OPERATIONAL DEFECT DATABASE
...
...
BugZero found this defect 2 days ago.
Scenario LDAP user is able to log in using UI but unable to make API calls. Error message as seen in the screenshot below "No role assigned to the user" Impact Unable to use API with LDAP user.
This is a bug where PFxM cannot see the LDAP user role when the user is only included as part of a group. SSO: When an LDAP user is assigned to an LDAP group, and the LDAP group is configured with a user role, the REST login command fails due to "no role assigned to user"
The workaround is to add the USER to the Remote Users/Groups section in the UI. Even if the user is already included in one of the groups listed. The bug is hit when the Type User is not found for an API call. In the image below, even though the user "xxxxx" is a member of the sio_admin Group; user is unable to make API calls until we add the user here as a Type = User. If the user "xxxx" is removed from this section, it will not allow API calls. The user must exist with a Type = User Impacted Version 4.x Fixed In Version N/A
