authenticate in ldap backend doesn't return a list of roles

Bug #1035428 reported by Ryan Lane on 2012-08-10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Andrew Bogott
keystone (Ubuntu)

Bug Description

authenticate should return a list of roles, currently it returns empty metadata.

Dolph Mathews (dolph) wrote :

Although this is an issue only affecting stable/essex, a test should be merged into both master and stable/essex.

Changed in keystone:
assignee: nobody → Ryan Lane (rlane)
assignee: Ryan Lane (rlane) → nobody
importance: Undecided → Medium
status: New → Confirmed
assignee: nobody → Ryan Lane (rlane)

Fix proposed to branch: master

Changed in keystone:
assignee: Ryan Lane (rlane) → Andrew Bogott (andrewbogott)
status: Confirmed → In Progress

Submitter: Jenkins
Branch: stable/essex

commit ff6df7cdbeaed6a8784955ba866332ec5f082ad5
Author: Ryan Lane <email address hidden>
Date: Thu Jul 26 11:41:16 2012 -0700

    Returning roles from authenticate in ldap backend

    Without this fix, the LDAP backend doesn't return
    roles during the authentication phase.

    lp 1035428

    Change-Id: Ibd7e5a8f5475b56a4d3063c85ab634e4c0614e7e

tags: added: in-stable-essex
Dave Walker (davewalker) on 2012-08-24
Changed in keystone (Ubuntu):
status: New → Fix Released
Changed in keystone (Ubuntu Precise):
status: New → Confirmed

Submitter: Jenkins
Branch: master

commit af52ef1479861ffdf3aa3a334fc9fffc8faa8843
Author: Andrew Bogott <email address hidden>
Date: Tue Aug 21 17:52:58 2012 -0500

    Demonstrate that authenticate() returns roles.

    This is related to lp 1035428; that bug is fixed in folsom,
    but this test is also about to appear in stable/essex.

    Change-Id: Iadd4091339aab2c3a8d474b44dcd11f8bfd1d510

Changed in keystone:
status: In Progress → Fix Committed

Please find the attached test log from the Ubuntu Server Team's CI infrastructure. As part of the verification process for this bug, Keystone has been deployed and configured across multiple nodes using precise-proposed as an installation source. After successful bring-up and configuration of the cluster, a number of exercises and smoke tests have be invoked to ensure the updated package did not introduce any regressions. A number of test iterations were carried out to catch any possible transient errors.

Please Note the list of installed packages at the top and bottom of the report.

For records of upstream test coverage of this update, please see the Jenkins links in the comments of the relevant upstream code-review(s):

Trunk review:
Stable review:

As per the provisional Micro Release Exception granted to this package by the Technical Board, we hope this contributes toward verification of this update.

Adam Gandelman (gandelman-a) wrote :

Test coverage log.

tags: added: verification-done
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package keystone - 2012.1+stable~20120824-a16a0ab9-0ubuntu2

keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2) precise-proposed; urgency=low

  * New upstream release (LP: #1041120):
    - debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch:
  * Resynchronize with stable/essex:
    - authenticate in ldap backend doesn't return a list of roles
      (LP: #1035428)
    - LDAP should not check username on "sn" field (LP: #997700)
    - Admin API doesn't valid token. (LP: #1006815, #1006822)
    - Memcache token backend eventually stops working. (LP: #1012381)
    - EC2 credentials not migrated from legacy (diablo) database. (LP: #1016056)
    - Deleting tenants or users does not cleanup metadata. (LP: #973243)
    - Deleting tenants does not cleanup its user associations. (LP: #974199)
    - TokenNotFound not raised in testsuite beacuse of timezone issues. (LP: #983800)
    - Token authentication for a user in a disabled tenant does not raise
      Unauthorized error. (LP: #988920)
    - export_legacy_catalog doesn't convert url names correctly. (LP: #994936)
    - Following a password compromise and subsequent password change,
      tokens remain valid. (LP: #996595)
    - Tokens remain valid after a user account is disabled. (LP: #997194)
 -- Adam Gandelman <email address hidden> Fri, 24 Aug 2012 03:34:59 -0400

Changed in keystone (Ubuntu Precise):
status: Confirmed → Fix Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Joseph Heck (heckj) on 2012-09-13
Changed in keystone:
milestone: none → folsom-rc1
Thierry Carrez (ttx) on 2012-09-14
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-09-27
Changed in keystone:
milestone: folsom-rc1 → 2012.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers