Mirantis OpenStack

Keystone v3 user/tenant lookup by name via OpenStack CLI client fails

Bug #1503336 reported by Boris Bobrov on 2015-10-06

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mirantis OpenStack	Fix Released	High	MOS Keystone	Mirantis OpenStack 8.0
7.0.x	Fix Released	High	Boris Bobrov	Mirantis OpenStack 7.0-mu-1
8.0.x	Fix Released	High	MOS Keystone	Mirantis OpenStack 8.0

Bug Description

We are running run into https://bugs.launchpad.net/keystone/+bug/1454309 on release 7.0 ISO. It was fixed in upstream liberty and kilo and should be backported to our repos.

Steps to reproduce the bug:
1. Setup ldap as identity backend;
2. Execute `openstack user show <username>`.

Expected: user with a name is shown
Actual: exception in keystone occurs

See original description

Boris Bobrov (bbobrov) on 2015-10-06

description:

updated

Revision history for this message

Vitaly Sedelnik (vsedelnik) wrote on 2015-10-08:

Keystone team, please review the fix and backport to 7.0 if applicable. If not, please update the status accordingly (Won't Fix or Invalid).

Revision history for this message

Alexander Makarov (amakarov) wrote on 2015-10-12:

Boris, please backport the fix

Vitaly Sedelnik (vsedelnik) on 2015-10-13

tags:

added: 70mu1-confirmed

Alexey Khivin (akhivin) on 2015-10-19

summary:

- user show fails with ldap
+ Keystone v3 user/tenant lookup by name via OpenStack CLI client fails

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2015-10-27: Fix merged to openstack/keystone (openstack-ci/fuel-7.0/2015.1.0)

Reviewed: https://review.fuel-infra.org/12945
Submitter: Vitaly Sedelnik <email address hidden>
Branch: openstack-ci/fuel-7.0/2015.1.0

Commit: 17b5a03d690202f248e032555969bf51a2452fcc
Author: Edmund Rhudy <email address hidden>
Date: Tue Oct 27 09:09:35 2015

Make sure LDAP filter is constructed correctly

This fixes an issue where, when querying Keystone via the v3 API, you
would get back an invalid LDAP filter, because None was coerced to the
string "None" and inserted into the middle of the query.

Conflicts:
keystone/tests/unit/common/test_ldap.py

The conflict is due to imports being reorganized in the same area as
this change.

Change-Id: I9d45a4dca265b69e261f134118bb30c8cd128166
Closes-Bug: 1503336
(cherry picked from commit 2c6db4a3bb9e1718744b0e5b03af050fd2866182)
(cherry picked from commit bc96d9f63db29137b4a7f8727dd6ec0d6c848736)

Revision history for this message

Vitaly Sedelnik (vsedelnik) wrote on 2015-10-27:

Fix Committed for 7.0.x, the review is https://review.fuel-infra.org/#/c/12945/

Vitaly Sedelnik (vsedelnik) on 2015-11-02

tags:

removed: 70mu1-confirmed

Alexander Petrov (apetrov-n) on 2015-11-03

tags:

added: on-verification

Boris Bobrov (bbobrov) on 2015-11-03

description:

updated

Alexander Petrov (apetrov-n) on 2015-11-12

tags:

removed: on-verification

Revision history for this message

Alexander Petrov (apetrov-n) wrote on 2015-12-07:

Fix was verified on MOS-8.0 (build 233)

Command output example:

OS_IDENTITY_API_VERSION=3 OS_TOKEN=admin OS_URL=http://localhost:35357/v3/ openstack user show Administrator --domain ldap
+-----------+------------------------------------------------------------------+
| Field | Value |
+-----------+------------------------------------------------------------------+
| domain_id | ad5cbcc4ecb541308a5569303a137d4a |
| id | a8583f705ed67f24ffe57aa54eca87a4bb7d806c9104b8e5d9f9f93f53c632df |
| name | Administrator |
+-----------+------------------------------------------------------------------+

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.