ldap user_filter is not honored while authenticating
Bug #1394083 reported by
Anton Aksola
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Expired
|
Wishlist
|
Unassigned |
Bug Description
When full LDAP logging is enabled, we can see that the inital LDAP search query does not use the user_filter while it tries to find the user DN from the LDAP.
This causes authentication to fail if we have two users with same name in the LDAP in the same tree but with different ids. We use memberOf filter to limit which users are seen by Keystone.
I traced the issue to keystone/
tags: | added: ldap |
Changed in keystone: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
Changed in keystone: | |
milestone: | none → kilo-rc1 |
Changed in keystone: | |
milestone: | kilo-rc1 → none |
tags: | added: ldap-legacy |
To post a comment you must log in.
My understanding is that DN is unique. When I use Active Directory as my LDAP server, I can't create two users with same name in the same OU(Organizational Unit).
Maybe you need to find out why you will have two users with same name in the LDAP in the same tree but with different ids