[Bug 659896] New: LDAP user's group details are not in sync with LDAP server
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c0 Summary: LDAP user's group details are not in sync with LDAP server Classification: Internal Novell Products Product: openSUSE Build Service Version: master Platform: 64bit OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: api AssignedTo: adrian@novell.com ReportedBy: ext-senthil.muthukalai@nokia.com QAContact: adrian@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.3) Gecko/20100423 Ubuntu/10.04 (lucid) Firefox/3.6.3 LDAP user's group details at OBS API, are not in sync with the user's group details in LDAP server. Reproducible: Always Steps to Reproduce: 1. Create an LDAP user ldapu1 under an LDAP group ldapg1. 2. Set LDAP_MODE and LDAP_GROUP_SUPPORT on. 3. Login to OBS webui as ldapu1. 4. Check the details of ldapu1 in OBS API -> user management -> edit Actual Results: The group ldapg1 is not listed at all. It is listed only when the particular group is queried by adding them for a project. Though the group gets listed, the user ldapu1 is not shown to be under ldapg1, which is the actual detail in LDAP server. Expected Results: whenever an LDAP user is queried, the group details should also be pulled in to API. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c1 --- Comment #1 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-16 14:02:35 UTC --- However when a specific role is assigned to ldapg1, it is being inherited by ldapu1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c2 vivian zhang <vivian.zhang@intel.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #2 from vivian zhang <vivian.zhang@intel.com> 2010-12-16 15:15:20 UTC --- "The group ldapg1 is not listed at all. It is listed only when the particular group is queried by adding them for a project." It is the expected behavior, currently we only care about the groups that have been used by the projects, and after the group is added for the project, it will be added automatilly to OBS local database for later usage. Currenly, we didn't add LDAP support for OBS API UI, since it needs much time to search through the LDAP for all group_user info. And the operations like new group creating, add user to group should be implemented via LDAP. I will take a look at it to check whether we can do more enhancement. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c3 --- Comment #3 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-16 15:44:03 UTC --- Thanks Vivian. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c4 vivian zhang <vivian.zhang@intel.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #4 from vivian zhang <vivian.zhang@intel.com> 2010-12-21 15:06:11 UTC --- Fixed in http://gitorious.org/opensuse/build-service/commit/d6a572dbd15592ca59ebb461a.... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c5 senthil kumar <ext-senthil.muthukalai@nokia.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #5 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-22 17:10:51 UTC --- I am not able to add a group to a project - it says unknown group. 1. Create an LDAP user ldapu1 under an LDAP group ldapg1 2. Create a project prj1 as Admin 3. Login to OBS as ldapu1 4. Logout and login as Admin. 5. Edit the raw config of prj1 to include ldapg1 as maintainer. error saving package: unknown group I upgraded to Beta 2 recently. I applied the patch too but the issue is seen even before applying the patch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c6 --- Comment #6 from vivian zhang <vivian.zhang@intel.com> 2010-12-23 05:58:24 UTC --- Have you enabled LDAP_MODE & LDAP_UPDATE_SUPPORT, what exactly the error output: error saving package: unknown group "" on LDAP server? If you have enabled LDAP support, could you attach /srv/www/obs/api/log/production.log for more details? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c7 --- Comment #7 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-23 10:00:53 UTC --- I got it. In my ldap server, i have ldapg1 as the default group for ldapu1. and was getting that error on webui whenever i try to refer ldapg1. If i explicitly place ldapu1 under ldapg1, it works well. Kindly check if you can fix this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c8 --- Comment #8 from vivian zhang <vivian.zhang@intel.com> 2010-12-23 13:40:47 UTC --- Yes, currently I checked user group relationship with "memberof" attr in user or "member" attr in group. How do you set ldapg1 as the default group for ldapu1? If you can provide more details about the your LDAP define, it will help a lot. And it seems another new issue, does the issue in OBS API user edit form fixed? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c9 --- Comment #9 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-23 15:17:36 UTC --- Created an attachment (id=406168) --> (http://bugzilla.novell.com/attachment.cgi?id=406168) LDAP user setup LDAP user setup -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c10 --- Comment #10 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-23 15:18:06 UTC --- As far as the actual reported issue, the issue is partly fixed. The user is now listed under the specified group. But in group management, the group is shown to be empty. Pls find the attachment for your other questions. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c11 --- Comment #11 from vivian zhang <vivian.zhang@intel.com> 2010-12-24 05:25:52 UTC --- (In reply to comment #10)
As far as the actual reported issue, the issue is partly fixed. The user is now listed under the specified group. But in group management, the group is shown to be empty.
Pls find the attachment for your other questions.
Thanks for your reply, what tool are you using to edit LDAP user? I can't figure out what attr it used for default group. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c12 --- Comment #12 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-27 08:47:36 UTC --- I have configured my LDAP server with YAST2 on an opensuse machine. I use YAST2 to create LDAP users and groups too. Will raise a new bug for this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c13 --- Comment #13 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-27 08:58:21 UTC --- Raised bug# 661457 for the LDAP group not being able to be added to a project issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c14 --- Comment #14 from Jan-Simon Möller <jansimon.moeller@opensuse.org> 2010-12-29 09:31:53 UTC --- Is this one fixed then ? Please close/verify if so. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c15 --- Comment #15 from senthil kumar <ext-senthil.muthukalai@nokia.com> 2010-12-29 15:48:06 UTC --- No. I see the issue to be partially fixed. The observation on experiments after applying the fix - API -> User Management -> edit -> user is shown to be under the specified group. But if the user was under some other group previously and not any more, the old group is also still shown. - API -> role management -> Group Management -> edit -> The group does not contain the user. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=659896 https://bugzilla.novell.com/show_bug.cgi?id=659896#c16 --- Comment #16 from vivian zhang <vivian.zhang@intel.com> 2011-01-04 14:49:22 UTC --- More commits for fixings the issues you mentioned. http://gitorious.org/opensuse/build-service/commit/b8d3f416ac18d5563f87d5c29... http://gitorious.org/opensuse/build-service/commit/73b91e6f1dd4b7a8436ea4258... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com