Create user with LDAP enabled_mask, enabled not boolean
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Brant Knudson |
Bug Description
When set up Keystone to use the LDAP identity backend and set user_enabled_mask to non-zero and then create a user with "enabled" set to 'false', the "enabled" value comes back as a number rather than a boolean. This is unexpected because the SQL backend always returns a boolean.
Here's an example:
$ curl -s \
-H "X-Auth-Token: $TOKEN" \
-H "Content-Type: application/json" \
--data '{"user": {"name": "blk-test1", "enabled": false}}' \
http://
{
"user": {
"enabled": 514,
"id": "e5d09e0ff7944b
"links": {
"self": "http://
},
"name": "blk-test1"
}
}
-- enabled should be false and not 514.
Here's the output when use the SQL identity backend:
{
"user": {
"enabled": false,
"id": "73734048e27545
"links": {
"self": "http://
},
"name": "blk-test1"
}
}
To recreate, set in keystone.
user_enabled_
user_enabled_mask = 2
user_enabled_
Next,
change devstack to not set enabled in lib/keystone,
configure localrc to use LDAP,
start devstack,
and then run the curl command above.
Note that when do an update, the enabled value is a Boolean and the "enabled_nomask" value is returned:
curl -s \
-X PATCH \
-H "X-Auth-Token: $TOKEN" \
-H "Content-Type: application/json" \
--data '{"user": {"enabled": false}}' \
http://
{
"user": {
"enabled": true,
"id": "4c6aebecf60e44
"links": {
"self": "http://
},
"name": "demo"
}
}
Creating a user should probably work similarly to this, although I don't see how the enabled_nomask value is useful to anyone.
Changed in keystone: | |
assignee: | nobody → Brant Knudson (blk-u) |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | havana-rc1 → 2013.2 |
Fix proposed to branch: master /review. openstack. org/45319
Review: https:/