Project

General

Profile

Actions
Copy link

Bug #8653

closed

External user groups not associated when user automatically created

Added by Daniel Gagnon almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
1.7.0
Red Hat JIRA:

Description

From the Doc: http://theforeman.org/manuals/1.7/index.html#4.1.1LDAPAuthentication

This situation can be quickly fixed by manually running foreman-rake ldap:external_usergroups or by refreshing the external user groups in the UI. Otherwise, the problem will eventually get fixed when the cronjob runs again.

Output:

[root@geo-cm01 ~]# foreman-rake ldap:external_usergroups --trace
rake aborted!
Don't know how to build task 'ldap:external_usergroups'
/opt/rh/ruby193/root/usr/share/ruby/rake/task_manager.rb:49:in `[]'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:115:in `invoke_task'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:94:in `block (2 levels) in top_level'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:94:in `each'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:94:in `block in top_level'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:133:in `standard_exception_handling'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:88:in `top_level'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:66:in `block in run'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:133:in `standard_exception_handling'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:63:in `run'
/opt/rh/ruby193/root/usr/bin/rake:32:in `<main>'

[root@geo-cm01 ~]# foreman-debug

HOSTNAME: geo-cm01.seedbox.com
       OS: redhat
  RELEASE: CentOS release 6.6 (Final)
  FOREMAN: 1.7.0
     RUBY: ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]
   PUPPET: 3.7.3
  DENIALS: 0

Related issues 1 (0 open1 closed)

Related to Foreman - Bug #7369: External user groups should be updated on loginClosedDaniel Lobato Garcia09/05/2014Actions
Actions
Copy link
 #1

Updated by Daniel Gagnon almost 10 years ago

foreman-rake ldap:refresh_usergroups works properly however.

Actions
Copy link
 #2

Updated by Daniel Gagnon almost 10 years ago

I think this is a type in the doc and it should be "ldap:refresh_usergroups"

Also, the doc says: http://theforeman.org/manuals/1.7/index.html#4.1.1LDAPAuthentication

When a user logs in for the first time (assuming on the fly account creation), the ldap:refresh_usergroups cronjob runs (every 30 minutes by default) or the Refresh button is pressed next to the external user group entry, Foreman will synchronize the group membership from LDAP.

However, the refresh is not done when a new user logs in the first time, resulting in a 403. Running the cronjob manually provides the right group to the user.

Actions
Copy link
 #3

Updated by Dominic Cleal almost 10 years ago

  • Related to Bug #7369: External user groups should be updated on login added
Actions
Copy link
 #4

Updated by Dominic Cleal almost 10 years ago

Thanks, I've fixed the rake task typo (https://github.com/theforeman/theforeman.org/commit/9ea1df93bf8aa7483758d98416c825dc1f706dff).

Can you confirm if you created the user account yourself or you had on-the-fly account creation enabled and Foreman created the user? The refresh of groups only happens in the latter case (#7369 will do it on all logins in future).

Actions
Copy link
 #5

Updated by Dominic Cleal almost 10 years ago

  • Status changed from New to Feedback
Actions
Copy link
 #6

Updated by Daniel Gagnon almost 10 years ago

I can confirm I have on-the-fly creation of users enabled. The rake task takes quite a while to run ( upward of a minute ). I will run some more tests and confirm.

Actions
Copy link
 #7

Updated by Daniel Gagnon almost 10 years ago

I can confirm the refresh is not triggered by login in the first time ( let me know if you want the log ). I waited a few minutes to be sure the task has time to run even if it didnt show in the log. Running the rake task allows the user to login and get the interface. Should-I re-open Bug #7369 ?

Actions
Copy link
 #8

Updated by Dominic Cleal almost 10 years ago

  • Subject changed from foreman-rake ldap:external_usergroups referenced by the documentation does not exist to External user groups not associated when user automatically created
  • Status changed from Feedback to New

Daniel Gagnon wrote:

I can confirm the refresh is not triggered by login in the first time ( let me know if you want the log ). I waited a few minutes to be sure the task has time to run even if it didnt show in the log. Running the rake task allows the user to login and get the interface. Should-I re-open Bug #7369 ?

Please don't re-open it.. were you testing on nightlies for 1.8, or still on 1.7.0? (That feature is only implemented in 1.8, so you won't see it on 1.7.0).

A full refresh won't occur on login for the first time, but what should happen is that when Foreman creates the user on their first login, it should associate usergroups. I'll re-open this bug if it's not working properly, but it wouldn't surprise me if the new 1.8 feature will fix it in the process.

Actions
Copy link
 #9

Updated by Daniel Gagnon almost 10 years ago

that was indeed by error. The 1.7 doc says it should occur on login. I am on stable 1.7.1 so I expected the feature to be present.
thanks for the info.
You can keep closed then !

Actions
Copy link
 #10

Updated by Anonymous almost 10 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF