When using per-domain-identity backend, user_ids could collide
Bug #1226171 reported by
Morgan Fainberg
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Morgan Fainberg | ||
OpenStack Identity (keystone) |
Fix Released
|
Wishlist
|
Henry Nash |
Bug Description
When using the per-domain-identity backend usernames could end up colliding when multiple LDAP backends are used since we extract very limited information from the DN.
Example
cn=example user, dc=example1,dc=com
cn=example user, dc=example2,dc=com
Would net the same "user_id" of "example user"
This can also affect groups in the same manner.
Changed in keystone: | |
status: | New → Triaged |
Changed in keystone: | |
assignee: | nobody → Henry Nash (henry-nash) |
Changed in keystone: | |
milestone: | none → icehouse-3 |
Changed in keystone: | |
importance: | Medium → High |
Changed in keystone: | |
milestone: | icehouse-3 → next |
tags: | added: icehouse-rc-potential |
Changed in nova: | |
status: | New → In Progress |
tags: | removed: icehouse-rc-potential |
Changed in nova: | |
assignee: | nobody → Morgan Fainberg (mdrnstm) |
importance: | Undecided → Medium |
tags: | added: ldap |
Changed in keystone: | |
assignee: | Henry Nash (henry-nash) → Adam Young (ayoung) |
Changed in keystone: | |
milestone: | next → juno-1 |
Changed in nova: | |
milestone: | none → juno-1 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | juno-2 → 2014.2 |
Changed in nova: | |
milestone: | juno-1 → 2014.2 |
To post a comment you must log in.
This requires increasing the storage in the assignment backend (SQL) for the user_id followed by changing the way we calculate the user_id from DN.