test_user_mixed_case_attribute fails - mail, not email

Fix proposed to branch: master
Review: https://review.openstack.org/94668

"fails" under what conditions? The test works fine for me with or without the proposed patch.

Without the proposed patch (this is just the latest master):

    (os)keystone $ git log -n 1
    commit 6c9b48f63b115f7151b1a03f0c5324fa9bd8912a
    Merge: 2b8e58a 0ba5334
    Author: Jenkins <email address hidden>
    Date: Thu May 22 18:05:01 2014 +0000

        Merge "Reduce log noise on expired tokens"
    (os)keystone $ nosetests keystone.tests.test_backend_ldap:LDAPIdentity.test_user_mixed_case_attribute
    .
    ----------------------------------------------------------------------
    Ran 1 test in 0.228s

    OK

With the proposed patch:

    (os)keystone $ git review -d 94668
    Downloading refs/changes/68/94668/2 from gerrit
    Switched to branch "review/richard_megginson/bug/1321822"
    (os)keystone $ nosetests keystone.tests.test_backend_ldap:LDAPIdentity.test_user_mixed_case_attribute
    .
    ----------------------------------------------------------------------
    Ran 1 test in 0.235s

    OK

This would only fail using the live ldap tests. FakeLDAP doesn't enforce any schema.

RFC 2798 defines the attribute as 'mail' and not 'email': http://tools.ietf.org/html/rfc2798#section-9.1.3

Here's the default from the sample config: http://git.openstack.org/cgit/openstack/keystone/tree/etc/keystone.conf.sample#n859

#user_mail_attribute=email

So this just requires a change in the default value?

The defaults in the config are

# LDAP objectclass for users. (string value)
#user_objectclass=inetOrgPerson

# LDAP attribute mapped to user email. (string value)
#user_mail_attribute=email

Which to me is inconsistent since the standard schema says that the email is in mail and not email.

I wouldn't have a problem with changing the default. Is it allowed according to the requirements for backwards compatibility? It's unlikely, bug somebody out there might be using a different objectclass for users that uses email rather than mail.

My latest commit changes the default to #user_mail_attribute=mail

Is there some way to check, during an upgrade, if someone is using the LDAP backend for Identity?

@Brant: it's allowed, but we should note the change of default behavior in the release notes

Reviewed: https://review.openstack.org/94668
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=ab429148c339282ad02bdfdccf3c27835c9a6ba8
Submitter: Jenkins
Branch: master

commit ab429148c339282ad02bdfdccf3c27835c9a6ba8
Author: Rich Megginson <email address hidden>
Date: Wed May 21 10:32:12 2014 -0600

    Use mail for the default LDAP email attribute name

    test_user_mixed_case_attribute passes when not using a live LDAP backend.
    The test fails when using a live LDAP backend because the standard LDAP
    email attribute is 'mail', but the test is expecting the LDAP backend to
    use 'email' as the attribute name. The fix is to use 'mail' as the
    attribute returned by the LDAP backend, and 'email' as the corresponding
    property in the User object.
    To test, run the test_ldap_livetest test e.g.

      python -m testtools.run keystone.tests.test_ldap_livetest

    Closes-Bug: #1321822

    Change-Id: I2100b5706852fdc7dfea2d4473ef6685c8a2f874