after upgrade to 2.7.1, rundeck stopped refreshing user groups defined in realm.properties #2259

Open
rophy opened this Issue Jan 4, 2017 · 3 comments

Projects

None yet

2 participants

@rophy
Contributor
rophy commented Jan 4, 2017 edited

Bug report

My Rundeck detail

  • Rundeck version: 2.7.1
  • install type: rpm
  • OS Name/version: centos 7

Expected Behavior

before 2.7.1, rundeck would automatically reload updated realm.properties (seems to be periodically but i'm not sure the exact frequency, about once or twice every minute)


Actual Behavior

rundeck stopped refreshing user groups defined in realm.properties


How to reproduce Behavior

  1. add group G to realm-w3.properties for user A
  2. log out and log in user A
  3. check user A profile and make sure group G is listed

I use .JettyCombinedLdapLoginModule as below, which defines groups of LDAP users in realm-w3.properties

ldap {

    org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient
      debug="true"
      file="/etc/rundeck/realm.properties";

    com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule required
      debug="true"
      contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
      cacheDurationMillis="300000"
     (some fields omitted)
      supplementalRoles="user"
      reportStatistics="true"
      timeoutRead="10000"
      timeoutConnect="20000"
      ignoreRoles="true"
      storePass="true";

    org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
      debug="true"
      useFirstPass="true"
      caseInsensitive="true"
      file="/etc/rundeck/realm-w3.properties";

};


@niphlod
niphlod commented Jan 10, 2017

it happens here too. probably the change of class changed also the behaviour (i.e. load on startup vs check at each login)

@rophy
Contributor
rophy commented Jan 12, 2017

This rundeck-discuss post provided a solution which works for me:

We need to configure the JettyRolePropertyFileLoginModule properties, file jaas-ldap.conf, refreshInterval, as shown below:

org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
debug="true"
useFirstPass="true"
file="/home/rundeck/rundeck/server/config/realm.properties"
refreshInterval="60"
caseInsensitive="true";

@niphlod
niphlod commented Jan 12, 2017

Great! I guess this can be closed as soon as the additional parameter is put on the guide ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment