GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
Low
|
prashkre |
Bug Description
In an environment like ldap server as identity backend, where a group has role assignment but some users in group doesn't have "name" attribute configured in ldap. So while fetching effective role assignments with include_names, it is failing in below stack trace error.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
2017-07-13 05:06:10.835 10460 ERROR keystone.
summary: |
GET /v3/role_assignments?effective&include_names API fails in unexpected - 500 error when some user doesn't have name in configured identity - backend + 500 errot |
summary: |
- GET /v3/role_assignments?effective&include_names API fails in unexpected - 500 errot + GET /v3/role_assignments?effective&include_names API fails with + unexpected 500 error |
Changed in keystone: | |
milestone: | pike-3 → pike-rc1 |
no longer affects: | keystone/ocata |
We have documentation that explains how to map attributes, like `name`, from LDAP to keystone [0]. I would be curious to see if you still end up with the same issue after reading and applying the configuration in those docs.
[0] https:/ /docs.openstack .org/keystone/ latest/ configuration. html#using- an-ldap- server