keystone ldap does not support Hebrew
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Triaged
|
Medium
|
Unassigned |
Bug Description
We are trying to integrate openstack kilo with the customer active
directory. We followed this steps:
http://
But we have some issues with users who are defined with Hebrew
distinguished names. The keystone ignores all users data with
base64 encoded.
Digged into the source files, we found that following changes are needed to enable the support:
--- keystone/
+++ keystone/
@@ -13,6 +13,7 @@
# under the License.
import abc
+import base64
import codecs
import functools
import os.path
@@ -117,7 +118,15 @@ def enabled2py(val):
return int(val)
except ValueError:
pass
- return utf8_decode(val)
+ if val is None:
+ return None
+ if val.startswith(': '):
+ try:
+ return utf8_decode(
+ except:
+ return utf8_decode(val)
+ else:
+ return utf8_decode(val)
def ldap2py(val):
@@ -129,7 +138,15 @@ def ldap2py(val):
:param val: LDAP formatted value
:returns: val converted to preferred Python type
"""
- return utf8_decode(val)
+ if val is None:
+ return None
+ if val.startswith(': '):
+ try:
+ return utf8_decode(
+ except:
+ return utf8_decode(val)
+ else:
+ return utf8_decode(val)
def convert_
I've checked the source in Mitaka, to find this case is not handdled either. Not sure if it's considered of in Newton release.
In general, release kilo,liberty, Mitaka all has this bug.
Changed in keystone: | |
assignee: | nobody → Kristi Nikolla (knikolla) |
Changed in keystone: | |
milestone: | newton-3 → none |
tags: | added: ldap |
Changed in keystone: | |
assignee: | nobody → Richard (csravelar) |
Changed in keystone: | |
assignee: | Richard (csravelar) → nobody |
Do you have any sample input we can use? I'm not sure it's necessary for enabled2py -- that portion is only used to determine if a user is enabled