AD authentication issues

I was using foreman 1.0.2 and thought I had AD auth working. Then a
co-worker tried and it wasn't working for him. He would get the following
error:

Authenticating '[FILTERED_LOGIN]' against 'AD'
LDAP-Auth with User login
DN found for [FILTERED_LOGIN]: [FILTERED_DN]
Authentication successful for '[FILTERED_LOGIN]'
Authentication successful for '[FILTERED_LOGIN]'
Error during authentication: Symbol as array index
invalid user
Setting current user thread-local variable to nil
Redirected to https://[FQDN]/users/login
Completed 302 Found in 617ms

We suspect that his user contains AD attributes that my user doesn't (he's
been around a lot longer then I have) and that something associated with
him causes him to run into this bug where-as for me everything is working
fine.

So then we tried AD auth with 1.1RC3. It didn't work for both of us. It
seems a lot of the code in app/models/auth_source_ldap.rb has changed. The
issue we seemed to be running into is our DN was not able to be found. On
line:

# extract required attributes
attrs = required_attributes_values(entry)

The value assigned to attrs is just an empty hash for both of us. So
logins that used to work for at least my username in 1.0.2 no longer work
in 1.1RC3

If there is more information that could help with this, let me know. At
the same time, I'm not sure how much information I'd be allowed to provide
to help TS this. But I did want to make some people aware of it.

Thanks!
Jake

> I was using foreman 1.0.2 and thought I had AD auth working. Then a
> co-worker tried and it wasn't working for him. He would get the following
> error:
>
> Authenticating '[FILTERED_LOGIN]' against 'AD'
> LDAP-Auth with User login
> DN found for [FILTERED_LOGIN]: [FILTERED_DN]
> Authentication successful for '[FILTERED_LOGIN]'
> Authentication successful for '[FILTERED_LOGIN]'
> Error during authentication: Symbol as array index
> invalid user
> Setting current user thread-local variable to nil
> Redirected to https://[FQDN]/users/login
> Completed 302 Found in 617ms
>
> We suspect that his user contains AD attributes that my user doesn't (he's
> been around a lot longer then I have) and that something associated with
> him causes him to run into this bug where-as for me everything is working
> fine.
>
> So then we tried AD auth with 1.1RC3. It didn't work for both of us. It
> seems a lot of the code in app/models/auth_source_ldap.rb has changed. The
> issue we seemed to be running into is our DN was not able to be found. On
> line:
>
> # extract required attributes
> attrs = required_attributes_values(entry)
>
> The value assigned to attrs is just an empty hash for both of us. So
> logins that used to work for at least my username in 1.0.2 no longer work
> in 1.1RC3
>
I think we just got this one fixed (after RC4) - see
http://theforeman.org/issues/2098

Ohad

Thanks for the heads up, I'll check it out.

Regards.
Jake

Just for the records, I saw a problem with AD in my environment after
upgrading to Foreman 1.1 RC something with users that are not able to login
after the upgrade anymore. For whatever reason, only the admin user has the
field "authorized by" set to internal, the rest of the users had simply a
blank field. After assigning all remaining user to the AD resource, the
authentication worked again.

Rgards, Thomas