user_enabled_attribute string support is poor
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Steve Martinelli | ||
| Juno |
Fix Released
|
Medium
|
Steve Martinelli | ||
Bug Description
When attempting to authenticate with our ldap, we were running into trouble getting the right value to show up for the user's enabled attribute.
The result from ldap was:
[('uid=
which is turned into:
[(u'uid=
the _ldap_res_to_model function in ldap/core.py seems to be OK, but the same one at the identity backend for ldap seems to have a few bugs:
the object before:
{'email': <email address hidden>', 'enabled': u'false', 'id': 123456789, 'name': <email address hidden>'}
the object after:
{'dn': u'uid=123456789
Note that the enabled field is still False, just a boolean now instead of string.
Looks like at: https:/
The check for if type(str) is insufficient, and calling lower, without the parentheses is pointless.
| tags: | added: juno-backport-potential |
| tags: | added: icehouse-backport-potential |
| Changed in keystone: | |
| assignee: | nobody → Steve Martinelli (stevemar) |
| status: | New → In Progress |
| tags: | removed: icehouse-backport-potential |
| Lance Bragstad (lbragstad) wrote | #1 |
| tags: | added: ldap |
| Changed in keystone: | |
| importance: | Undecided → Medium |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystone (stable/juno) | #2 |
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (master) | #3 |
| Changed in keystone: | |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| milestone: | none → kilo-2 |
| Changed in keystone: | |
| status: | Fix Committed → Fix Released |
| OpenStack Infra (hudson-openstack) wrote Fix merged to keystone (stable/juno) | #4 |
| Changed in keystone: | |
| milestone: | kilo-2 → 2015.1.0 |
Nice catch!