Good to know thanks. Logging is pretty loud with debug, LDAP and SQL turned on. I was able to find this in the sql logs:
2017-06-22 15:23:20 407057e9 [sql] [D] User Load (0.4ms) SELECT `users`.* FROM `users` WHERE `users`.`lower_login` = 'jruybal' LIMIT 1 2017-06-22 15:23:20 407057e9 [sql] [D] AuthSource Load (0.4ms) SELECT `auth_sources`.* FROM `auth_sources` WHERE `auth_sources`.`id` = 3 LIMIT 1 2017-06-22 15:23:20 407057e9 [sql] [D] LDAP auth with user jruybal against LDAP-freeipa 2017-06-22 15:23:20 407057e9 [sql] [D] Retrieved LDAP Attributes for jruybal: {:dn=>"uid=jruybal,cn=users,cn=accounts,dc=owneriq,dc=com"} 2017-06-22 15:23:20 407057e9 [sql] [D] Authenticated user jruybal against LDAP-freeipa authentication source 2017-06-22 15:23:20 407057e9 [sql] [D] User Load (0.5ms) SELECT `users`.* FROM `users` WHERE `users`.`lower_login` = 'foreman_admin' LIMIT 1 2017-06-22 15:23:20 407057e9 [sql] [D] Updating user jruybal attributes from auth source: [:dn] 2017-06-22 15:23:20 407057e9 [sql] [D] (0.3ms) BEGIN 2017-06-22 15:23:20 407057e9 [sql] [D] (0.4ms) SELECT COUNT(*) FROM `auth_sources` WHERE `auth_sources`.`type` IN ('AuthSourceHidden') AND `auth_sources`.`id` = 3 2017-06-22 15:23:20 407057e9 [sql] [D] User Exists (0.4ms) SELECT 1 AS one FROM `users` WHERE (`users`.`login` = 'jruybal' AND `users`.`id` != 10) LIMIT 1 2017-06-22 15:23:20 407057e9 [sql] [D] Usergroup Load (0.4ms) SELECT `usergroups`.* FROM `usergroups` WHERE `usergroups`.`name` = 'jruybal' ORDER BY usergroups.name 2017-06-22 15:23:20 407057e9 [sql] [D] Role Load (0.4ms) SELECT `roles`.* FROM `roles` WHERE `roles`.`builtin` = 2 LIMIT 1 2017-06-22 15:23:20 407057e9 [sql] [D] Role Exists (0.5ms) SELECT 1 AS one FROM `roles` INNER JOIN `user_roles` ON `roles`.`id` = `user_roles`.`role_id` WHERE `user_roles`.`owner_id` = 10 AND `user_roles`.`owner_type` = 'User' AND `roles`.`id` = 13 LIMIT 1 2017-06-22 15:23:20 407057e9 [sql] [D] (0.3ms) COMMIT 2017-06-22 15:23:20 407057e9 [sql] [D] Updating user groups for user jruybal 2017-06-22 15:23:20 407057e9 [sql] [D] User Load (0.4ms) SELECT `users`.* FROM `users` WHERE `users`.`lower_login` = 'jruybal' ORDER BY firstname LIMIT 1 LDAP logs are almost silent. It's worth noting that since starting this email chain I've tried adding External Authentication with IPA. On Tuesday, June 20, 2017 at 10:39:02 PM UTC-7, ohad wrote: > > > I have not, can you please turn on debug (with both sql and ldap queries) > and post the output? > > also - for the future, if you believe you encountred a security related > bug, please follow the process at [1] > > thanks, > Ohad > > [1] https://theforeman.org/security.html#Securityprocess > > -- >> You received this message because you are subscribed to the Google Groups >> "Foreman users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to foreman-user...@googlegroups.com <javascript:>. >> To post to this group, send email to forema...@googlegroups.com >> <javascript:>. >> Visit this group at https://groups.google.com/group/foreman-users. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Foreman users" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-users+unsubscr...@googlegroups.com. To post to this group, send email to foreman-users@googlegroups.com. Visit this group at https://groups.google.com/group/foreman-users. For more options, visit https://groups.google.com/d/optout.