New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When i add new user, it's obligatory to restart Rundeck #3452

Closed
pchevallereau opened this Issue May 31, 2018 · 9 comments

Comments

Projects
None yet
5 participants
@pchevallereau

pchevallereau commented May 31, 2018

When i had a new user to realm.properties file or in realm-w3.properties file for ldap authentification, it's obligatory to restart Rundeck service.

My Rundeck detail

  • Rundeck version: 2.10.8
  • install type: deb
  • OS Name/version: ubuntu 16.04
  • DB Type/version: mariadb

To Reproduce
Steps to reproduce the behavior:

  1. Add a new user to the realm.properties file or in realm-w3.properties
  2. Save file
  3. Try to connect on the web page
  4. The user can not login

Expected behavior
the possibility to dynamicly add users without restart Rundeck service

Desktop (please complete the following information):

  • Windows 7
  • Firefox Browser 52.4.1
@gschueler

This comment has been minimized.

Member

gschueler commented Jun 5, 2018

what is your jaas configuration?

@pchevallereau

This comment has been minimized.

pchevallereau commented Jun 6, 2018

multiauth {
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient
debug="true"
file="/etc/rundeck/realm.properties";

com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule required
  debug="true"
  contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
  providerUrl="LDAP-URL"
  bindDn="LDAP-ACCOUNT"
  bindPassword="LDAP-PASSWORD"
  authenticationMethod="simple"
  forceBindingLogin="true"
  userBaseDn="ou=**,dc=**,dc=**,dc=**,dc=**"
  userRdnAttribute="sAMAccountName"
  userIdAttribute="sAMAccountName"
  userPasswordAttribute="unicodePwd"
  userObjectClass="user"
  roleBaseDn="ou=**,dc=**,dc=**,dc=**,dc=**"
  roleNameAttribute="cn"
  roleUsernameMemberAttribute="memberUid"
  roleMemberAttribute="memberUid"
  roleObjectClass="posixGroup"
  cacheDurationMillis="300000"
  supplementalRoles="user"
  reportStatistics="true"
  timeoutRead="10000"
  timeoutConnect="20000"
  nestedGroups="false"
  ignoreRoles="true"
  storePass="true"
  clearPass="true"
  useFirstPass="true"
  tryFirstPass="true";

org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
  debug="true"
  useFirstPass="true"
  caseInsensitive="true"
  refreshInterval="60"
  file="/rundeck_data/realm-w3.properties";

};

@pchevallereau

This comment has been minimized.

pchevallereau commented Jun 18, 2018

Have you found something @gschueler ?

@orderedchaosdev

This comment has been minimized.

orderedchaosdev commented Jun 28, 2018

@pchevallereau If I'm reading your config correctly then after you update the realm-w3.properties file you will have to wait around 60 seconds for it to reload the realm file and pick up the new changes

@gschueler

This comment has been minimized.

Member

gschueler commented Jun 29, 2018

after looking into the code, from what i can tell the refreshInterval has no effect. The underlying Jetty code which we invoke does not actually refresh anything. ref: https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/PropertyFileLoginModule.java

I apologize, I believe this used to work, but it does not appear to any longer.

@orderedchaosdev

This comment has been minimized.

orderedchaosdev commented Jun 29, 2018

@gschueler That is actually a pretty important feature to be able to reload the realm file without restarting.

@gtsteffaniak

This comment has been minimized.

gtsteffaniak commented Oct 16, 2018

@gschueler Are there any plans to include this again?

@Fonkyup

This comment has been minimized.

Fonkyup commented Oct 30, 2018

Could this improvement be added?

@orderedchaosdev

This comment has been minimized.

orderedchaosdev commented Nov 6, 2018

It looks like it was removed here
eclipse/jetty.project@81b2a6a#diff-610dca3db80f967b0bc66fce20e3fa0b

https://bugs.eclipse.org/bugs/show_bug.cgi?id=483059

I dunno why they made this change but this is what removed the code for refresh interval
Since this is a jetty change and not rundeck, I think this is up to getting a fix from the jetty team not the rundeck team.

@gschueler gschueler closed this in 7d00776 Nov 21, 2018

gschueler added a commit that referenced this issue Nov 21, 2018

Merge pull request #4194 from rundeck/feature/3987/reloadable-realmprops
Fix #3452 and #3987 by adding a login module that can hot reload realm.properties

@gschueler gschueler added this to the 3.0.9 milestone Nov 21, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment