OpenStack Identity (keystone)

sampledata does not work with real LDAP backend

Bug #904815 reported by Enol Fernández on 2011-12-15

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	Ziad Sawalha	OpenStack Identity (keystone) 2012.1 "essex"

Bug Description

I have an LDAP server installed for testing KeyStone. I have imported the schema into the server and created the tree.
When I try to run the sampledata script, it fails with the following error:

INVALID_SYNTAX: {'info': 'keystoneName: value #0 invalid per syntax', 'desc': 'Invalid syntax'}

The log shows that the LDAP add was tried:
2011-12-15 16:47:02 DEBUG [keystone.backends.ldap.api] LDAP init: url=ldap://localhost
2011-12-15 16:47:02 DEBUG [keystone.backends.ldap.api] LDAP bind: dn=cn=admin,dc=example,dc=com
2011-12-15 16:47:02 DEBUG [keystone.backends.ldap.api] LDAP add: dn=cn=5eeb338f-f457-4989-965f-eed052e85f27,ou=Groups,dc=example,dc=com, attrs=[('objectClass', ['groupOfNames', 'keystoneTenant']), ('keystoneEnabled', ['TRUE']), ('keystoneName', ['customer-x']), ('member', ['cn=dumb,dc=nonexistent'])]

keystoneName is defined in the ldap schema as distinguishedName so the ldap insertion fails with the invalid syntax error. If I manually insert in the ldap the same object with a correct keystoneName it is shown then by the keystone-admin tool.

Revision history for this message

Ziad Sawalha (ziad-sawalha) wrote on 2011-12-17:

We'll try to get this in by E3.

Changed in keystone:
importance:	Undecided → High
milestone:	none → essex-3

Revision history for this message

Ralf Haferkamp (rhafer) wrote on 2011-12-21:

keystoneName-schema.diff Edit (799 bytes, text/plain)

I suppose keystoneName should be a subtype of "name" instead for "distinguishedName". "name" is defined to be of the DirectoryString Syntax, which basically is UTF-8.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2011-12-22: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/2546

Changed in keystone:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2011-12-22: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/2546
Committed: http://github.com/openstack/keystone/commit/03447b10d3e8902ec2751fa4ca27597e39604fd2
Submitter: Jenkins
Branch: master

commit 03447b10d3e8902ec2751fa4ca27597e39604fd2
Author: Ziad Sawalha <email address hidden>
Date: Wed Dec 21 23:35:13 2011 -0600

Fix LDAP schema (bug 904815)

As per comments from Ralf Haferkamp (rhafer):
keystoneName should be a subtype of 'name' instead of 'distinguishedName'. 'name' is defined to be of the DirectoryString Syntax, which basically is UTF-8.

Change-Id: I29ec92f7974170875ad4bfa4dc009eea86b66839

Changed in keystone:
status:	In Progress → Fix Committed

Joe Savak (jsavak) on 2012-01-03

Changed in keystone:
assignee:	nobody → Ziad Sawalha (ziad-sawalha)

Thierry Carrez (ttx) on 2012-01-25

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2012-04-05

Changed in keystone:
milestone:	essex-3 → 2012.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

keystoneName-schema.diff Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.