OPNsense Forum
English Forums => Development and Code Review => Topic started by: ooboyle on September 23, 2016, 07:45:02 pm
-
I've noticed a delay in being able to edit a new user added from LDAP. The user account gets created locally as expected but when I go into the account to assign it a group membership or directly assign it privileges, my changes are not saved and revert to being empty. It take over 5 minutes for this to clear and I'm still unsure if it clears on it's own or because I clicked 100 different buttons while I was waiting.
Is this a known issue?
Oliver
-
Hi Oliver,
I don't recall this being ever reported. Can you check the config history (System: Configuration: History) and see if the changes get applied? You can review each change in a diff between the old an new versions or confirm it does not write new versions until the 5 minutes are over.
Thanks,
Franco
-
Ok, here's the timeline. In this case, it took about 3 minutes, and 3 attempts during that period, for the LDAP account to show its membership in the group I added it too.
Added the LDAP user:
--- /conf/backup/config-1474914232.0974.xml 2016-09-26 14:23:52.098111000 -0400
+++ /conf/config.xml 2016-09-26 14:23:55.225032000 -0400
@@ -845,7 +845,7 @@
</widgets>
<revision>
<username>admin@192.168.1.164</username>
- <time>1474914231.4041</time>
+ <time>1474914235.217</time>
<description>/system_usermanager_import_ldap.php made changes</description>
</revision>
<cert>
1st attempt at adding it to a group:
--- /conf/backup/config-1474914281.1166.xml 2016-09-26 14:24:41.117074000 -0400
+++ /conf/config.xml 2016-09-26 14:24:44.028389000 -0400
@@ -845,7 +845,7 @@
</widgets>
<revision>
<username>admin@192.168.1.164</username>
- <time>1474914280.5169</time>
+ <time>1474914284.0206</time>
<description>/system_usermanager_import_ldap.php made changes</description>
</revision>
<cert>
2nd attempt at adding it to a group:
--- /conf/backup/config-1474914352.377.xml 2016-09-26 14:25:52.377883000 -0400
+++ /conf/config.xml 2016-09-26 14:25:55.215759000 -0400
@@ -845,7 +845,7 @@
</widgets>
<revision>
<username>admin@192.168.1.164</username>
- <time>1474914351.7208</time>
+ <time>1474914355.2077</time>
<description>/system_usermanager_import_ldap.php made changes</description>
</revision>
<cert>
3rd attempt at adding it to a group:
--- /conf/backup/config-1474914423.9222.xml 2016-09-26 14:27:03.922753000 -0400
+++ /conf/config.xml 2016-09-26 14:27:03.930653000 -0400
@@ -195,6 +195,7 @@
<gid>1999</gid>
<member>0</member>
<member>2000</member>
+ <member>2007</member>
<priv>page-all</priv>
<priv>user-shell-access</priv>
</group>
@@ -225,6 +226,10 @@
<descr>Oliver O'Boyle</descr>
<password>$6$$uvbAZquGaG4XqHeTo2ZZO5SJRYs1RutnSksO458ZD5mGaKZyaKYLOVPJNGe7LKrjagR9EdwExN./YlOQxNse71</password>
<uid>2007</uid>
+ <expires/>
+ <authorizedkeys/>
+ <ipsecpsk/>
+ <otp_seed/>
</user>
<nextuid>2008</nextuid>
<nextgid>2001</nextgid>
@@ -845,8 +850,8 @@
</widgets>
<revision>
<username>admin@192.168.1.164</username>
- <time>1474914384.6145</time>
- <description>/system_usermanager_import_ldap.php made changes</description>
+ <time>1474914423.9228</time>
+ <description>/system_usermanager.php made changes</description>
</revision>
<cert>
<refid>56fe90d2e373c</refid>
-
We've recently had a few LDAP users who also imported users but didn't run into this: could edit users right away. Not sure how this could be setup specific, though.
In those cases they wanted to edit user passwords in the local copies, which required a small patch we are going to add to 17.1.1.
Kind of off-topic, but maybe we can pick this back up now.
Cheers,
Franco