Error on LDAP : Userid has already been taken


#1

Hello all,

I have an issue using sources, and connecting to ldap.

I installed the appliance, and linked it to your Windows AD, and it works fine.
When I download sources to make some developments, I use exactly the same settings, and when I try to log using AD, there is an error in the logs :

MIQ(ApiController.api_error) MiqException::MiqEVMLoginError: Validation failed: Userid has already been taken

I can see that the user is created in the “users” table, but he can’t use the GUI (the message on screen is API Authentication failed)

Can someone help me?


Edit : I don’t know hiw to delete a post, it was an error on my side, sorry…


#2

@Merrick28 thanks for the update and letting us know is resolved. Can you edit the subject line and add the prefix: [SOLVED]


#3

Sorry, but finally, the problem is still there.

I configured ManageIQ (sources) to connect to ldap, using this example : http://www.kernel-overload.com/manageiq-ldap-authentication/ until paragraph 4

When I try to log in using a wrong password, obviously, it won’t work.
In the logs, I see :

[----] I, [2016-03-25T13:50:42.577537 #31958:3fcf6bb5401c]  INFO -- : MIQ(MiqLdap#bind) Binding to LDAP: Host: [44.46.102.149], User: [xx\xxx]...
[----] W, [2016-03-25T13:50:42.590891 #31958:3fcf6bb5401c]  WARN -- : MIQ(MiqLdap#bind) Binding to LDAP: Host: [44.46.102.149], User: [xx\xxxx]... unsuccessful

When I log using the right username/password for the first time, there is an error message on the screen : Sorry, the username or password you entered is incorrect.
But… in the logs I have :

[----] I, [2016-03-25T13:52:09.808961 #31958:3fcf6af5142c]  INFO -- : MIQ(MiqLdap#bind) Binding to LDAP: Host: [44.46.102.149], User: [xx\xxxx]...
[----] I, [2016-03-25T13:52:09.812205 #31958:3fcf6af5142c]  INFO -- : MIQ(MiqLdap#bind) Binding to LDAP: Host: [44.46.102.149], User: [xx\xxxx]... successful
[----] I, [2016-03-25T13:52:09.817571 #31958:3fcf6af5142c]  INFO -- : <AuditSuccess> MIQ(Authenticator.authenticate) userid: [xxxxx] - User xx\xxxx successfully validated by LDAP
[----] I, [2016-03-25T13:52:09.823041 #31958:3fcf6af5142c]  INFO -- : MIQ(MiqLdap#initialize) Server Settings: {:basedn=>"MyDn", :bind_dn=>"my bind dn", :bind_pwd=>"********", :get_direct_groups=>false, :group_memberships_max_depth=>2, :ldaphost=>["myhost"], :ldapport=>"389", :mode=>"ldap", :user_suffix=>"", :user_type=>"samaccountname", :amazon_key=>nil, :amazon_secret=>"********", :ldap_role=>false, :amazon_role=>false, :httpd_role=>false, :user_proxies=>[{}], :follow_referrals=>false, :sso_enabled=>false, :domain_prefix=>"xx", :default_group_for_users=>"EvmGroup-user"}
[----] I, [2016-03-25T13:52:09.837614 #31958:3fcf6af5142c]  INFO -- : MiqLdap.connection: Resolved host [xxxxxxxxxxxxx] has these IP Address: ["xxxxxxxxxxxx"]
[----] I, [2016-03-25T13:52:09.837818 #31958:3fcf6af5142c]  INFO -- : MiqLdap.connection: Connecting to IP Address [xxxxxxxxxxx]
[----] I, [2016-03-25T13:52:09.839754 #31958:3fcf6af5142c]  INFO -- : options: {:host=>"xxxxxxxxxxxxx9", :port=>"389", :auth=>{:basedn=>"xxxxxxxxxxxxxx", :bind_dn=>"xxxxxxxxxxxxx", :bind_pwd=>"********", :get_direct_groups=>false, :group_memberships_max_depth=>2, :ldaphost=>["xxxxxxxxxxxxxx"], :ldapport=>"389", :mode=>"ldap", :user_suffix=>"", :user_type=>"samaccountname", :amazon_key=>nil, :amazon_secret=>"********", :ldap_role=>false, :amazon_role=>false, :httpd_role=>false, :user_proxies=>[{}], :follow_referrals=>false, :sso_enabled=>false, :domain_prefix=>"eu", :default_group_for_users=>"EvmGroup-user"}}  
[ ... ]
[----] I, [2016-03-25T13:52:09.842617 #31958:3fcf6af5142c]  INFO -- : MIQ(MiqLdap#get_user_object) Type: [samaccountname], Base DN: [xxxxxxxxxxxx], Filter: <(samaccountname=xxxxxxx)>
[----] E, [2016-03-25T13:52:10.053464 #31958:3fcf6af5142c] ERROR -- : [ActiveRecord::RecordInvalid]: Validation failed: Userid has already been taken  Method:[rescue in authenticate]

But the most fun part is that now, my user is well created in the database, with all correct informations ? So the ldap search went well.

If I try to connect another time, the message turns in “API authentication failed”, and in the logs, I see :

[----] E, [2016-03-25T13:56:09.812776 #31958:3fcf41f7d168] ERROR -- : [ActiveRecord::RecordInvalid]: Validation failed: Userid has already been taken  Method:[rescue in authenticate]
[----] E, [2016-03-25T13:56:09.812985 #31958:3fcf41f7d168] ERROR -- : /local/home/ta-srv-iaas-sde/.gem/ruby/2.2.4/bundler/gems/rails-2346c7f28163/activerecord/lib/active_record/validations.rb:78:in `raise_validation_error'
[----] E, [2016-03-25T13:56:09.814317 #31958:3fcf41f7d168] ERROR -- : <API> MIQ(ApiController.api_error) API Error
[----] E, [2016-03-25T13:56:09.814447 #31958:3fcf41f7d168] ERROR -- : <API> MIQ(ApiController.api_error) MiqException::MiqEVMLoginError: Validation failed: Userid has already been taken

Can someone help me ?


#4

Another update :

as it works on appliance, I copied all files from /var/www/miq/vmdb on my dev machine, deleted vmdb_test and vmdb_developement database, and run bin/setup

All works fine with the ldap on this version (capablanca-2.20160329163846_d083ab5) and the issue is only on the master.