When i add new user, it's obligatory to restart Rundeck

[ghost]

When i had a new user to realm.properties file or in realm-w3.properties file for ldap authentification, it's obligatory to restart Rundeck service.

My Rundeck detail

• Rundeck version: 2.10.8
• install type: deb
• OS Name/version: ubuntu 16.04
• DB Type/version: mariadb

To Reproduce
Steps to reproduce the behavior:

1. Add a new user to the realm.properties file or in realm-w3.properties
2. Save file
3. Try to connect on the web page
4. The user can not login

Expected behavior
the possibility to dynamicly add users without restart Rundeck service

Desktop (please complete the following information):

• Windows 7
• Firefox Browser 52.4.1

[gschueler]

what is your jaas configuration?

[ghost]

multiauth {
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule sufficient
debug="true"
file="/etc/rundeck/realm.properties";

com.dtolabs.rundeck.jetty.jaas.JettyCombinedLdapLoginModule required
  debug="true"
  contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
  providerUrl="LDAP-URL"
  bindDn="LDAP-ACCOUNT"
  bindPassword="LDAP-PASSWORD"
  authenticationMethod="simple"
  forceBindingLogin="true"
  userBaseDn="ou=**,dc=**,dc=**,dc=**,dc=**"
  userRdnAttribute="sAMAccountName"
  userIdAttribute="sAMAccountName"
  userPasswordAttribute="unicodePwd"
  userObjectClass="user"
  roleBaseDn="ou=**,dc=**,dc=**,dc=**,dc=**"
  roleNameAttribute="cn"
  roleUsernameMemberAttribute="memberUid"
  roleMemberAttribute="memberUid"
  roleObjectClass="posixGroup"
  cacheDurationMillis="300000"
  supplementalRoles="user"
  reportStatistics="true"
  timeoutRead="10000"
  timeoutConnect="20000"
  nestedGroups="false"
  ignoreRoles="true"
  storePass="true"
  clearPass="true"
  useFirstPass="true"
  tryFirstPass="true";

org.rundeck.jaas.jetty.JettyRolePropertyFileLoginModule required
  debug="true"
  useFirstPass="true"
  caseInsensitive="true"
  refreshInterval="60"
  file="/rundeck_data/realm-w3.properties";

};

[ghost]

Have you found something @gschueler ?

[orderedchaosdev]

@pchevallereau If I'm reading your config correctly then after you update the realm-w3.properties file you will have to wait around 60 seconds for it to reload the realm file and pick up the new changes

[gschueler]

after looking into the code, from what i can tell the refreshInterval has no effect. The underlying Jetty code which we invoke does not actually refresh anything. ref: https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/PropertyFileLoginModule.java

I apologize, I believe this used to work, but it does not appear to any longer.

[orderedchaosdev]

@gschueler That is actually a pretty important feature to be able to reload the realm file without restarting.

[gtsteffaniak]

@gschueler Are there any plans to include this again?

[Fonkyup]

Could this improvement be added?

[orderedchaosdev]

It looks like it was removed here
jetty/jetty.project@81b2a6a#diff-610dca3db80f967b0bc66fce20e3fa0b

https://bugs.eclipse.org/bugs/show_bug.cgi?id=483059

I dunno why they made this change but this is what removed the code for refresh interval
Since this is a jetty change and not rundeck, I think this is up to getting a fix from the jetty team not the rundeck team.