Bug #12607
closed
Unable to add users to user groups
Description
Hello!
I was trying my LDAP authentication and it works. Then I created an external LDAP group and foreman recognises it with no issues. But after that, users are not being added to the specified user group. Afterwards tried adding users manually to the group and this does not work, the user group remains empty after clicking submit.
Any ideas about this issue?
Files
Updated by Dominic Cleal over 8 years ago
- Status changed from New to Need more information
Can you provide production.log with debugging enabled for the time when you're editing the user group and saving it with the user?
Set the logging level and loggers block in /etc/foreman/settings.yaml as per http://theforeman.org/manuals/1.10/index.html#7.2Debugging
Updated by Miguel Esteva over 8 years ago
- File production.log production.log added
Sure this is the log when I refreshed the external groups and when I added the users manually to the group.
Many thanks
Updated by Dominic Cleal over 8 years ago
It looks like it's working properly from what I can see. I remember now why you won't be able to add members manually to the user group, because it's linked to the external one it'll get refreshed after saving it.
It does look like it's found the group successfully:
2015-11-27 09:17:12 [ldap] [D] op search (7.1ms) [ filter=, base= ]
2015-11-27 09:17:12 [ldap] [D] op search (11.0ms) [ filter=(cn=grp_its_unix_adm), base=ou=groups,ou=unallocated,ou=MYCOMPANY,dc=MYCOMPANY,dc=edu,dc=au ]
2015-11-27 09:17:12 [ldap] [D] op search (147.4ms) [ filter=(cn=grp_its_unix_adm), base=ou=groups,ou=unallocated,ou=MYCOMPANY,dc=MYCOMPANY,dc=edu,dc=au ]
2015-11-27 09:17:12 [ldap] [D] op search (8.7ms) [ filter=(|(|(objectClass=posixGroup)(objectClass=organizationalunit))(objectClass=groupOfUniqueNames)), base=CN=grp_its_unix_adm,OU=Groups,OU=Unallocated,OU=MYCOMPANY,DC=MYCOMPANY,DC=edu,DC=au ]
2015-11-27 09:17:12 [ldap] [D] user_list (175.2ms) [ group=grp_its_unix_adm ]
It will iterate over member, ismemberof, memberof, memberuid and uniquemember attributes of the group so do check from an ldapsearch that it has some of those?
Also check that the login names in Foreman match the member names in LDAP. If it has those attributes, enabling the "sql" logger might also shed some further light as we ought to see queries in the users table.
Updated by Miguel Esteva over 8 years ago
Will keep trying to get as much information as possible. Additionally, is there any particular reason why users are not added when they log in with ldap (on-the-fly user creation enabled)?
Updated by Miguel Esteva over 8 years ago
I have created a fresh install of Katello in a new virtual for testing. Now I have encountered this after setting up the same ldap config: the only user I can see is the default admin. I log in with my ldap credentials and it works fine. When I go to the users section when logged in as admin, no users are created. But when I try to create an internal user manually with the same ldap username, I get a message saying the user already exists (even when it is not listed). Are users are not being displayed? Could this be a database access issue?
Updated by Dominic Cleal over 8 years ago
Perhaps due to orgs/locs, try changing context from the top-left hand menu.
Updated by Anonymous about 7 years ago
- Status changed from Need more information to Resolved
no reaction, closing