Using LDAP with enabled ignored, no error when attempt to change
Bug #1241134 reported by
Brant Knudson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Medium
|
Brant Knudson | ||
Juno |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When the Keystone server is configured to use LDAP as the identity backend and 'enabled' is in user_attribute_
The server should report an error like 403 Forbidden or 501 Not Implemented if the user tries to change the enabled attribute and it's ignored.
This would improve security since the way it is now Keystone gives the impression that the user has been disabled even when they have not been.
Changed in keystone: | |
assignee: | nobody → Scott W Jewloszewicz-Clarke (scottwjclarke) |
tags: | added: icehouse-backport-potential juno-backport-potential |
Changed in keystone: | |
milestone: | none → kilo-1 |
status: | Fix Committed → Fix Released |
Changed in keystone: | |
milestone: | kilo-1 → 2015.1.0 |
To post a comment you must log in.
This also applies to projects: https:/ /bugs.launchpad .net/keystone/ +bug/1221579