Update global requirements to handle encoding issues with python2-pyldap-2.4.35

Bug #1715080 reported by prashkre on 2017-09-05
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Low
Unassigned
Pike
Low
Unassigned

Bug Description

With LDAP as identity backend and user/group name has non-ascii characters like "arc1Össk", when a role is assigned to such user it is failing in below stacktrace. UnicodeEncodeError issue is from python2-pyldap-2.4.35 installed. This issue was fixed in python2-pyldap-2.4.36 release with changes in https://github.com/pyldap/pyldap/pull/95.

Currently stable/pike has global requirement(https://github.com/openstack/requirements/blob/stable/pike/global-requirements.txt#L195) of pyldap>=2.4.20 which needs to be changed to pyldap>=2.4.36.

For more details on the issue, please refer to below links
https://stackoverflow.com/questions/38616020/pyldap-dn-encoding-error
https://github.com/pyldap/pyldap/issues/54

2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi [req-8bc17bd4-e821-411d-b496-a75feca8448e 91476076d6686143dff68d08e87358a29daf0725c549008f9c0852d2c7ab8e42 38aa26ac274146778e655c6bcee3de68 - default default] 'ascii' codec can't encode character u'\xd6' in position 10: ordinal not in range(128): UnicodeEncodeError: 'ascii' codec can't encode character u'\xd6' in position 10: ordinal not in range(128)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi Traceback (most recent call last):
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi result = method(req, **params)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 93, in inner
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi self, f, check_function, request, None, *args, **kwargs)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 158, in protected_wrapper
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi check_function(self, request, prep_info, *args, **kwargs)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 625, in _check_grant_protection
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi ref['user'] = self.identity_api.get_user(user_id)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", l

2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 634, in wrapper
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi return func(self, conn, *args, **kwargs)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py", line 764, in search_s
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi attrsonly)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 773, in search_s
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1180, in search_ext_s
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 1118, in _apply_method_s
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi return func(self,*args,**kwargs)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 766, in search_ext_s
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 762, in search_ext
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi timeout,sizelimit,
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 265, in _ldap_call
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi result = func(*args,**kwargs)
2017-08-31 07:18:32.565 10756 ERROR keystone.common.wsgi UnicodeEncodeError: 'ascii' codec can't encode character u'\xd6' in position 10: ordinal not in range(128)

Lance Bragstad (lbragstad) wrote :

I don't think global requirements is the problem here. It would appear that this is also an issue in master. Since pyldap is an optional dependency that is managed in setup.cfg, we'll need to bump it there [0]. Then we can discuss the process for backporting this to stable/pike with the stable maintenance team.

[0] https://github.com/openstack/keystone/blob/fbce49970cb005986f5e491583c07bb3644355b0/setup.cfg#L27

Changed in keystone:
status: New → Confirmed
importance: Undecided → Medium
importance: Medium → Low
Lance Bragstad (lbragstad) wrote :

Marking this as Low since the workaround is to upgrade pyldap manually.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers