/-\x8a\xd4\x9a\x89\x0b\xcb\xa4\xd9\"\x1d\xc7\xb1\x96l\x1fq\xe9\x8c\x1a\xa8\xcb\xb3\xd0\xfaSf\xc0C\x85\x9cs$Y(`\x19c\x18\xc3]a\xc3\x9bb\xadg\xd9\xc7\xa5\x8e\x9b\x92\xe6\x16\xba\xf6\x84\x10\xce\xb5\xb3\x96yD\x16T7\xc3\x13\x16\x00LK\x18zYP\xed\x9b\x18\xb3\xd9\xabj\xa1\xb5T\x8a7\x1bY\xe7\b\x90\xb2\x1d\x01\x91\xc1\xd4\x9f\xf5C\xa2\xf5\x06\xa3\x14\xc1\x8cE\x11\xd5\x95\x81\xbb0\x0f\xbfy\xee\x7f-Q\xa5\x83\xf10\x8fk6\xcd\x9fm\x9cc\bYXv8dh\xcb\xce\xa8\x83<|\xbb\xfa)\xbeF\x9f6h\xe9\xb8d\x9e\xd54\xbf\xda\xa9-\x1c\xd1s\xb6p^\x86\x95\x86C\xd8\xe2\xeak\x89\x9b{\xc0\xb1\x17`\x9a\xd9\x1f\xbe\xde\x0f [|Cn\xf0\xdc>\xf5,\x9a6R\xf5p\xf4\x966*\xc5\x02P\xfc\xa9\nS\xb6\x0b\xad\xff\xfb\x03\xb5\xd4\xc2\x1d\xc7S\xe6L\xab\b\x13\xa0m\xdcF5\x89\xc9c%$CYao\xe3\xf6\xd8UZ\x18\x1b\x8eM.\x83\xcfY\xa9\x9e\x13\xac1\x11\xf7\x87^Uk\xd1^v\x82<\xb7a\xf5K\x8f\x80iu|\xfa\x11\xc10\n\xa1'\bT8\xa5\x12\x91\x99\x8bR3\xd7\xb7\xccj\x17\xccHE\x87%\xd7\x93\x96\x16\xaa\xf6T5ge\x15\x13\xcc\xb3\xa5\xf2]\x023\x154\x87\x93z(\xb2\xb3D\xc0C\xc2\x1c\xda\xb3\x16D=0\x9f\xdf\x1f\x0f\xfbG#o\x0c\xe0}\xd8\x05\xde\xd1\xb0\x0f{\x83\xc3\xd1x0\x1e\x0cGp\xe0\x8d\x8e\xe6p8\xf7=\xef\xc8\xef\xa3\xd1\xc8\x1b\r\xfa\xfd\xf1!\x82\xf7\xef\xb7\xe5\xca\xae\x95\x94)\xec'y\xd5\xddaj=\x15\bb\x8ew\xf6\\\xa4b\xdc\xc5\x01\xd7\x89\x8c\xd1\x82vb\x8d\xb0\x8b\xb4\xe7\xe9J\xce\xa5\xd2\xc5|\xaf\xa0\xfbsw\x9f\xe0T\xcb\x8c\xb6\xb3\x87mm\xf0^r \x04[[}\xf8XH\xb5{\x06\x81|\xdf\x82\x11\xb0\a5\xdd\xd3\x9e^\xf9\xd8C}\xaf\x9bj'=\xff.%\xc4\x14\xb6\xf5j\xd32\x02F\xdd$V\x99\x0f0M\xa7\xd1\xa7\x19\xd4\xcd\xc9\x9c~\xb7?lu\x0f[\xfd\xde\xac;\x9e\xf4F\x93\xd1\xb8\xdd\x1b\x8c[\xdd\xd1\xa4\xdb\xb5\x9b\xde\x16=\xf7j\x8e\x86\xa9.\x8a>&\xf0\\\xa0\xf6\xb4>n\xf5G\xb3\xdep2\xeaOF\x83\xf6\xf8\xf0pO\xeb!\xf7\x8a\x1b8l\xf5\x06\xb3\xee\xa1\xa1\xd7\xed\xb5\x8f\xc6\xbd=\rp\xed\xd2k&<w\tdr\x8c2\xa1!!\xf9\xc7\xf2jk1\xfb\xd8H&\x82v\xef\x83\x95\x96\xb8\xa2\xa0M\x0f\xf9\xd1:%\xabb\xb6S\xb3\a\x98\n\xb3\xbd \xc2\xd6q(Vq6\xe3\x1c.\xa2f_,m*\x9bV\x14\x0e\xd0'F\xf7\x0c\xc8C\x12\n\xcc\xb7\x11\x92\xf4b\xb5\xeeaY\xd4r:\x8f\xbb-\xefu}\xc7\xf2\xec\xcbL8\xba\x9e`\xdcc\xebR)\xfd\xff\xc2\xee?\xb2\xb0K\xab\xd56\x8d\xeb|0\xdfd<-\xedt.\x00\xb5\x89%g\x13V\xaf\x821;\x99t\xecDl\xaf\x92\xf2\x85!}\xbc7'`b\xe2\xc3\xcd7\xf16_B\x06W\xf1\xa8\x88=MT\xaf-u7\x02\x90\xd6\x05\xb4x-\x05\xf2m\xdaW\xddt\x06-\xcbN\xeb\x11\x82`fi\x1c\xff\xa5\xf3Q\xc1\xa0\xf4\x93\xeb\xc6\xb3g9\xb6;\xa6^\xe1\x98\xa6\xd3\xf4\xf4\xb3p(V\x0f\x9d^\xcb\x98\x14\x8c\x02\x9bOs\xa8.6\xfb;r\x92\xcf;'\x8e9,2[KJKu;\x05\xa4-@F\xd2\xff\x87HZ\xf8\xa9\x1b\xfd\xd8\xbe\xac\x1d\x1e\x18\xcf\xb7\xe7\xee\xf53[\x1b\xa6\xf7\xb5\x93\xbe\x02\x8b\x94\xd8\xa8\xbbM\xb0\x9a\xc8\xe6M\xf0\x92\x9a\x13\xf4\x13=6\x95\x82\xb2\xc1\xa7g\xdc\x16\xca\xd6S\t|d\xbe\x9dJ\x1eeJ\xb9\xce\xcd\x9c\x80\xcd\x93\x0f\x1e\xd53\x90\xf9\xc4p\x0f\xe8\x05ZG\x80\x0c\xcf\xa8\x93t\xc0+\x1dg\xf9B0h\xf7\xec\xc2\xea1\xf8:\x17\xbff\xbfSN:\xe9\x89`[J\n[\x90\t\xde\x86\x84\x85^\x87`z!;\xfaI\b\xec7\xf2\xed\xaa\xad\xbcp\xb2J\x95\xdc\xeb\x00\xfa\r\xe6\x16-\xc9\xec\xa6\xb6\x8a\x81\xed\xdby\xfb\xee\xf2\xe0\xd1\x83N\xc1\x7f\r=\xfa\xf1\xce\xe4\xce\xe9\xec_r\an\x89:\r@versionI\"\x00\x06:\x06EF:\x10@created_atf\x171724238956.3441043:\x10@expires_in0:\x10@compressedT"
1724238956.917437 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5"
1724238956.918967 [0 10.222.206.152:34402] "get" "foreman:notification-5"
1724238956.945469 [0 10.222.206.158:34962] "del" "foreman:views/tabs_and_title_records-5"
1724238956.957420 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5"
1724238956.981609 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5"
1724238957.040475 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5"
1724238957.042954 [0 10.222.206.158:34962] "del" "foreman:views/tabs_and_title_records-5"
1724238957.050869 [0 10.222.206.152:39018] "del" "foreman:views/tabs_and_title_records-5"
1724238957.099073 [0 10.222.206.158:34962] "del" "foreman:views/tabs_and_title_records-5"
1724238957.112681 [0 10.222.206.152:39018] "del" "foreman:views/tabs_and_title_records-5"
1724238957.119118 [0 10.222.206.158:34962] "del" "foreman:views/tabs_and_title_records-5"
1724238957.125383 [0 10.222.206.152:34402] "del" "foreman:views/tabs_and_title_records-5
And here is a failed login on .158:
1724238969.936165 [0 10.222.206.152:39018] "get" "foreman:failed_login_10.222.218.3"
1724238969.944990 [0 10.222.206.152:39018] "get" "foreman:webpack_foreman_vendor_js"
1724238976.235933 [0 10.222.206.158:34962] "get" "foreman:failed_login_10.222.218.3"
1724238976.328621 [0 10.222.206.158:34962] "get" "foreman:webpack_foreman_vendor_js"
1724239085.106217 [0 10.222.206.152:43816] "get" "foreman:failed_login_10.222.218.3"
It would appear that ldap only works from one server. How can we resolve this?
Updated by Jeff S about 2 months ago
https://community.theforeman.org/t/ldap-support-with-load-balanced-foremans/39135/4
Here is the one that works:
irb(main):002:0> source_now = AuthSourceLdap.find_by_id(4)
=>
#<AuthSourceLdap:0x00007882313d7d00
...
irb(main):003:0> conn = source_now.ldap_con
=>
#<LdapFluff:0x0000788231283878
...
And the one that fails:
irb(main):001:0> source_now = AuthSourceLdap.find_by_id(4)
=>
#<AuthSourceLdap:0x00007e86cd352668
...
irb(main):002:0> conn = source_now.ldap_con
At least one field decryption failed, check ENCRYPTION_KEY
=>
#<LdapFluff:0x00007e86cd5b9000
...
Updated by Jeff S about 2 months ago
I changed the encryption key to match that of the originally installed foreman server, and now it seems the issue is gone. Ill keep spot checking over the next couple days.
There should probably be some documentation around this, as I see many threads with the same issue/question.
Updated by Ewoud Kohl van Wijngaarden about 2 months ago
I can confirm that you must have the same encryption key on all servers.