LDAP attributes mapped to None can cause 500 errors
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
Nathan Kinder | ||
Icehouse |
Fix Released
|
Low
|
Nathan Kinder |
Bug Description
When LDAP is being used as a backend, attributes that are mapped to 'None' will trigger a 500 error if they are not also configured to be ignored. This can be easily reproduced by modifying the default config as follows:
-------
# List of attributes stripped off the user on update. (list
# value)
#user_attribute
user_attribute_
# LDAP attribute mapped to default_project_id for users.
# (string value)
#user_default_
-------
If you then perform a 'keystone user-list', it will trigger a 500 error:
-------
[root@keystone ~(keystone_admin)]# keystone user-list
Authorization Failed: An unexpected error prevented the server from fulfilling your request. (HTTP 500)
-------
The end of the stacktrace in keystone.log clearly shows the problem:
-------
2014-06-28 06:23:36.366 21931 TRACE keystone.
2014-06-28 06:23:36.366 21931 TRACE keystone.
2014-06-28 06:23:36.366 21931 TRACE keystone.
-------
Changed in keystone: | |
assignee: | nobody → Nathan Kinder (nkinder) |
status: | New → In Progress |
tags: | added: icehouse-backport-potential |
Changed in keystone: | |
importance: | Undecided → Low |
Changed in keystone: | |
milestone: | none → juno-2 |
status: | Fix Committed → Fix Released |
tags: | removed: icehouse-backport-potential |
Changed in keystone: | |
milestone: | juno-2 → 2014.2 |
Fix proposed to branch: master /review. openstack. org/103325
Review: https:/