python-keystoneclient

keystone client cannot get users by id when ldap is used and id is not a hash (id == uid in posixAccount)

Bug #1204214 reported by Adam Tygart on 2013-07-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-keystoneclient	Fix Released	High	Jamie Lennox	python-keystoneclient 0.4.0
	python-openstackclient	Invalid	High	Terry Howe	python-openstackclient m2 "helium"

Bug Description

instead returns:
No user with a name or ID of 'mozes' exists.

relevant keystone.conf entry:
[ldap]
use_dumb_member = True
user_allow_create = False
user_allow_update = False
user_allow_delete = False
user_mail_attribute = mail
user_id_attribute = uid
user_name_attribute = cn
user_objectclass = posixAccount

Adam Tygart (mozes-7) on 2013-07-23

affects:

keystone → python-keystoneclient

Revision history for this message

alexius ludeman (lexinator) wrote on 2013-07-23:

assignment/core.py:
    def _get_group_project_roles():
        ...
       metadata_ref = self._get_metadata(
                           group_id=x['id'],
                            domain_id=project_ref['domain_id'])

self._get_metadata() gets called with user_id=None

assignment/backends/ldap.py:
    def _get_metadata():
        ...
        if (not self.get_project(tenant_id) or
                user_id and not self.identity_api.get_user(user_id)):

self.identity_api.get_user(user_id) raises "user not found" since user_id = None

Revision history for this message

alexius ludeman (lexinator) wrote on 2013-07-23:

sorry I may have jumped the gun on this one. My comment does reveal a bug but I'm not sure it's the same exact code path described.

Revision history for this message

Adam Tygart (mozes-7) wrote on 2013-07-23:

I believe this is fixed with the code I just uploaded here https://review.openstack.org/#/c/38347/ , but I am not sure if I am familiar enough with the code to know if my "fix" breaks anything else.

OpenStack Infra (hudson-openstack) on 2013-07-23

Changed in python-keystoneclient:
assignee:	nobody → Adam Tygart (mozes-7)
status:	New → In Progress

Revision history for this message

Brant Knudson (blk-u) wrote on 2013-07-26:

Does this work on the unified CLI (openstack user show) already?

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-09-06:

Adding openstackclient to raise awareness - I'm not sure whether this would be an issue there?

Revision history for this message

Adam Young (ayoung) wrote on 2013-09-19:

Belived this is fixed, but we need to confirm.

Changed in python-keystoneclient:
importance:	Undecided → High
assignee:	Adam Tygart (mozes-7) → Jamie Lennox (jamielennox)

Revision history for this message

Adam Young (ayoung) wrote on 2013-09-19:

Fixed by https://review.openstack.org/#/c/43939/

Changed in python-keystoneclient:
status:	In Progress → Fix Committed

Dolph Mathews (dolph) on 2013-10-09

Changed in python-keystoneclient:
milestone:	none → 0.4.0

Dolph Mathews (dolph) on 2013-10-09

Changed in python-keystoneclient:
status:	Fix Committed → Fix Released

Dean Troyer (dtroyer) on 2013-12-05

Changed in python-openstackclient:
importance:	Undecided → High
status:	New → Confirmed
milestone:	none → m2

Terry Howe (thowe-g) on 2014-02-26

Changed in python-openstackclient:
assignee:	nobody → Terry Howe (thowe-g)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-02-27: Fix proposed to python-openstackclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/76742

Revision history for this message

Terry Howe (thowe-g) wrote on 2014-05-22:

I abandoned my change because it was not necessary. If the UUID parse fails, it still tries to do a manager.get on the name_or_id:

https://github.com/openstack/python-openstackclient/blob/master/openstackclient/common/utils.py#L49

Changed in python-openstackclient:
status:	In Progress → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.