ldap integration problem in 2.8.3

[c-hoeger]

Issue/Feature description

ldap integration no longer working for us in 2.8.3

The ldap user is found, but the creation in the database seems to stall somewhere. In the debug log everything seems to be ok, but in the web ui the /user/do_login stalls for a very long time and fails with internal server error after a while.

obs-debug.log.zip

[adrianschroeter]

The logs point to a problem of the "sign" tool in the backend. Are you sure this worked before the 2.8.3 update?

please run "sign -t" on CLI on your source server to validate that signing works. My guess is that key creation does not work for some reason, but this should be independend of LDAP.

Anyway P2 for now, to ensure that we look into it and that we have not released something broken ..

[c-hoeger]

The logs point to a problem of the "sign" tool in the backend. Are you sure this worked before the 2.8.3 update?

This is no update, it is a new installation using our internal chef cookbook. The same deployment worked in 2.8.0. 2.8.1 had a different problem, see https://github.com/openSUSE/open-build-service/issues/3159, where I provided a fix.

please run "sign -t" on CLI on your source server to validate that signing works. My guess is that key creation does not work for some reason, but this should be independend of LDAP.

I also noticed the sign error, no idea if or how it relates. In general, it seems to work:

buildservice:~ # systemctl status signd
● obssignd.service - LSB: start the gpg sign daemon
   Loaded: loaded (/etc/init.d/obssignd; bad; vendor preset: disabled)
   Active: active (running) since Mon 2017-09-04 08:50:22 CEST; 12min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 11623 ExecStop=/etc/init.d/obssignd stop (code=exited, status=0/SUCCESS)
  Process: 11633 ExecStart=/etc/init.d/obssignd start (code=exited, status=0/SUCCESS)
    Tasks: 2 (limit: 512)
   CGroup: /system.slice/obssignd.service
           └─11644 /usr/bin/perl /usr/sbin/signd -f

Sep 04 08:50:22 buildservice.kitchen systemd[1]: Stopped LSB: start the gpg sign daemon.
Sep 04 08:50:22 buildservice.kitchen systemd[1]: Starting LSB: start the gpg sign daemon...
Sep 04 08:50:22 buildservice.kitchen obssignd[11633]: Starting gpg sign daemon (signd): ..done
Sep 04 08:50:22 buildservice.kitchen systemd[1]: Started LSB: start the gpg sign daemon.
buildservice:~ # sign -t; echo $?
0
buildservice:~ #

[Jellyfrog]

Having the same issue, will investigate a bit... Worked fine with 2.8.2 With 2.8.3 new users cant login

[c-hoeger]

interesting thing is, that even though the log shows

D, [2017-09-04T11:52:02.126117 #12916] DEBUG -- : [1961e2d8-a821-48c2-acbb-4b5b6d3031cc] [12916:1000.75]   SQL (0.6ms)  INSERT INTO `users` (`created_at`, `updated_at`, `last_logged_in_at`, `login`, `email`, `password`, `password_hash_type`, `password_salt`, `password_crypted`) VALUES ('2017-09-04 09:52:02', '2017-09-04 09:52:02', '2017-09-04 09:52:02', 'carsten.hoeger', 'carsten.hoeger@open-xchange.com', '7243d4c0605a3718217de9b3bea5b44e', 'md5', '/DRe90e4vh', 'osRbl6owjy4iY')

there's no user created in the db (checked immediately after above insert)

MariaDB [api_production]> select * from users;
+----+---------------------+---------------------+-------------------+---------------------+----------+------------------+------------------------+----------------------------------+--------------------+---------------+------------------+-----------+-----------+----------+
| id | created_at          | updated_at          | last_logged_in_at | login_failure_count | login    | email            | realname               | password                         | password_hash_type | password_salt | password_crypted | adminnote | state     | owner_id |
+----+---------------------+---------------------+-------------------+---------------------+----------+------------------+------------------------+----------------------------------+--------------------+---------------+------------------+-----------+-----------+----------+
|  1 | 2017-09-04 09:33:30 | 2017-09-04 09:33:30 | NULL              |                   0 | Admin    | root@localhost   | OBS Instance Superuser | 07731e99e13a01352c9529f609ebe36d | md5                | XWo99svksO    | osQq6OKjF0f8I    | NULL      | confirmed |     NULL |
|  2 | 2017-09-04 09:33:30 | 2017-09-04 09:33:30 | NULL              |                   0 | _nobody_ | nobody@localhost | Anonymous User         | 7e5c84400726fd3b68c0858101056b23 | md5                | D2/RAbLsw+    | osEJSjdDGtlBY    | NULL      | locked    |     NULL |
+----+---------------------+---------------------+-------------------+---------------------+----------+------------------+------------------------+----------------------------------+--------------------+---------------+------------------+-----------+-----------+----------+
2 rows in set (0.00 sec)

MariaDB [api_production]>

[Jellyfrog]

From our logs when trying to login with a new user:

D, [2017-09-04T12:32:32.526903 #1826] DEBUG -- : [872eba92-4fdc-45de-beed-a7c8a7eddf47] [1826:395.65] login success for checking with ldap server
...
D, [2017-09-04T12:32:32.529642 #1826] DEBUG -- : [872eba92-4fdc-45de-beed-a7c8a7eddf47] [1826:395.65] No user found in database, creation disabled
...
D, [2017-09-04T12:32:32.549817 #1826] DEBUG -- : [f4ae5cdd-d647-4ad8-9e62-51fac59debb7] [1826:395.67] Someone tried to register with "ldap_mode" turned on

We have <registration>deny</registration> in our configuration.xml since we don't want user to be able to sign up

[evanrolfe]

@Jellyfrog thanks for posting the details, are those log entries coming from POST "/user/do_login"?

[Jellyfrog]

Yes, from /srv/www/obs/api/log/production.log, after POST "/user/do_login"

[evanrolfe]

@Jellyfrog can you try setting <registration>allow</registration> and see if the login works? Registration should still be disallowed (even though you set it to allow in the config) since its disabled no matter what now in 2.8.3 when in ldap mode.

[Jellyfrog]

After changing to: <registration>allow</registration> it works and the log now looks like this:

D, [2017-09-04T13:07:15.212855 #1826] DEBUG -- : [791efb00-d813-4337-a1ee-b28d76dcaacd] [1826:2478.33] login success for checking with ldap server
...
D, [2017-09-04T13:07:15.214686 #1826] DEBUG -- : [791efb00-d813-4337-a1ee-b28d76dcaacd] [1826:2478.34] No user found in database, creating
...
D, [2017-09-04T13:07:15.219312 #1826] DEBUG -- : [791efb00-d813-4337-a1ee-b28d76dcaacd] [1826:2478.34]   SQL (0.2ms)  INSERT INTO `users` (`created_at`, `updated_at`, `last_logged_in_at`, `login`, `email`, `password`, `password_hash_type`, `password_salt`, `password_crypted`) VALUES ('2017-09-04 13:07:15', '2017-09-04 13:07:15', '2017-09-04 13:07:15', 'USER', 'EMAIL', 'PASSWORD', 'md5', 'FOOBAR', 'FOOBAR')
...
D, [2017-09-04T13:07:15.756071 #1826] DEBUG -- : [791efb00-d813-4337-a1ee-b28d76dcaacd] [1826:2478.88] saving new user...

However, this is not the same problem as report by @c-hoeger, since his logs say it tried to create the user. @c-hoeger: Run the query manually in mysql and see what it says:

INSERT INTO `users` (`created_at`, `updated_at`, `last_logged_in_at`, `login`, `email`, `password`, `password_hash_type`, `password_salt`, `password_crypted`) VALUES ('2017-09-01 13:30:15', '2017-09-01 13:30:15', '2017-09-01 13:30:15', 'carsten.hoeger', 'carsten.hoeger@open-xchange.com', '21393892fe00487191d2099708b0c083', 'md5', 'aRXMFCrZwl', 'osRlxVZPwpLkI');

[c-hoeger]

@Jellyfrog, so after you changed to <registration>allow</registration>, new users can login and are created?

[Jellyfrog]

@c-hoeger yes, but your log says you already have that enabled, since its trying to create users for you. You can check with osc api /configuration

[c-hoeger]

I have it enabled, yes. And no, I cannot use osc api, since I cannot login with any user ;)

[c-hoeger]

@Jellyfrog , did you update to 2.8.3? What (open)SUSE version are us using?

[c-hoeger]

@c-hoeger: Run the query manually in mysql and see what it says:

That works.

[Jellyfrog]

@Jellyfrog , did you update to 2.8.3? What (open)SUSE version are us using?

SLES12-SP2

mariadb-10.0.31-29.3.1.x86_64

obs-server-2.8.3-5.1.noarch obs-common-2.8.3-5.1.noarch obs-source_service-2.8.3-5.1.noarch obs-signd-2.3.0-1.3.x86_64 obs-productconverter-2.8.3-5.1.noarch obs-api-2.8.3-5.1.noarch

[c-hoeger]

Seems to be a problem with mariadb on openSUSE 42.2 (mariadb-10.0.31-20.7.1.x86_64). The general log clearly shows that the INSERT statements reach the server, but they are not persisted somehow. I can, however, execute the statements manually using mysql console and then they're persisted.

[c-hoeger]

Looks like there's a BEGIN of a transaction around INSERT, but no COMMIT follows.

See:

       23 Query BEGIN
       23 Query SELECT  1 AS one FROM `users` WHERE `users`.`login` = 'carsten.hoeger' LIMIT 1
       23 Query INSERT INTO `users` (`created_at`, `updated_at`, `last_logged_in_at`, `login`, `email`, `password`, `password_hash_type`, `password_salt`, `password_crypted`) VALUES ('2017-09-05 10:00:56', '2017-09-05 10:00:56', '2017-09-05 10:00:56', 'carsten.hoeger', 'carsten.hoeger@open-xchange.com', '3eae970acfaf645f6110a5d06af9a205', 'md5', '9fMqBytBtg', 'os/aNYxeQRpoc')

general.log.zip

And while this transaction is running, I am also unable to do an insert using mysql console:

MariaDB [api_production]> INSERT INTO `users` (`created_at`, `updated_at`, `last_logged_in_at`, `login`, `email`, `password`, `password_hash_type`, `password_salt`, `password_crypted`) VALUES ('2017-09-05 09:55:36', '2017-09-05 09:55:36', '2017-09-05 09:55:36', 'carsten.hoeger', 'carsten.hoeger@open-xchange.com', 'c8d53b55c13151adb2d265d6c8498985', 'md5', 'L7eLGjZApZ', 'osaRI/0QHSTg2');
ERROR 1205 (HY000): Lock wait timeout exceeded; try restarting transaction

What's different on my setup?!?

obs-service-tar_scm-0.8.0.1499787575.2419460-191.1.noarch
obs-service-source_validator-0.6+git20170111.82ea590-13.3.1.noarch
obs-service-download_files-0.5.1.git.1455712026.9c0a4a0-7.1.noarch
obs-worker-2.8.3-5.1.noarch
obs-common-2.8.3-5.1.noarch
obs-productconverter-2.8.3-5.1.noarch
obs-signd-2.3.0-2.1.x86_64
obs-service-set_version-0.5.6-77.1.noarch
obs-service-verify_file-0.1.1-21.1.noarch
obs-service-obs_scm-common-0.8.0.1499787575.2419460-191.1.noarch
obs-api-2.8.3-5.1.noarch
obs-service-recompress-0.3.1+git20170704.59bf231-31.1.noarch

[c-hoeger]

Did a check whether ldap works with the image provided here: http://download.opensuse.org/repositories/OBS:/Server:/2.8/images/obs-server.x86_64-2.8.3-Build1.4.vmdk and it does.

So there seems to be a new secret I am not aware of... :(

[c-hoeger]

Tried with obs-server 2.8.2 and also with 2.8.1 build using osc branch. All now show the same behavior, so it doesn't seem to be a problem of the obs api code itself. What is the name of the package responsible for database access in this system?

[hennevogel]

mariadb and rubygem-mysql2

[c-hoeger]

My latest research only revealed, that I am unable to install obs without getting a bunch of ruby2.1 package installed. That seems to be the only difference to the obs appliance. I wonder how the appliance can be installed from the same source repos without sucking in those ruby2.1 deps...

before I install these packages:

obs-server obs-api apache2-mod_xforward rubygem-passenger-apache2 memcached osc postfix dpkg obs-worker

I have no ruby2.1 packages installed. Then I install

libruby2_4-2_4 ruby2.4-rubygem-gem2rpm ruby2.4-stdlib ruby2.4-rubygem-passenger ruby2.4-rubygem-ruby-ldap

still no ruby2.1 packages.

but after I install the obs packages:

vagrant@buildservice:~> rpm -qa | grep ruby2.1
ruby2.1-2.1.9-8.6.1.x86_64
ruby2.1-rubygem-puma-3.6.0-1.4.x86_64
ruby2.1-rubygem-debug_inspector-0.0.2-4.18.x86_64
ruby2.1-rubygem-nokogiri-1.6.1-4.24.x86_64
ruby2.1-rubygem-jbuilder-2.3.1-4.1.x86_64
ruby2.1-rubygem-railties-4_2-4.2.4-5.1.x86_64
ruby2.1-stdlib-2.1.9-8.6.1.x86_64
ruby2.1-rubygem-sdoc-0.4.1-4.1.x86_64
ruby2.1-rubygem-ffi-1.9.10-4.20.x86_64
ruby2.1-rubygem-tzinfo-1.2.2-5.1.x86_64
ruby2.1-rubygem-loofah-2.0.3-5.1.x86_64
ruby2.1-rubygem-actionview-4_2-4.2.4-10.1.x86_64
ruby2.1-rubygem-thread_safe-0.3.5-4.1.x86_64
ruby2.1-rubygem-rb-fsevent-0.9.6-2.1.x86_64
ruby2.1-rubygem-minitest-5.8.1-2.1.x86_64
ruby2.1-rubygem-execjs-2.6.0-5.1.x86_64
ruby2.1-rubygem-byebug-6.0.2-6.22.x86_64
ruby2.1-rubygem-sprockets-3.3.5-2.1.x86_64
ruby2.1-rubygem-binding_of_caller-0.7.2-4.16.x86_64
ruby2.1-rubygem-listen-3.0.3-5.1.x86_64
ruby2.1-rubygem-rails-html-sanitizer-1.0.2-5.20.x86_64
ruby2.1-rubygem-actionpack-4_2-4.2.4-6.20.x86_64
ruby2.1-rubygem-coffee-rails-4.1.0-4.1.x86_64
ruby2.1-rubygem-thor-0.19.1-8.1.x86_64
ruby2.1-rubygem-rack-1.6.4-4.20.x86_64
ruby2.1-rubygem-mini_portile-0.5.2-4.2.x86_64
ruby2.1-rubygem-erubis-2.7.0-9.2.x86_64
ruby2.1-rubygem-builder-3.2.2-10.2.x86_64
ruby2.1-rubygem-rack-test-0_6-0.6.3-4.1.x86_64
ruby2.1-rubygem-coffee-script-2.4.1-4.1.x86_64
ruby2.1-rubygem-rails-deprecated_sanitizer-1.0.3-4.1.x86_64
ruby2.1-rubygem-spring-watcher-listen-2.0.0-1.1.x86_64
ruby2.1-rubygem-sprockets-rails-2.3.3-2.1.x86_64
ruby2.1-rubygem-turbolinks-2.5.3-4.1.x86_64
ruby2.1-rubygem-spring-1.4.0-2.1.x86_64
ruby2.1-rubygem-i18n-0.7.0-4.1.x86_64
ruby2.1-rubygem-bcrypt-3.1.10-4.20.x86_64
ruby2.1-rubygem-activesupport-4_2-4.2.4-6.20.x86_64
ruby2.1-rubygem-rails-dom-testing-1.0.7-5.1.x86_64
libruby2_1-2_1-2.1.9-8.6.1.x86_64
ruby2.1-rubygem-multi_json-1.11.2-4.1.x86_64
ruby2.1-rubygem-coffee-script-source-1.9.1.1-4.1.x86_64
ruby2.1-rubygem-rb-inotify-0.9.5-4.1.x86_64
ruby2.1-rubygem-activemodel-4_2-4.2.4-6.20.x86_64
ruby2.1-rubygem-web-console-2-2.3.0-1.1.x86_64

Repo list (same as on obs appliance):

vagrant@buildservice:~> sudo zypper lr -d
Repository priorities are without effect. All enabled repositories share the same priority.

# | Alias                     | Name                      | Enabled | GPG Check | Refresh | Priority | Type   | URI                                                                       | Service
--+---------------------------+---------------------------+---------+-----------+---------+----------+--------+---------------------------------------------------------------------------+--------
1 | OBS                       | OBS                       | Yes     | (r ) Yes  | No      |   99     | rpm-md | http://download.opensuse.org/repositories/OBS:/Server:/2.8/openSUSE_42.2/ |
2 | Tools                     | Tools                     | Yes     | (r ) Yes  | No      |   99     | rpm-md | http://download.opensuse.org/repositories/openSUSE:/Tools/openSUSE_42.2/  |
3 | openSUSE-42.2-0           | openSUSE-42.2-0           | Yes     | (r ) Yes  | Yes     |   99     | yast2  | http://download.opensuse.org/distribution/leap/42.2/repo/oss/             |
4 | openSUSE:Leap:42.2:Update | openSUSE:Leap:42.2:Update | Yes     | (r ) Yes  | No      |   99     | rpm-md | http://download.opensuse.org/update/leap/42.2/oss/                        |

[c-hoeger]

vagrant@buildservice:~> rpm -qa | grep ruby2.1
vagrant@buildservice:~> sudo zypper in iputils obs-server obs-api apache2-mod_xforward rubygem-passenger-apache2 memcached osc postfix dpkg obs-worker
Loading repository data...
Reading installed packages...
'postfix' is already installed.
No update candidate for 'postfix-2.11.8-1.4.x86_64'. The highest available version is already installed.
Resolving package dependencies...

The following 351 NEW packages are going to be installed:
  apache2 apache2-mod_xforward apache2-prefork apache2-utils bsdtar build build-mkbaselibs build-mkdrpms bzr bzr-lang cpp cpp48 createrepo deltarpm dpkg
  gcc gcc48 gettext-tools ghostscript-fonts-std git-core git-gui git-web gitk glibc-devel inst-source-utils iputils less libapr-util1 libapr1 libasan0
  libatomic1 libcloog-isl4 libevent-2_0-5 libgomp1 libgpgme11 libgthread-2_0-0 libisl10 libitm1 liblua5_2 libmpc3 libmpfr4 libmysqlclient18 libnghttp2-14
  libpq5 libruby2_1-2_1 libserf-1-1 libtsan0 linux-glibc-devel make mariadb mariadb-client mariadb-errormessages memcached mercurial mercurial-lang
  nodejs obs-api obs-common obs-productconverter obs-server obs-service-download_files obs-service-format_spec_file obs-service-obs_scm
  obs-service-obs_scm-common obs-service-recompress obs-service-set_version obs-service-source_validator obs-service-tar_scm obs-service-verify_file
  obs-signd obs-worker openslp openslp-server osc patch perl-BSSolv perl-Crypt-SSLeay perl-Data-Dump perl-Diff-LibXDiff perl-Encode-Locale perl-Error
  perl-File-FcntlLock perl-File-Listing perl-File-Sync perl-GD perl-HTML-Parser perl-HTML-Tagset perl-HTTP-Cookies perl-HTTP-Daemon perl-HTTP-Date
  perl-HTTP-Message perl-HTTP-Negotiate perl-IO-HTML perl-IO-Socket-SSL perl-JSON-XS perl-LWP-MediaTypes perl-LWP-Protocol-https perl-Net-HTTP
  perl-Net-SSLeay perl-Socket-MsgHdr perl-TimeDate perl-Types-Serialiser perl-URI perl-WWW-RobotRules perl-XML-NamespaceSupport perl-XML-Parser
  perl-XML-SAX perl-XML-SAX-Base perl-XML-SAX-Expat perl-XML-Simple perl-YAML perl-YAML-LibYAML perl-common-sense perl-libwww-perl phantomjs psmisc
  psmisc-lang python-M2Crypto python-PyYAML python-SecretStorage python-cffi python-cryptography python-cssselect python-curses python-dateutil
  python-deltarpm python-enum34 python-gobject2 python-gpgme python-idna python-iniparse python-ipaddress python-keyring python-libxml2 python-lxml
  python-packaging python-pyasn1 python-pycparser python-pycurl python-setuptools python-six python-urlgrabber python-yum qemu-linux-user rpm-build
  rpm-python rsync ruby2.1 ruby2.1-rubygem-actionpack-4_2 ruby2.1-rubygem-actionview-4_2 ruby2.1-rubygem-activemodel-4_2
  ruby2.1-rubygem-activesupport-4_2 ruby2.1-rubygem-bcrypt ruby2.1-rubygem-binding_of_caller ruby2.1-rubygem-builder ruby2.1-rubygem-byebug
  ruby2.1-rubygem-coffee-rails ruby2.1-rubygem-coffee-script ruby2.1-rubygem-coffee-script-source ruby2.1-rubygem-debug_inspector ruby2.1-rubygem-erubis
  ruby2.1-rubygem-execjs ruby2.1-rubygem-ffi ruby2.1-rubygem-i18n ruby2.1-rubygem-jbuilder ruby2.1-rubygem-listen ruby2.1-rubygem-loofah
  ruby2.1-rubygem-mini_portile ruby2.1-rubygem-minitest ruby2.1-rubygem-multi_json ruby2.1-rubygem-nokogiri ruby2.1-rubygem-puma ruby2.1-rubygem-rack
  ruby2.1-rubygem-rack-test-0_6 ruby2.1-rubygem-rails-deprecated_sanitizer ruby2.1-rubygem-rails-dom-testing ruby2.1-rubygem-rails-html-sanitizer
  ruby2.1-rubygem-railties-4_2 ruby2.1-rubygem-rb-fsevent ruby2.1-rubygem-rb-inotify ruby2.1-rubygem-sdoc ruby2.1-rubygem-spring
  ruby2.1-rubygem-spring-watcher-listen ruby2.1-rubygem-sprockets ruby2.1-rubygem-sprockets-rails ruby2.1-rubygem-thor ruby2.1-rubygem-thread_safe
  ruby2.1-rubygem-turbolinks ruby2.1-rubygem-tzinfo ruby2.1-rubygem-web-console-2 ruby2.1-stdlib ruby2.4-rubygem-actioncable-5_0
  ruby2.4-rubygem-actionmailer-5_0 ruby2.4-rubygem-actionpack-5_0 ruby2.4-rubygem-actionview-5_0 ruby2.4-rubygem-activejob-5_0
  ruby2.4-rubygem-activemodel-5_0 ruby2.4-rubygem-activemodel-serializers-xml ruby2.4-rubygem-activerecord-5_0 ruby2.4-rubygem-activesupport-5_0
  ruby2.4-rubygem-acts_as_list ruby2.4-rubygem-acts_as_tree ruby2.4-rubygem-addressable ruby2.4-rubygem-ansi ruby2.4-rubygem-arel ruby2.4-rubygem-ast
  ruby2.4-rubygem-builder ruby2.4-rubygem-bundler ruby2.4-rubygem-capybara ruby2.4-rubygem-capybara_minitest_spec ruby2.4-rubygem-chunky_png
  ruby2.4-rubygem-cliver ruby2.4-rubygem-clockwork ruby2.4-rubygem-cocoon ruby2.4-rubygem-codemirror-rails ruby2.4-rubygem-coderay
  ruby2.4-rubygem-coffee-rails ruby2.4-rubygem-coffee-script ruby2.4-rubygem-coffee-script-source ruby2.4-rubygem-colorize
  ruby2.4-rubygem-concurrent-ruby ruby2.4-rubygem-coveralls ruby2.4-rubygem-crack ruby2.4-rubygem-crass ruby2.4-rubygem-cssmin ruby2.4-rubygem-daemons
  ruby2.4-rubygem-dalli ruby2.4-rubygem-database_cleaner ruby2.4-rubygem-delayed_job ruby2.4-rubygem-delayed_job_active_record ruby2.4-rubygem-diff-lcs
  ruby2.4-rubygem-docile ruby2.4-rubygem-erubis ruby2.4-rubygem-escape_utils ruby2.4-rubygem-execjs ruby2.4-rubygem-factory_girl
  ruby2.4-rubygem-factory_girl_rails ruby2.4-rubygem-faker ruby2.4-rubygem-feature ruby2.4-rubygem-flog ruby2.4-rubygem-flot-rails
  ruby2.4-rubygem-font-awesome-rails ruby2.4-rubygem-globalid ruby2.4-rubygem-haml ruby2.4-rubygem-hashdiff ruby2.4-rubygem-hoptoad_notifier
  ruby2.4-rubygem-i18n ruby2.4-rubygem-innertube ruby2.4-rubygem-joiner ruby2.4-rubygem-jquery-datatables-rails ruby2.4-rubygem-jquery-rails
  ruby2.4-rubygem-jquery-ui-rails ruby2.4-rubygem-json ruby2.4-rubygem-kaminari ruby2.4-rubygem-kgio ruby2.4-rubygem-launchy ruby2.4-rubygem-loofah
  ruby2.4-rubygem-mail ruby2.4-rubygem-metaclass ruby2.4-rubygem-method_source ruby2.4-rubygem-middleware ruby2.4-rubygem-mime-types
  ruby2.4-rubygem-mime-types-data ruby2.4-rubygem-mini_portile2 ruby2.4-rubygem-minitest ruby2.4-rubygem-minitest-fail-fast
  ruby2.4-rubygem-minitest-reporters ruby2.4-rubygem-mocha ruby2.4-rubygem-momentjs-rails ruby2.4-rubygem-mousetrap-rails ruby2.4-rubygem-mysql2
  ruby2.4-rubygem-nio4r ruby2.4-rubygem-nokogiri ruby2.4-rubygem-nokogumbo ruby2.4-rubygem-nyan-cat-formatter ruby2.4-rubygem-parser
  ruby2.4-rubygem-path_expander ruby2.4-rubygem-pkg-config ruby2.4-rubygem-poltergeist ruby2.4-rubygem-powerpack ruby2.4-rubygem-pry
  ruby2.4-rubygem-public_suffix ruby2.4-rubygem-pundit ruby2.4-rubygem-rack-test-0_6 ruby2.4-rubygem-rails-5_0 ruby2.4-rubygem-rails-controller-testing
  ruby2.4-rubygem-rails-dom-testing ruby2.4-rubygem-rails-html-sanitizer ruby2.4-rubygem-rails_tokeninput ruby2.4-rubygem-railties-5_0
  ruby2.4-rubygem-rainbow ruby2.4-rubygem-raindrops ruby2.4-rubygem-rantly ruby2.4-rubygem-redcarpet ruby2.4-rubygem-responders ruby2.4-rubygem-riddle
  ruby2.4-rubygem-rspec ruby2.4-rubygem-rspec-core ruby2.4-rubygem-rspec-expectations ruby2.4-rubygem-rspec-mocks ruby2.4-rubygem-rspec-rails
  ruby2.4-rubygem-rspec-support ruby2.4-rubygem-rubocop ruby2.4-rubygem-ruby-progressbar ruby2.4-rubygem-ruby_parser ruby2.4-rubygem-safe_yaml
  ruby2.4-rubygem-sanitize ruby2.4-rubygem-sass ruby2.4-rubygem-sass-rails ruby2.4-rubygem-sexp_processor ruby2.4-rubygem-shoulda-matchers
  ruby2.4-rubygem-simplecov ruby2.4-rubygem-simplecov-html ruby2.4-rubygem-single_test ruby2.4-rubygem-slop-3 ruby2.4-rubygem-sprite-factory
  ruby2.4-rubygem-sprockets ruby2.4-rubygem-sprockets-rails ruby2.4-rubygem-sqlite3 ruby2.4-rubygem-term-ansicolor ruby2.4-rubygem-thinking-sphinx
  ruby2.4-rubygem-thor ruby2.4-rubygem-thread_safe ruby2.4-rubygem-tilt ruby2.4-rubygem-timecop ruby2.4-rubygem-tins ruby2.4-rubygem-tzinfo
  ruby2.4-rubygem-uglifier ruby2.4-rubygem-unicode-display_width ruby2.4-rubygem-unicorn ruby2.4-rubygem-unicorn-rails ruby2.4-rubygem-vcr
  ruby2.4-rubygem-voight_kampff ruby2.4-rubygem-webmock ruby2.4-rubygem-websocket-driver ruby2.4-rubygem-websocket-extensions ruby2.4-rubygem-xmlhash
  ruby2.4-rubygem-xpath ruby2.4-rubygem-yajl-ruby rubygem-passenger rubygem-passenger-apache2 screen site-config sphinx subversion
  subversion-bash-completion systemd-rpm-macros tar tar-lang yum yum-metadata-parser

The following 55 recommended packages were automatically selected:
  bsdtar build build-mkdrpms bzr-lang dpkg inst-source-utils mercurial-lang nodejs obs-service-download_files obs-service-format_spec_file
  obs-service-obs_scm obs-service-recompress obs-service-set_version obs-service-source_validator obs-service-tar_scm obs-service-verify_file obs-signd
  openslp openslp-server perl-Crypt-SSLeay perl-Data-Dump perl-Diff-LibXDiff perl-File-FcntlLock perl-IO-Socket-SSL perl-LWP-Protocol-https perl-TimeDate
  perl-URI perl-XML-Parser perl-YAML perl-YAML-LibYAML perl-libwww-perl psmisc-lang python-keyring python-packaging qemu-linux-user
  ruby2.1-rubygem-bcrypt ruby2.1-rubygem-byebug ruby2.1-rubygem-jbuilder ruby2.1-rubygem-listen ruby2.1-rubygem-puma ruby2.1-rubygem-sdoc
  ruby2.1-rubygem-spring ruby2.1-rubygem-spring-watcher-listen ruby2.1-rubygem-turbolinks ruby2.1-rubygem-web-console-2 ruby2.4-rubygem-coffee-rails
  ruby2.4-rubygem-coffee-script-source ruby2.4-rubygem-jquery-rails ruby2.4-rubygem-sass-rails ruby2.4-rubygem-sqlite3 ruby2.4-rubygem-uglifier
  subversion-bash-completion tar-lang yum yum-metadata-parser

351 new packages to install.
Overall download size: 145.9 MiB. Already cached: 0 B. After the operation, additional 603.1 MiB will be used.
Continue? [y/n/...? shows all options] (y):

[c-hoeger]

Appears to be a problem with obsapidelayed. When I do not start that service, I can use the ldap login mechanism. If I start it, creation of db user after ldap auth runs into the deadlock.