[Satellite6] How to consume LDAP AuthSource via foreman-rake to test/check AD information

Solution Verified - Updated -

Environment

Red Hat Satellite 6.x

Issue

Usually is necessary execute steps to confirm if Satellite is correctly configured or just to enable the Authentication feature to the customer. On this document will be presented some commands to:
- Test the connectivity between Satellite and External Authentication Source
- Test valid users and all information about it
- Test valid groups and all information about this one

Resolution

The resolution will vary according the issue.

Root Cause

Necessary analyze all LDAP Authentication configuration just to define the main reason.

Diagnostic Steps

Below some commands just to check/test/debug our LDAP Authentication Source

Accessing foreman rake console
foreman-rake console

[root@satellite ~]# foreman-rake console
/opt/theforeman/tfm/root/usr/share/gems/gems/foreman_theme_satellite-0.1.41/app/models/concerns/satellite_packages.rb:4: warning: already initialized constant Katello::Ping::PACKAGES
/opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.105/app/models/katello/ping.rb:7: warning: previous definition of PACKAGES was here
/usr/share/foreman/lib/tasks/console.rake:4: warning: already initialized constant ARGV
Loading production environment (Rails 4.1.5)
irb(main):001:0>

Command to see all Sources created on Satellite Server. Please take a note about the AuthSourceLdap id.
AuthSourceLdap.all

irb(main):001:0> AuthSourceLdap.all
=> #<ActiveRecord::Relation [#<AuthSourceLdap id: 3, type: "AuthSourceLdap", name: "w2k8", host: "10.12.211.58", port: 389, account: "administrator@domain", account_password: "encrypted-Y0Jud1FBM084Nk1TenEyV3gwRXZEZ2pCNHpGaFgy...", base_dn: "dc=domain,dc=example", attr_login: "sAMAccountName", attr_firstname: "givenName", attr_lastname: "sn", attr_mail: "mail", onthefly_register: true, tls: false, created_at: "2017-03-27 18:47:25", updated_at: "2017-03-27 19:11:56", ldap_filter: "", attr_photo: "jpegPhoto", server_type: "active_directory", groups_base: "", usergroup_sync: true>]>
irb(main):002:0>

Attributing the query output to source_now
source_now = AuthSourceLdap.find_by_id()

irb(main):002:0> source_now = AuthSourceLdap.find_by_id(3)
=> #<AuthSourceLdap id: 3, type: "AuthSourceLdap", name: "w2k8", host: "10.12.211.58", port: 389, account: "administrator@domain", account_password: "encrypted-Y0Jud1FBM084Nk1TenEyV3gwRXZEZ2pCNHpGaFgy...", base_dn: "dc=domain,dc=example", attr_login: "sAMAccountName", attr_firstname: "givenName", attr_lastname: "sn", attr_mail: "mail", onthefly_register: true, tls: false, created_at: "2017-03-27 18:47:25", updated_at: "2017-03-27 19:11:56", ldap_filter: "", attr_photo: "jpegPhoto", server_type: "active_directory", groups_base: "", usergroup_sync: true>
irb(main):003:0>

Creating the connection
conn = source_now.ldap_con

irb(main):003:0> conn = source_now.ldap_con
Successfully decrypted field for AuthSourceLdap w2k8
=> #<LdapFluff:0x000000096c9608 @ldap=#<LdapFluff::ActiveDirectory:0x000000096c34b0 @ldap=#<Net::LDAP:0x000000096c3460 @host="10.12.211.58", @port=389, @hosts=nil, @verbose=false, @auth={:method=>:anonymous}, @base="dc=domain,dc=example", @force_no_page=false, @encryption=nil, @connect_timeout=nil, @instrumentation_service=ActiveSupport::Notifications, @open_connection=nil>, @bind_user="administrator@domain", @bind_pass="Redhat1!", @anon=false, @attr_login="sAMAccountName", @base="dc=domain,dc=example", @group_base="dc=domain,dc=example", @member_service=#<LdapFluff::ActiveDirectory::MemberService:0x000000096c3438 @attr_login="sAMAccountName", @ldap=#<Net::LDAP:0x000000096c3460 @host="10.12.211.58", @port=389, @hosts=nil, @verbose=false, @auth={:method=>:anonymous}, @base="dc=domain,dc=example", @force_no_page=false, @encryption=nil, @connect_timeout=nil, @instrumentation_service=ActiveSupport::Notifications, @open_connection=nil>, @base="dc=domain,dc=example", @group_base="dc=domain,dc=example">>, @instrumentation_service=ActiveSupport::Notifications>
irb(main):004:0>

Testing if this is one valid user on AD
conn.valid_user?('')

irb(main):004:0> conn.valid_user?('waldirio')
=> true
irb(main):005:0>

Retrieving information from the AD user
conn.find_user('')

irb(main):011:0> conn.find_user('waldirio')
=> [#<Net::LDAP::Entry:0x00000008f55660 @myhash={:dn=>["CN=Waldirio Pinheiro,CN=Users,DC=domain,DC=example"], :objectclass=>["top", "person", "organizationalPerson", "user"], :cn=>["Waldirio Pinheiro"], :sn=>["Pinheiro"], :givenname=>["Waldirio"], :distinguishedname=>["CN=Waldirio Pinheiro,CN=Users,DC=domain,DC=example"], :instancetype=>["4"], :whencreated=>["20170328011139.0Z"], :whenchanged=>["20170328021241.0Z"], :displayname=>["Waldirio Pinheiro"], :usncreated=>["12727"], :usnchanged=>["12750"], :name=>["Waldirio Pinheiro"], :objectguid=>["\x9B6\a\xEE\x1Fv\xE0G\xA0`\x11R\x84\xA8\xEE\xB0"], :useraccountcontrol=>["66048"], :badpwdcount=>["0"], :codepage=>["0"], :countrycode=>["0"], :badpasswordtime=>["131351408863120239"], :lastlogoff=>["0"], :lastlogon=>["131351408965768419"], :pwdlastset=>["131351370995145728"], :primarygroupid=>["513"], :objectsid=>["\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\x9B\x8CB!n\xDDX\xD1\xB2\xF5\x8C\xEFO\x04\x00\x00"], :accountexpires=>["9223372036854775807"], :logoncount=>["0"], :samaccountname=>["waldirio"], :samaccounttype=>["805306368"], :userprincipalname=>["waldirio@domain.example"], :objectcategory=>["CN=Person,CN=Schema,CN=Configuration,DC=domain,DC=example"], :dscorepropagationdata=>["16010101000000.0Z"], :lastlogontimestamp=>["131351407246645400"], :mail=>["waldirio@redhat.com"]}>]
irb(main):012:0>

Testing if this is one valid group on AD
conn.valid_group?('')

irb(main):021:0> conn.valid_group?('Satellite')
=> true
irb(main):022:0>

Retrieving information from the AD group
conn.find_group('')

irb(main):022:0> conn.find_group('Satellite')
=> [#<Net::LDAP::Entry:0x00000007139c08 @myhash={:dn=>["CN=Satellite,CN=Users,DC=domain,DC=example"], :objectclass=>["top", "group"], :cn=>["Satellite"], :member=>["CN=Pedro Teixeira Pinheiro,CN=Users,DC=domain,DC=example", "CN=Waldirio Pinheiro,CN=Users,DC=domain,DC=example"], :distinguishedname=>["CN=Satellite,CN=Users,DC=domain,DC=example"], :instancetype=>["4"], :whencreated=>["20170330195625.0Z"], :whenchanged=>["20170330200155.0Z"], :usncreated=>["13041"], :usnchanged=>["13055"], :name=>["Satellite"], :objectguid=>["\xDE\xF9\xCC#\x8D\x820I\x96\xD84Q\x8F\xA8\xD6\xB5"], :objectsid=>["\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\x9B\x8CB!n\xDDX\xD1\xB2\xF5\x8C\xEFQ\x04\x00\x00"], :samaccountname=>["Satellite"], :samaccounttype=>["268435456"], :grouptype=>["-2147483646"], :objectcategory=>["CN=Group,CN=Schema,CN=Configuration,DC=domain,DC=example"], :dscorepropagationdata=>["16010101000000.0Z"]}>]
irb(main):023:0>

List all members of one specific AD group
conn.user_list('')

irb(main):015:0> conn.user_list('Satellite')
=> ["pedro", "waldirio"]
irb(main):016:0>

In case of failure

There isn't the user waldiriofake

irb(main):017:0> conn.valid_user?('waldiriofake')
=> false

If Satellite try to retrieve the same user for any reason, we will face the issue according below

irb(main):018:0> conn.find_user('waldiriofake')
LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException: LdapFluff::ActiveDirectory::MemberService::UIDNotFoundException
    from /opt/theforeman/tfm/root/usr/share/gems/gems/ldap_fluff-0.4.5/lib/ldap_fluff/generic_member_service.rb:20:in `find_user'
    from /opt/theforeman/tfm/root/usr/share/gems/gems/ldap_fluff-0.4.5/lib/ldap_fluff/ldap_fluff.rb:77:in `block in find_user'
    from /opt/theforeman/tfm/root/usr/share/gems/gems/ldap_fluff-0.4.5/lib/ldap_fluff/ldap_fluff.rb:94:in `block in instrument'
    from /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/notifications.rb:159:in `block in instrument'
    from /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/notifications/instrumenter.rb:20:in `instrument'
    from /opt/rh/rh-ror41/root/usr/share/gems/gems/activesupport-4.1.5/lib/active_support/notifications.rb:159:in `instrument'
    from /opt/theforeman/tfm/root/usr/share/gems/gems/ldap_fluff-0.4.5/lib/ldap_fluff/ldap_fluff.rb:93:in `instrument'
    from /opt/theforeman/tfm/root/usr/share/gems/gems/ldap_fluff-0.4.5/lib/ldap_fluff/ldap_fluff.rb:76:in `find_user'
    from (irb):18
    from /opt/rh/rh-ror41/root/usr/share/gems/gems/railties-4.1.5/lib/rails/commands/console.rb:90:in `start'
    from /opt/rh/rh-ror41/root/usr/share/gems/gems/railties-4.1.5/lib/rails/commands/console.rb:9:in `start'
    from /usr/share/foreman/lib/tasks/console.rake:6:in `block in <top (required)>'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/task.rb:240:in `call'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/task.rb:240:in `block in execute'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/task.rb:235:in `each'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/task.rb:235:in `execute'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/task.rb:179:in `block in invoke_with_call_chain'
    from /opt/rh/rh-ruby22/root/usr/share/ruby/monitor.rb:211:in `mon_synchronize'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/task.rb:172:in `invoke_with_call_chain'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/task.rb:165:in `invoke'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:150:in `invoke_task'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:106:in `block (2 levels) in top_level'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:106:in `each'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:106:in `block in top_level'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:115:in `run_with_threads'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:100:in `top_level'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:78:in `block in run'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:176:in `standard_exception_handling'
    from /opt/rh/rh-ruby22/root/usr/share/gems/gems/rake-10.4.2/lib/rake/application.rb:75:in `run'
    from /opt/rh/rh-ruby22/root/usr/bin/rake:33:in `<main>'irb(main):019:0>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.