Ubuntu Cloud Archive

[SRU] ldap search should not encode attributes

Bug #1820333 reported by Corey Bryant
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
High
Corey Bryant
OpenStack Identity (keystone) stein-rc1
Ubuntu Cloud Archive
Fix Released
Critical
Unassigned
Rocky
Fix Released
Critical
Unassigned
keystone (Ubuntu)
Fix Released
Critical
Unassigned
Cosmic
Fix Released
Critical
Unassigned

Bug Description

[Impact]

Listing user fails with LDAP backend fails
------------------------------------------

$ openstack user list --debug --domain userdomain
Request returned failure status: 400
('attrs_from_List(): expected string in list', b'mail') (HTTP 400) (Request-ID: req-914f8010-3ed2-4200-a394-5b1bc5158b98)
Traceback (most recent call last):
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/cliff/app.py", line 401, in run_subcommand
    result = cmd.run(parsed_args)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/osc_lib/command/command.py", line 41, in run
    return super(Command, self).run(parsed_args)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/cliff/display.py", line 116, in run
    column_names, data = self.take_action(parsed_args)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/openstackclient/identity/v3/user.py", line 266, in take_action
    group=group,
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/debtcollector/renames.py", line 43, in decorator
    return wrapped(*args, **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneclient/v3/users.py", line 136, in list
    **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneclient/base.py", line 86, in func
    return f(*args, **new_kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneclient/base.py", line 444, in list
    list_resp = self._list(url_query, self.collection_key)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneclient/base.py", line 141, in _list
    resp, body = self.client.get(url, **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 351, in get
    return self.request(url, 'GET', **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 510, in request
    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 213, in request
    return self.session.request(url, method, **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneauth1/session.py", line 869, in request
    raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.BadRequest: ('attrs_from_List(): expected string in list', b'mail') (HTTP 400) (Request-ID: req-914f8010-3ed2-4200-a394-5b1bc5158b98)
clean_up ListUser: ('attrs_from_List(): expected string in list', b'mail') (HTTP 400) (Request-ID: req-914f8010-3ed2-4200-a394-5b1bc5158b98)
Traceback (most recent call last):
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/osc_lib/shell.py", line 136, in run
    ret_val = super(OpenStackShell, self).run(argv)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/cliff/app.py", line 281, in run
    result = self.run_subcommand(remainder)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/osc_lib/shell.py", line 176, in run_subcommand
    ret_value = super(OpenStackShell, self).run_subcommand(argv)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/cliff/app.py", line 401, in run_subcommand
    result = cmd.run(parsed_args)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/osc_lib/command/command.py", line 41, in run
    return super(Command, self).run(parsed_args)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/cliff/display.py", line 116, in run
    column_names, data = self.take_action(parsed_args)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/openstackclient/identity/v3/user.py", line 266, in take_action
    group=group,
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/debtcollector/renames.py", line 43, in decorator
    return wrapped(*args, **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneclient/v3/users.py", line 136, in list
    **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneclient/base.py", line 86, in func
    return f(*args, **new_kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneclient/base.py", line 444, in list
    list_resp = self._list(url_query, self.collection_key)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneclient/base.py", line 141, in _list
    resp, body = self.client.get(url, **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 351, in get
    return self.request(url, 'GET', **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 510, in request
    resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 213, in request
    return self.session.request(url, method, **kwargs)
  File "/home/ubuntu/charm-test-infra/.tox/clients/lib/python3.6/site-packages/keystoneauth1/session.py", line 869, in request
    raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.BadRequest: ('attrs_from_List(): expected string in list', b'mail') (HTTP 400) (Request-ID: req-914f8010-3ed2-4200-a394-5b1bc5158b98)

END return value: 1

/var/log/keystone/keystone.log
------------------------------
(keystone.common.wsgi): 2019-03-15 15:26:15,385 ERROR ('attrs_from_List(): expected string in list', b'mail')
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/keystone/common/wsgi.py", line 148, in __call__
    result = method(req, **params)
  File "/usr/lib/python3/dist-packages/keystone/common/controller.py", line 103, in wrapper
    return f(self, request, filters, **kwargs)
  File "/usr/lib/python3/dist-packages/keystone/identity/controllers.py", line 71, in list_users
    domain_scope=domain, hints=hints
  File "/usr/lib/python3/dist-packages/keystone/common/manager.py", line 116, in wrapped
    __ret_val = __f(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 416, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 426, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 1061, in list_users
    ref_list = self._handle_shadow_and_local_users(driver, hints)
  File "/usr/lib/python3/dist-packages/keystone/identity/core.py", line 1044, in _handle_shadow_and_local_users
    return driver.list_users(hints) + fed_res
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/core.py", line 87, in list_users
    return self.user.get_all_filtered(hints)
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/core.py", line 327, in get_all_filtered
    for user in self.get_all(query, hints)]
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/core.py", line 319, in get_all
    hints=hints)
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/common.py", line 1888, in get_all
    return super(EnabledEmuMixIn, self).get_all(ldap_filter, hints)
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/common.py", line 1590, in get_all
    for x in self._ldap_get_all(hints, ldap_filter)]
  File "/usr/lib/python3/dist-packages/keystone/common/driver_hints.py", line 42, in wrapper
    return f(self, hints, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/common.py", line 1543, in _ldap_get_all
    attrs)
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/common.py", line 976, in search_s
    attrlist_utf8, attrsonly)
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/common.py", line 654, in wrapper
    return func(self, conn, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/keystone/identity/backends/ldap/common.py", line 803, in search_s
    attrsonly)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 858, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1264, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1202, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 851, in search_ext_s
    msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 847, in search_ext
    timeout,sizelimit,
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 319, in _ldap_call
    result = func(*args,**kwargs)
TypeError: ('attrs_from_List(): expected string in list', b'mail')

---------------------------------------------

In search_s() we're still encoding attrlist (note similar behavior in paged_search_s):

attrlist_utf8 = list(map(utf8_encode, attrlist))

Looking closer at the attribute list these all appear to be attribute names and that also appears to be how LDAP searches generally work; they specify attribute names they want to return, not values:

[b'enabled', b'sn', b'userPassword', b'cn', b'description', b'mail']

In Python 3 (and Python2 with bytes_mode=False) python-ldap no longer allows bytes for some fields (DNs, RDNs, attribute names, queries). Instead, text values are represented as str, the Unicode text type.

A prior patch to Keystone's LDAP backend (see commit eca0829c4c65e6b64f08023ce2d5a55dc329248f) enabled this support but missed the above lines of code.

Changing the above line of code to not utf8 encode the attrlist fixes the problem for me.

[Test Case]

Run charm-keystone-ldap functional tests for OpenStack Rocky or above. Upstream unit tests are also run.

[Regression Potential]
The only regression potential would be for PY2 code paths. PY3 code paths never worked for keystone's LDAP backend. The approach to the patch have purposefully minimized amount of code required and therefore regression potential for PY2. Note that Rocky for Ubuntu supports PY2 but as of Stein Ubuntu has dropped PY2 support.

See original description
Corey Bryant (corey.bryant)
description: updated
Changed in cloud-archive:
status: New → Triaged
importance: Undecided → Critical
Changed in keystone (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
Corey Bryant (corey.bryant)
summary: - ldap search should not encode attributes
+ [SRU] ldap search should not encode attributes
Corey Bryant (corey.bryant)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/643670

Changed in keystone:
assignee: nobody → Corey Bryant (corey.bryant)
status: New → In Progress
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Corey Bryant (corey.bryant) → Frode Nordahl (fnordahl)
Colleen Murphy (krinkle)
Changed in keystone:
milestone: none → stein-rc1
OpenStack Infra (hudson-openstack)
Changed in keystone:
assignee: Frode Nordahl (fnordahl) → Corey Bryant (corey.bryant)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package keystone - 2:15.0.0~b1~git2019031401.2c7bb275f-0ubuntu2

---------------
keystone (2:15.0.0~b1~git2019031401.2c7bb275f-0ubuntu2) disco; urgency=medium

  * d/p/ensure-LDAP-searches-use-unicode-attributes.patch: Cherry-picked
    from https://review.openstack.org/#/c/643670/ to fix LDAP backend
    searches (LP: #1820333).

 -- Corey Bryant <email address hidden> Tue, 19 Mar 2019 07:26:22 -0400

Changed in keystone (Ubuntu):
status: Triaged → Fix Released
James Page (james-page)
Changed in cloud-archive:
status: Triaged → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/643670
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=d6df1dff3e519a26c1a12b6c32f9799484be5966
Submitter: Zuul
Branch: master

commit d6df1dff3e519a26c1a12b6c32f9799484be5966
Author: Corey Bryant <email address hidden>
Date: Mon Mar 18 13:46:37 2019 -0400

    PY3: Ensure LDAP searches use unicode attributes

    This is a bug fix that corresponds to changes missed in commit
    eca0829c4c65e6b64f08023ce2d5a55dc329248f.

    In Python 3, python-ldap no longer allows bytes for some fields (DNs,
    RDNs, attribute names, queries). Instead, text values are represented
    as str, the Unicode text type. Compatibility support is provided for
    Python 2 by setting bytes_mode=False [1]. This support was provided
    in commit eca0829c4c65e6b64f08023ce2d5a55dc329248f.

    In this patch we ensure that attribute names specified in searches
    are no longer encoded.

    [1] More details about byte/str usage in python-ldap can be found at:
    http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode

    Change-Id: If3398e2d08ea14fa4b8c498b2a9a7c7edb47b9e5
    Closes-Bug: #1820333

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/644607

Corey Bryant (corey.bryant)
Changed in keystone (Ubuntu Cosmic):
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
Corey Bryant (corey.bryant) wrote :

An updated rocky package has been uploaded to the cosmic unapproved queue and is awaiting SRU team review.

https://launchpad.net/ubuntu/cosmic/+queue?queue_state=1&queue_text=

Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Corey, or anyone else affected,

Accepted keystone into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/keystone/2:14.0.1-0ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in keystone (Ubuntu Cosmic):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Revision history for this message
Corey Bryant (corey.bryant) wrote :
Download full text (8.3 KiB)

This has been verified successfully for cosmic-proposed:

For easy reading: https://paste.ubuntu.com/p/dzKSVtdfDt/

In case the pastebin expires:

ubuntu@coreycb-bastion:~/charms/bionic/keystone-ldap/build/builds/keystone-ldap$ tox -e func27-smoke --workdir /tmp
func27-smoke installed: DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.,amulet==1.21.0,aodhclient
==1.2.0,appdirs==1.4.3,asn1crypto==0.24.0,Babel==2.6.0,backports.os==0.1.1,blessings==1.6,bundletester==0.12.2,certifi==2019.3.9,cffi==1.12.2,chardet==3.0.4,charm-tools==2.5.1,charmhelpers==0.19.12,Cheetah3==3.2.0,cliff==2.14.1,cmd2==0.8.9,colander==1.5.1,config
parser==3.7.3,contextlib2==0.5.5,coverage==4.5.3,cryptography==2.6.1,debtcollector==1.21.0,decorator==4.3.2,dict2colander==0.2,distro==1.4.0,distro-info==0.0.0,docutils==0.14,dogpile.cache==0.7.1,entrypoints==0.3,enum34==1.1.6,extras==1.0.0,fixtures==3.0.0,flake
8==2.4.1,funcsigs==1.0.2,functools32==3.2.3.post2,future==0.17.1,futures==3.2.0,futurist==1.8.1,gnocchiclient==3.1.1,httplib2==0.12.1,idna==2.8,importlib-metadata==0.8,ipaddress==1.0.22,iso8601==0.1.12,Jinja2==2.10,jmespath==0.9.4,jsonpatch==1.23,jsonpointer==2.
0,jsonschema==2.5.1,juju-deployer==0.11.0,juju-wait==2.5.0,jujubundlelib==0.5.6,jujuclient==0.54.0,keyring==18.0.0,keystoneauth1==3.13.1,launchpadlib==1.10.6,lazr.authentication==0.1.3,lazr.restfulclient==0.14.2,lazr.uri==1.0.3,libcharmstore==0.0.9,linecache2==1
.0.0,macaroonbakery==1.2.1,MarkupSafe==1.1.1,mccabe==0.3.1,mock==2.0.0,monotonic==1.5,msgpack==0.6.1,munch==2.3.2,netaddr==0.7.19,netifaces==0.10.9,nose==1.3.7,oauth==1.0.1,oauthlib==3.0.1,openstacksdk==0.26.0,os-client-config==1.32.0,os-service-types==1.6.0,osc
-lib==1.12.1,oslo.config==6.8.1,oslo.context==2.22.1,oslo.i18n==3.23.1,oslo.log==3.42.3,oslo.serialization==2.28.2,oslo.utils==3.40.3,otherstuf==1.1.0,parse==1.11.1,path.py==11.5.0,pathlib2==2.3.3,pathspec==0.3.4,pbr==5.1.3,pep8==1.7.1,pika==0.13.1,pkg-resources
==0.0.0,prettytable==0.7.2,protobuf==3.7.0,pycparser==2.19,pyflakes==0.8.1,pyinotify==0.9.6,pymacaroons==0.13.0,PyNaCl==1.3.0,pyOpenSSL==19.0.0,pyparsing==2.3.1,pyperclip==1.7.0,pyRFC3339==1.1,python-barbicanclient==4.8.1,python-ceilometerclient==2.9.0,python-ci
nderclient==4.1.0,python-dateutil==2.8.0,python-designateclient==2.11.0,python-glanceclient==2.16.0,python-heatclient==1.17.0,python-keystoneclient==3.19.0,python-manilaclient==1.27.0,python-mimeparse==1.6.0,python-neutronclient==6.12.0,python-novaclient==13.0.0
,python-openstackclient==3.18.0,python-subunit==1.3.0,python-swiftclient==3.7.0,pytz==2018.9,pyudev==0.21.0,PyYAML==3.11,requests==2.21.0,requestsexceptions==1.4.0,rfc3986==1.2.0,ruamel.base==1.0.0,ruamel.ordereddict==0.4.13,ruamel.yaml==0.10.23,scandir==1.10.0,
SecretStorage==2.3.1,simplejson==3.16.0,six==1.12.0,stestr==2.3.1,stevedore==1.30.1,stuf==0.9.16,subprocess32==3.5.3,Tempita==0.5.2,testresources==2.0.1,testtools==2.3.0,theblues==0.5.1,traceback2==1.4.0,translationstring==1.3,unicodecsv==0.14.1,unittest2==1.1.0
,urllib3==1.24.1,virtualenv==16.4.3,voluptuo...

Read more...

tags: added: verification-done verification-done-cosmic
removed: verification-needed verification-needed-cosmic
Revision history for this message
Corey Bryant (corey.bryant) wrote :
Download full text (7.9 KiB)

This has been verified successfully for rocky-proposed:

For easy reading: https://paste.ubuntu.com/p/sW7YSkbfdK/

In case the pastebin expires:

ubuntu@coreycb-bastion:~/charms/bionic/keystone-ldap/build/builds/keystone-ldap$ tox -e func27-smoke --workdir /tmp
func27-smoke installed: DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7.,amulet==1.21.0,aodhclient==1.2.0,appdirs==1.4.3,asn1crypto==0.24.0,Babel==2.6.0,backports.os==0.1.1,blessings==1.6,bundletester==0.12.2,certifi==2019.3.9,cffi==1.12.2,chardet==3.0.4,charm-tools==2.5.1,charmhelpers==0.19.12,Cheetah3==3.2.0,cliff==2.14.1,cmd2==0.8.9,colander==1.5.1,configparser==3.7.3,contextlib2==0.5.5,coverage==4.5.3,cryptography==2.6.1,debtcollector==1.21.0,decorator==4.3.2,dict2colander==0.2,distro==1.4.0,distro-info==0.0.0,docutils==0.14,dogpile.cache==0.7.1,entrypoints==0.3,enum34==1.1.6,extras==1.0.0,fixtures==3.0.0,flake8==2.4.1,funcsigs==1.0.2,functools32==3.2.3.post2,future==0.17.1,futures==3.2.0,futurist==1.8.1,gnocchiclient==3.1.1,httplib2==0.12.1,idna==2.8,importlib-metadata==0.8,ipaddress==1.0.22,iso8601==0.1.12,Jinja2==2.10,jmespath==0.9.4,jsonpatch==1.23,jsonpointer==2.0,jsonschema==2.5.1,juju-deployer==0.11.0,juju-wait==2.5.0,jujubundlelib==0.5.6,jujuclient==0.54.0,keyring==18.0.0,keystoneauth1==3.13.1,launchpadlib==1.10.6,lazr.authentication==0.1.3,lazr.restfulclient==0.14.2,lazr.uri==1.0.3,libcharmstore==0.0.9,linecache2==1.0.0,macaroonbakery==1.2.1,MarkupSafe==1.1.1,mccabe==0.3.1,mock==2.0.0,monotonic==1.5,msgpack==0.6.1,munch==2.3.2,netaddr==0.7.19,netifaces==0.10.9,nose==1.3.7,oauth==1.0.1,oauthlib==3.0.1,openstacksdk==0.26.0,os-client-config==1.32.0,os-service-types==1.6.0,osc-lib==1.12.1,oslo.config==6.8.1,oslo.context==2.22.1,oslo.i18n==3.23.1,oslo.log==3.42.3,oslo.serialization==2.28.2,oslo.utils==3.40.3,otherstuf==1.1.0,parse==1.11.1,path.py==11.5.0,pathlib2==2.3.3,pathspec==0.3.4,pbr==5.1.3,pep8==1.7.1,pika==0.13.1,pkg-resources==0.0.0,prettytable==0.7.2,protobuf==3.7.0,pycparser==2.19,pyflakes==0.8.1,pyinotify==0.9.6,pymacaroons==0.13.0,PyNaCl==1.3.0,pyOpenSSL==19.0.0,pyparsing==2.3.1,pyperclip==1.7.0,pyRFC3339==1.1,python-barbicanclient==4.8.1,python-ceilometerclient==2.9.0,python-cinderclient==4.1.0,python-dateutil==2.8.0,python-designateclient==2.11.0,python-glanceclient==2.16.0,python-heatclient==1.17.0,python-keystoneclient==3.19.0,python-manilaclient==1.27.0,python-mimeparse==1.6.0,python-neutronclient==6.12.0,python-novaclient==13.0.0,python-openstackclient==3.18.0,python-subunit==1.3.0,python-swiftclient==3.7.0,pytz==2018.9,pyudev==0.21.0,PyYAML==3.11,requests==2.21.0,requestsexceptions==1.4.0,rfc3986==1.2.0,ruamel.base==1.0.0,ruamel.ordereddict==0.4.13,ruamel.yaml==0.10.23,scandir==1.10.0,SecretStorage==2.3.1,simplejson==3.16.0,six==1.12.0,stestr==2.3.1,stevedore==1.30.1,stuf==0.9.16,subprocess32==3.5.3,Tempita==0.5.2,testresources==2.0.1,testtools==2.3.0,theblues==0.5.1,traceback2==1.4.0,translationstring==1.3,unicodecsv==0.14.1,unittest2==1.1.0,urllib3==1.24.1,virtualenv==16.4.3,voluptuous==0.11.5,w...

Read more...

Revision history for this message
Corey Bryant (corey.bryant) wrote : Update Released

The verification of the Stable Release Update for keystone has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

This bug was fixed in the package keystone - 2:14.0.1-0ubuntu3~cloud0
---------------

 keystone (2:14.0.1-0ubuntu3~cloud0) bionic-rocky; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 keystone (2:14.0.1-0ubuntu3) cosmic; urgency=medium
 .
   * d/control, d/p/py3-switch-to-using-unicode-text-values.patch: Enable
     Keystone LDAP Python 3 support. Patch is cherry-picked from
     https://review.openstack.org/613648 (LP: #1798184).
   * d/p/ensure-LDAP-searches-use-unicode-attributes.patch: Cherry-picked
     from https://review.openstack.org/#/c/643670/ to fix LDAP backend
     searches (LP: #1820333).

Corey Bryant (corey.bryant)
Changed in cloud-archive:
status: Fix Committed → Fix Released
Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package keystone - 2:15.0.0~b1~git2019031401.2c7bb275f-0ubuntu2~cloud0
---------------

 keystone (2:15.0.0~b1~git2019031401.2c7bb275f-0ubuntu2~cloud0) bionic-stein; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 keystone (2:15.0.0~b1~git2019031401.2c7bb275f-0ubuntu2) disco; urgency=medium
 .
   * d/p/ensure-LDAP-searches-use-unicode-attributes.patch: Cherry-picked
     from https://review.openstack.org/#/c/643670/ to fix LDAP backend
     searches (LP: #1820333).

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/rocky)

Reviewed: https://review.openstack.org/644607
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6a3888b05b602d9feaac6bface5c71b2f1d4f30f
Submitter: Zuul
Branch: stable/rocky

commit 6a3888b05b602d9feaac6bface5c71b2f1d4f30f
Author: Corey Bryant <email address hidden>
Date: Mon Mar 18 13:46:37 2019 -0400

    PY3: Ensure LDAP searches use unicode attributes

    This is a bug fix that corresponds to changes missed in commit
    eca0829c4c65e6b64f08023ce2d5a55dc329248f.

    In Python 3, python-ldap no longer allows bytes for some fields (DNs,
    RDNs, attribute names, queries). Instead, text values are represented
    as str, the Unicode text type. Compatibility support is provided for
    Python 2 by setting bytes_mode=False [1]. This support was provided
    in commit eca0829c4c65e6b64f08023ce2d5a55dc329248f.

    In this patch we ensure that attribute names specified in searches
    are no longer encoded.

    [1] More details about byte/str usage in python-ldap can be found at:
    http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode

    Change-Id: If3398e2d08ea14fa4b8c498b2a9a7c7edb47b9e5
    Closes-Bug: #1820333
    Depends-On: https://review.openstack.org/#/c/613648
    (cherry picked from commit d6df1dff3e519a26c1a12b6c32f9799484be5966)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 15.0.0.0rc1

This issue was fixed in the openstack/keystone 15.0.0.0rc1 release candidate.

Colleen Murphy (krinkle)
Changed in keystone:
importance: Undecided → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package keystone - 2:14.0.1-0ubuntu3

---------------
keystone (2:14.0.1-0ubuntu3) cosmic; urgency=medium

  * d/control, d/p/py3-switch-to-using-unicode-text-values.patch: Enable
    Keystone LDAP Python 3 support. Patch is cherry-picked from
    https://review.openstack.org/613648 (LP: #1798184).
  * d/p/ensure-LDAP-searches-use-unicode-attributes.patch: Cherry-picked
    from https://review.openstack.org/#/c/643670/ to fix LDAP backend
    searches (LP: #1820333).

 -- Corey Bryant <email address hidden> Tue, 19 Mar 2019 07:35:02 -0400

Changed in keystone (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 14.1.0

This issue was fixed in the openstack/keystone 14.1.0 release.

Corey Bryant (corey.bryant)
tags: added: py3
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.