_dn_to_id ignores user_id_attribute

Bug #1692090 reported by Boris Kudryavtsev on 2017-05-19
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)

Bug Description

_dn_to_id is not affected when user_id_attribute is changed in keystone.conf.

Considering the following LDAP directory:

# userid, Users, openstack.org
dn: cn=userid,ou=Users,dc=openstack,dc=org
objectClass: inetOrgPerson
userPassword:: e1NTSEF9Rit1bTlOS2FKdWM2bWFhWUtmRGQ5dmlBdEd6NEFydHY=
sn: 25cbd5b54da849128b89c3f7ab6e5bff
cn: userid

# test-group, UserGroups, openstack.org
dn: cn=test-group,ou=UserGroups,dc=openstack,dc=org
objectClass: groupOfNames
cn: test-group
ou: f44a7fbb9e174ba5823474c759d43643
member: cn=userid,ou=Users,dc=openstack,dc=org


user_id_attribute = sn
user_name_attribute = cn

This results in users unable to found in groups.
e.g. `openstack user list --domain default --group test-group`
Expected: User ID and Name are returned
| ID | Name |
| 25cbd5b54da849128b89c3f7ab6e5bff | userid |

Actual: Nothing is returned

Changed in keystone:
assignee: nobody → Boris Kudryavtsev (bkudryavtsev)

Fix proposed to branch: master
Review: https://review.openstack.org/466389

Changed in keystone:
status: New → In Progress
description: updated
Changed in keystone:
milestone: none → pike-rc1
importance: Undecided → Low
Colleen Murphy (krinkle) wrote :

Do you have debug logs you could post?

Colleen Murphy (krinkle) wrote :

As well as the rest of your [ldap] section? There are a lot of parameters that control the search filter that could be affecting your results.

Lance Bragstad (lbragstad) wrote :

Removing this as an rc1 candidate since we're awaiting more information.

Changed in keystone:
milestone: pike-rc1 → none
status: In Progress → Incomplete
Lance Bragstad (lbragstad) wrote :

Unassigning due to inactivity.

Changed in keystone:
assignee: Boris Kudryavtsev (bkudryavtsev) → nobody
Launchpad Janitor (janitor) wrote :

[Expired for OpenStack Identity (keystone) because there has been no activity for 60 days.]

Changed in keystone:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers