I've just updated/upgraded from 2.1 -> 2.2 RC3 without any errors during
upgrade.
After the upgrade, logging in via hammer or the web GUI results in a ~55
second delay before it succeeds. Prior to upgrade, the login was almost
instant for all users - AD and non-AD.
I'm not sure where to look, so I started with any log file modified during
my login process in /var/log
Here is /var/log/foreman/production.log
2015-04-27 12:54:18 [I] Processing by UsersController#login as HTML
2015-04-27 12:54:18 [I] Parameters: {"utf8"=>"✓",
"authenticity_token"=>"<NO>", "login"=>{"login"=>"<myUser>",
"password"=>"[FILTERED]"}, "commit"=>"Login"}
2015-04-27 12:54:19 [I] Expire fragment views/tabs_and_title_records-4
(0.4ms)
2015-04-27 12:55:12 [I] Expire fragment views/tabs_and_title_records-4
(0.1ms)
2015-04-27 12:55:12 [I] Expire fragment views/tabs_and_title_records-4
(0.1ms)
2015-04-27 12:55:12 [I] Redirected to https://foreman.myorg.org/hosts
2015-04-27 12:55:12 [I] Completed 302 Found in 53947ms (ActiveRecord:
15.5ms)
<snip>
2015-04-27 12:55:12 [I] Completed 200 OK in 249ms (Views: 227.3ms |
ActiveRecord: 4.6ms)
and here is /var/log/ :
<maskedip> - - [27/Apr/2015:12:54:12 -0500] "GET /users/login HTTP/1.1" 200
1320 "https://foreman.myOrg.org/auth_source_ldaps" "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0"
<maskedip> - - [27/Apr/2015:12:54:18 -0500] "POST /users/login HTTP/1.1"
302 98 "https://foreman.myOrg.org/users/login" "Mozilla/5.0 (Macintosh;
Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0"
<maskedip> - - [27/Apr/2015:12:55:12 -0500] "GET /hosts HTTP/1.1" 200 5823
"https://foreman.myOrg.org/users/login" "Mozilla/5.0 (Macintosh; Intel Mac
OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0"
Nothing appears to have changed in the LDAP Authentication area. I'd be
glad to enable any debug and post results to get this resolved.
If you have suggestions, please let me know where I should start.
Our current setup involves AD and non-SSL (I know) authentication for
testing. I will be moving to SSL auth before production and I will attempt
to test that and report if there are differences, but lets assume it is the
same for now.
I switched to LDAPS with the same results. I reverted to a previous
snapshot running 2.1 - LDAP login is fast (1-2 seconds).
>
> I've just updated/upgraded from 2.1 -> 2.2 RC3 without any errors during
> upgrade.
>
> After the upgrade, logging in via hammer or the web GUI results in a ~55
> second delay before it succeeds. Prior to upgrade, the login was almost
> instant for all users - AD and non-AD.
>
> I'm not sure where to look, so I started with any log file modified during
> my login process in /var/log
>
> Here is /var/log/foreman/production.log
>
> 2015-04-27 12:54:18 [I] Processing by UsersController#login as HTML
> 2015-04-27 12:54:18 [I] Parameters: {"utf8"=>"✓",
> "authenticity_token"=>"<NO>", "login"=>{"login"=>"<myUser>",
> "password"=>"[FILTERED]"}, "commit"=>"Login"}
> 2015-04-27 12:54:19 [I] Expire fragment views/tabs_and_title_records-4
> (0.4ms)
> 2015-04-27 12:55:12 [I] Expire fragment views/tabs_and_title_records-4
> (0.1ms)
> 2015-04-27 12:55:12 [I] Expire fragment views/tabs_and_title_records-4
> (0.1ms)
> 2015-04-27 12:55:12 [I] Redirected to https://foreman.myorg.org/hosts
> 2015-04-27 12:55:12 [I] Completed 302 Found in 53947ms (ActiveRecord:
> 15.5ms)
> <snip>
> 2015-04-27 12:55:12 [I] Completed 200 OK in 249ms (Views: 227.3ms |
> ActiveRecord: 4.6ms)
>
>
> and here is /var/log/ :
>
> <maskedip> - - [27/Apr/2015:12:54:12 -0500] "GET /users/login HTTP/1.1" 200
> 1320 "https://foreman.myOrg.org/auth_source_ldaps" "Mozilla/5.0 (Macintosh;
> Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0"
> <maskedip> - - [27/Apr/2015:12:54:18 -0500] "POST /users/login HTTP/1.1"
> 302 98 "https://foreman.myOrg.org/users/login" "Mozilla/5.0 (Macintosh;
> Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0"
> <maskedip> - - [27/Apr/2015:12:55:12 -0500] "GET /hosts HTTP/1.1" 200 5823
> "https://foreman.myOrg.org/users/login" "Mozilla/5.0 (Macintosh; Intel Mac
> OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0"
>
>
> Nothing appears to have changed in the LDAP Authentication area. I'd be
> glad to enable any debug and post results to get this resolved.
>
> If you have suggestions, please let me know where I should start.
Does your snapshot of 2.1 contain external user groups? Nothing in
Katello has to do with LDAP connections, and I don't recall any changes
on Foreman 1.8 either.
My only guess as of now is that Foreman might be checking if you're in
some LDAP groups on login. Check if your user groups are linked to
external (LDAP) user groups on 2.2 and not on 2.1.
>
> Our current setup involves AD and non-SSL (I know) authentication for
> testing. I will be moving to SSL auth before production and I will attempt
> to test that and report if there are differences, but lets assume it is the
> same for now.
Thanks for taking the time to report!
···
On 04/27, Eric du Toit wrote:
>
>
>
>
>
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "Foreman users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscribe@googlegroups.com.
> To post to this group, send email to foreman-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/foreman-users.
> For more options, visit https://groups.google.com/d/optout.
–
Daniel Lobato Garcia
@eLobatoss
blog.daniellobato.me
daniellobato.me
GPG: http://keys.gnupg.net/pks/lookup?op=get&search=0x7A92D6DD38D6DE30
Keybase: https://keybase.io/elobato
Your reply was right on - I did not have my groups base DN set and AD is
very large. Adding the correct groups DN worked.
···
On Tuesday, April 28, 2015 at 4:16:12 AM UTC-5, Daniel Lobato wrote:
>
>
> My only guess as of now is that Foreman might be checking if you're in
> some LDAP groups on login. Check if your user groups are linked to
> external (LDAP) user groups on 2.2 and not on 2.1.
>
>
