LDAP authentication not working after Satellite 6.1.x upgrade

Solution Unverified - Updated

Environment

Red Hat Satellite or Proxy

6.1

Issue

  • Satellite 6.1.1 upgraded to 6.1.6
# Yum update
# Katello-installer --upgrade
  • Local user able to login
  • Ldap user authentication stuck in the login page and does not give any error

Resolution

Disable user 'group sync' option from GUI:

  • Login to GUI using local Admin user
  • Go to Administrator > Ldap authentication > Account
  • Unchecked the box for 'Usergroup sync '
  • Submit

Please note that , External user groups will be synced periodic cronjob to check group membership

For more KB articles/solutions related to Red Hat Satellite 6.x Authentication Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Authentication Issues

Root Cause

Still in investigation.

Diagnostic Steps

  • Katello-service status shows everything up and running
  • hammer ping shows all "OK"
  • Enabled the debug log for foreman: 
- Modify the /usr/share/foreman/config/environments/production.rb file and ensure the following line exists:
           config.log_level = :debug

- Restart katello-service:
           # katello-service restart
  • Production log shows that the ldap user has been authenticated without error. 
# vi /var/log/foreman/production.log 

016-02-13 17:23:16 [I] Processing by UsersController#login as HTML
2016-02-13 17:23:16 [I]   Parameters: {"utf8"=>"✓", "authenticity_token"=>"s/oguS+Me346Y0U7oJZAnQZKvsdk6ffDw9C7V2glBKQ=", "login"=>{"login"=>"ladpUser", "password"=>"[FILTERED]"}, "commit"=>"Login"}
2016-02-13 17:23:16 [D]   User Load (0.7ms)  SELECT "users".* FROM "users" WHERE "users"."lower_login" = 'ladpUser' LIMIT 1
2016-02-13 17:23:16 [D]   AuthSource Load (0.9ms)  SELECT "auth_sources".* FROM "auth_sources" WHERE "auth_sources"."id" = 4 LIMIT 1
2016-02-13 17:23:16 [D] LDAP-Auth with User ladpUser
2016-02-13 17:23:16 [D] Retrieved LDAP Attributes for ladpUser: {:firstname=>"Ramesh", :lastname=>"Nadupalli", :mail=>"ladpUser@VERIFONE.com", :login=>"ladpUser", :dn=>"CN=Ramesh Nadupalli,OU=Users,OU=ATL,OU=NA,DC=verifone,DC=com"}
2016-02-13 17:23:16 [D] Authenticated user Ldap User against LDAP-INTLDAP authentication source
2016-02-13 17:23:16 [D]   User Load (0.7ms)  SELECT "users".* FROM "users" WHERE "users"."lower_login" = 'foreman_admin' LIMIT 1
2016-02-13 17:23:16 [D] Setting current user thread-local variable to Anonymous Admin
2016-02-13 17:23:16 [D] Updating user ladpUser attributes from auth source: [:firstname, :lastname, :mail, :login, :dn]
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.