OpenStack Identity (keystone)

  1. Series folsom
  2. Bug #1187305
  3. Comment #21

Comment 21 for bug 1187305

Revision history for this message
Adam Young (ayoung) wrote : Re: LDAP vulnerability when checking user credentials

Please confirm: in addition, the lines in keystone/common/ldap/core.py

        if user is None:
            user = self.LDAP_USER

        if password is None:
            password = self.LDAP_PASSWORD

should be

        if not user:
            user = self.LDAP_USER

        if not password:
            password = self.LDAP_PASSWORD

to match the logic of the check for bypassing the bind?

        if user and password:
            conn.simple_bind_s(user, password)