Unable to auto-create user because unable to match user's group membership to an EVM role [catalog/tree_select]


#1

Hello,

I can not order an item from a catalog. If I click to an item in a catalog the I get the error message below.
Unable to auto-create user because unable to match user’s group membership to an EVM role [catalog/tree_select]. I am logged in as build-in admin.

If I try to edit an Catalog Item and change e.g description and save it then I receive the error.
User object not passed in [catalog/servicetemplate_edit]

The issue is related to items in one catalog only other items works well.

Thanks for help,
Karel


#2

@gmccullough can yo ureview this question from @Karel and forward to a SME if necessary.


#3

Hi @Karel,

Is there a stack trace in either the evm.log or production.log on the appliance the UI is logged into that might help narrow down the source of the error.

Thanks


#4

Hi,

It looks it is related to AD authentication issue.
Currently I am able to order a catalog item but if I click to display item detail then I get the error.

Unable to auto-create user because unable to match user’s group membership to an EVM role [catalog/x_show]

In production.log I can see:
tail -f production.log
[----] I, [2016-05-03T20:58:49.457043 #2981:ed3988] INFO – : Started GET “/pictures/2r9.png” for 159.57.221.108 at 2016-05-03 20:58:49 +0200
[----] I, [2016-05-03T20:58:49.457719 #2981:ed3988] INFO – : Processing by PictureController#show as HTML
[----] I, [2016-05-03T20:58:49.457791 #2981:ed3988] INFO – : Parameters: {“basename”=>“2r9.png”}
[----] I, [2016-05-03T20:58:49.479683 #2981:ed3988] INFO – : Rendered text template (0.0ms)
[----] I, [2016-05-03T20:58:49.488089 #2981:ed3988] INFO – : Completed 200 OK in 30ms (Views: 0.8ms | ActiveRecord: 1.8ms)
[----] I, [2016-05-03T20:58:49.585733 #2981:ed3988] INFO – : Started GET “/pictures/2r8.png” for 159.57.221.108 at 2016-05-03 20:58:49 +0200
[----] I, [2016-05-03T20:58:49.587043 #2981:ed3988] INFO – : Processing by PictureController#show as HTML
[----] I, [2016-05-03T20:58:49.587142 #2981:ed3988] INFO – : Parameters: {“basename”=>“2r8.png”}
[----] I, [2016-05-03T20:58:49.609172 #2981:ed3988] INFO – : Rendered text template (0.0ms)
[----] I, [2016-05-03T20:58:49.613382 #2981:ed3988] INFO – : Completed 200 OK in 26ms (Views: 0.5ms | ActiveRecord: 1.5ms)
[----] I, [2016-05-03T20:59:00.086652 #2981:ed3988] INFO – : Started POST “/catalog/x_show/2r11” for 159.57.221.108 at 2016-05-03 20:59:00 +0200
[----] I, [2016-05-03T20:59:00.087984 #2981:ed3988] INFO – : Processing by CatalogController#x_show as JS
[----] I, [2016-05-03T20:59:00.088041 #2981:ed3988] INFO – : Parameters: {“id”=>“2r11”}
[----] F, [2016-05-03T20:59:00.602893 #2981:ed3988] FATAL – : Error caught: [RuntimeError] Unable to auto-create user because unable to match user’s group membership to an EVM role
/var/www/miq/vmdb/app/models/authenticator/ldap.rb:32:in block in find_or_create_by_ldap' /var/www/miq/vmdb/app/models/authenticator/ldap.rb:49:increate_user_from_ldap’
/var/www/miq/vmdb/app/models/authenticator/ldap.rb:30:in find_or_create_by_ldap' /var/www/miq/vmdb/app/models/authenticator/ldap.rb:9:inlookup_by_identity’
/var/www/miq/vmdb/app/models/user.rb:170:in lookup_by_identity' /var/www/miq/vmdb/app/models/miq_request_workflow.rb:59:ininstance_var_init’
/var/www/miq/vmdb/app/models/miq_provision_virt_workflow.rb:9:in `initialize’

Thanks,
Karel


#5

@Karel,

It looks like the user that created the catalog items must have been deleted and that user name is referenced in one of the models which is causing the issue.

Please open a git issue so we can work on a solution to this issue.

You can try this to resolve the problem in your current environment:

From the rails console on the appliance you can run the following commands to find the invalid records and print what User ID they are referencing:

invalid = MiqProvisionRequestTemplate.all.select {|pt| pt.get_user.nil?}
puts invalid.count
invalid.each {|pr| puts "MiqRequest ID: #{pr.id} - userid: #{pr.userid}"}; nil

Modify these records to point to a valid userid:

For example, if I wanted to change the user to admin I could do this after running the previous code:

new_user = User.find_by_userid("admin")
invalid.each {|pr| pr.update_attributes!(:userid => new_user.userid, :requester => new_user, :requester_name => new_user.name)}

At this point if you rerun the initial code the count should show as 0 and you should be able to view/edit/order the catalog item again.

Hope this helps.


#6

You are probably right. The issue occurred if I modified AD authentication and deleted users that were created before. I “fixed” it by the catalog item re-creation (the issue was related to only 5 items.)

Thanks,
Karel