LDAP get_project_users should not return password

Bug #1190286 reported by Sahdev Zala on 2013-06-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Sahdev Zala

Bug Description

test_get_project_users is incorrectly skipped in the test_backend_ldap. It's not related to multiple LDAP support. Do not skip it by fixing the get_project_users method in core.py.

Sahdev Zala (spzala) on 2013-06-12
Changed in keystone:
assignee: nobody → Sahdev Zala (spzala)
Dolph Mathews (dolph) wrote :

Some detail about what exactly needs to be fixed in the "get_project_users method in core.py" would be appreciated.

Changed in keystone:
status: New → Incomplete
Sahdev Zala (spzala) wrote :

Hi Dolph, I am working on it and updating the patch later today.

The main thing I think need to be fixed is get_projects_users should not return 'password' information of the users. Hope this makes sense.


Fix proposed to branch: master
Review: https://review.openstack.org/32776

Changed in keystone:
status: Incomplete → In Progress

Hi Dolph, just updated the patch. Please take a look as you get a chance. Thanks!

Sahdev Zala (spzala) on 2013-06-12
summary: - test test_get_project_users should not be skipped for ldap
+ LDAP test_get_project_users should not return password and be skipped
+ for ldap
Dolph Mathews (dolph) wrote :

The password values coming back from that call are not in plaintext, correct?

summary: - LDAP test_get_project_users should not return password and be skipped
- for ldap
+ LDAP get_project_users should not return password
tags: added: grizzly-backport-potential
Changed in keystone:
importance: Undecided → High
Sahdev Zala (spzala) wrote :

Hi Dolph, correct. The return value of password is not plain text, it's hashed.

Reviewed: https://review.openstack.org/32776
Committed: http://github.com/openstack/keystone/commit/61c72f73424c47d21e533b0bdde997f6e0a4de45
Submitter: Jenkins
Branch: master

commit 61c72f73424c47d21e533b0bdde997f6e0a4de45
Author: Sahdev Zala <email address hidden>
Date: Wed Jun 12 14:38:33 2013 -0500

    LDAP get_project_users should not return password

    Also with this fix no need to skip get_project_users for LDAP.

    Fixes bug1190286

    Change-Id: I6ab6b4179c36d49b8a2eab1ea67ce0d6339751f5

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-07-17
Changed in keystone:
milestone: none → havana-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-2 → 2013.2
Alan Pevec (apevec) on 2014-03-30
tags: removed: grizzly-backport-potential
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers