The Keystone server would respond with a 500 error when configured
to use the LDAP identity backend and a request is made to get a
token for a user that has an ID with a comma. The response is like:
Authorization Failed: An unexpected error prevented the server from
fulfilling your request. {'desc': 'Bad search filter'} (HTTP 500)
This is because the user DN wasn't properly escaped in the filter
for the query to get the groups that the user is a member of.
Reviewed: https:/ /review. openstack. org/85460 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=5b5331fa02d e38207cd81922d5 794192ebb4b77a
Committed: https:/
Submitter: Jenkins
Branch: milestone-proposed
commit 5b5331fa02de382 07cd81922d57941 92ebb4b77a
Author: Brant Knudson <email address hidden>
Date: Fri Apr 4 10:50:07 2014 -0500
Fix invalid LDAP filter for user ID with comma
The Keystone server would respond with a 500 error when configured
to use the LDAP identity backend and a request is made to get a
token for a user that has an ID with a comma. The response is like:
Authorization Failed: An unexpected error prevented the server from
fulfilling your request. {'desc': 'Bad search filter'} (HTTP 500)
This is because the user DN wasn't properly escaped in the filter
for the query to get the groups that the user is a member of.
Closes-Bug: #1302106
Change-Id: Ib4886e66af0e97 9fcf23a84bcd51b 07034547cb9