The Keystone server would respond with a 500 error when configured
to use the LDAP identity backend and a request is made to get a
token for a user that has an ID with a comma. The response is like:
Authorization Failed: An unexpected error prevented the server from
fulfilling your request. {'desc': 'Bad search filter'} (HTTP 500)
This is because the user DN wasn't properly escaped in the filter
for the query to get the groups that the user is a member of.
Reviewed: https:/ /review. openstack. org/85402 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=594024a4413 560dc433ccfeea8 69493b23100cc7
Committed: https:/
Submitter: Jenkins
Branch: master
commit 594024a4413560d c433ccfeea86949 3b23100cc7
Author: Brant Knudson <email address hidden>
Date: Fri Apr 4 10:50:07 2014 -0500
Fix invalid LDAP filter for user ID with comma
The Keystone server would respond with a 500 error when configured
to use the LDAP identity backend and a request is made to get a
token for a user that has an ID with a comma. The response is like:
Authorization Failed: An unexpected error prevented the server from
fulfilling your request. {'desc': 'Bad search filter'} (HTTP 500)
This is because the user DN wasn't properly escaped in the filter
for the query to get the groups that the user is a member of.
Closes-Bug: #1302106
Change-Id: Ib4886e66af0e97 9fcf23a84bcd51b 07034547cb9