It did work one time for my Active Directory user after I added administrator role. I have added a group and linked it to an Active Directory group. So when a member of the group logs in for the first time they are added to Foreman's user tab, their properties are imported into Foreman (email,given Name, and Surname) and then the user gets a 500 internal error page or the error below.
Error:
Oops, we're sorry but something went wrong stack level too deep
What I see in the /var/logs/foreman/production
2016-06-17T11:23:21 [app] [I] Processing by UsersController#login as HTML
2016-06-17T11:23:21 [app] [I] Parameters: {"utf8"=>"✓",
"authenticity_token"=>"fiABRLssMi1dKw5/fICxWOeirxgh42CX/eM+wUfvF+4=",
"login"=>{"login"=>"myUser", "password"=>"[FILTERED]"}, "commit"=>"Login"}
2016-06-17T11:23:26 [app] [I] Expire fragment
views/tabs_and_title_records-4 (0.1ms)
2016-06-17T11:23:31 [app] [W] Action failed
- | SystemStackError: stack level too deep*
- |
/usr/share/foreman/vendor/ruby/2.0.0/gems/activesupport-4.1.14.2/lib/active_support/notifications/instrumenter.rb:23*
2016-06-17T11:23:31 [app] [I] Rendered common/500.html.erb within
layouts/application (1.9ms)
2016-06-17T11:23:31 [app] [I] Rendered
layouts/_application_content.html.erb (0.7ms)
2016-06-17T11:23:31 [app] [I] Rendered layouts/base.html.erb (0.9ms)
2016-06-17T11:23:31 [app] [I] Completed 500 Internal Server Error in
9648ms (Views: 6.1ms | ActiveRecord: 11.0ms)
This looks like Bug #13608: LDAP Authentication failure: stack level too deep - Foreman and is
caused by a loop in the user's AD groups.
I merged a fix this morning which should resolve it, and this will be
included in 1.12.0-RC2 and probably also 1.11.3 (Debian/Ubuntu only).
RC2 should be out in the next day or two, and .3 also this week I hope.
···
On 17/06/16 17:39, Braven36 wrote:
> It did work one time for my Active Directory user after I added
> administrator role. I have added a group and linked it to an Active
> Directory group. So when a member of the group logs in for the first
> time they are added to Foreman's user tab, their properties are imported
> into Foreman (email,given Name, and Surname) and then the user gets a
> 500 internal error page or the error below.
>
> *
> *
> *
> *
> *Error:*
>
> Oops, we're sorry but something went wrong stack level too deep
>
>
>
> What I see in the /var/logs/foreman/production
>
> /2016-06-17T11:23:21 [app] [I] Processing by UsersController#login as HTML/
> /2016-06-17T11:23:21 [app] [I] Parameters: {"utf8"=>"✓",
> "authenticity_token"=>"fiABRLssMi1dKw5/fICxWOeirxgh42CX/eM+wUfvF+4=",
> "login"=>{"login"=>"myUser", "password"=>"[FILTERED]"}, "commit"=>"Login"}/
> /2016-06-17T11:23:26 [app] [I] Expire fragment
> views/tabs_and_title_records-4 (0.1ms)/
> /2016-06-17T11:23:31 [app] [W] Action failed/
> / | SystemStackError: stack level too deep/
> / |
> /usr/share/foreman/vendor/ruby/2.0.0/gems/activesupport-4.1.14.2/lib/active_support/notifications/instrumenter.rb:23/
–
Dominic Cleal
dominic@cleal.org
Thank you. I will look for it.
Ran into this around the time the bug was reported.
The workaround I put in was to disable fetching groups when a user logs in.
I added a every 5 minute cronjob for LDAP group sync, so the way it works
is:
- A new user User1 logs in
- Cronjob runs within 5 minutes of 1) and updates group memberships for
User1
- User1 logs in again after 5 minutes and has group based access this time
This works because fetching members of a group works fine. But fetching all
groups for a user fails if just one group has a circular memberOf(?)
relationship.
Solves the problem in environments where you don't have a guarantee that
circular memberships won't happen - I can dig up more details if you need.
The fix will be very welcome of course!
···
On Tuesday, June 21, 2016 at 11:14:02 PM UTC+10, Braven36 wrote:
>
> Thank you. I will look for it.
>
