Bug #8653
closed
External user groups not associated when user automatically created
Added by Daniel Gagnon about 10 years ago.
Updated about 10 years ago.
Description
From the Doc: http://theforeman.org/manuals/1.7/index.html#4.1.1LDAPAuthentication
This situation can be quickly fixed by manually running foreman-rake ldap:external_usergroups or by refreshing the external user groups in the UI. Otherwise, the problem will eventually get fixed when the cronjob runs again.
Output:
[root@geo-cm01 ~]# foreman-rake ldap:external_usergroups --trace
rake aborted!
Don't know how to build task 'ldap:external_usergroups'
/opt/rh/ruby193/root/usr/share/ruby/rake/task_manager.rb:49:in `[]'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:115:in `invoke_task'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:94:in `block (2 levels) in top_level'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:94:in `each'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:94:in `block in top_level'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:133:in `standard_exception_handling'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:88:in `top_level'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:66:in `block in run'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:133:in `standard_exception_handling'
/opt/rh/ruby193/root/usr/share/ruby/rake/application.rb:63:in `run'
/opt/rh/ruby193/root/usr/bin/rake:32:in `<main>'
[root@geo-cm01 ~]# foreman-debug
HOSTNAME: geo-cm01.seedbox.com
OS: redhat
RELEASE: CentOS release 6.6 (Final)
FOREMAN: 1.7.0
RUBY: ruby 1.8.7 (2013-06-27 patchlevel 374) [x86_64-linux]
PUPPET: 3.7.3
DENIALS: 0
foreman-rake ldap:refresh_usergroups works properly however.
I think this is a type in the doc and it should be "ldap:refresh_usergroups"
Also, the doc says: http://theforeman.org/manuals/1.7/index.html#4.1.1LDAPAuthentication
When a user logs in for the first time (assuming on the fly account creation), the ldap:refresh_usergroups cronjob runs (every 30 minutes by default) or the Refresh button is pressed next to the external user group entry, Foreman will synchronize the group membership from LDAP.
However, the refresh is not done when a new user logs in the first time, resulting in a 403. Running the cronjob manually provides the right group to the user.
- Related to Bug #7369: External user groups should be updated on login added
- Status changed from New to Feedback
I can confirm I have on-the-fly creation of users enabled. The rake task takes quite a while to run ( upward of a minute ). I will run some more tests and confirm.
I can confirm the refresh is not triggered by login in the first time ( let me know if you want the log ). I waited a few minutes to be sure the task has time to run even if it didnt show in the log. Running the rake task allows the user to login and get the interface. Should-I re-open Bug #7369 ?
- Subject changed from foreman-rake ldap:external_usergroups referenced by the documentation does not exist to External user groups not associated when user automatically created
- Status changed from Feedback to New
Daniel Gagnon wrote:
I can confirm the refresh is not triggered by login in the first time ( let me know if you want the log ). I waited a few minutes to be sure the task has time to run even if it didnt show in the log. Running the rake task allows the user to login and get the interface. Should-I re-open Bug #7369 ?
Please don't re-open it.. were you testing on nightlies for 1.8, or still on 1.7.0? (That feature is only implemented in 1.8, so you won't see it on 1.7.0).
A full refresh won't occur on login for the first time, but what should happen is that when Foreman creates the user on their first login, it should associate usergroups. I'll re-open this bug if it's not working properly, but it wouldn't surprise me if the new 1.8 feature will fix it in the process.
that was indeed by error. The 1.7 doc says it should occur on login. I am on stable 1.7.1 so I expected the feature to be present.
thanks for the info.
You can keep closed then !
- Status changed from New to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by Anonymous