← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1259426] [NEW] LDAP list group users crash when no member in the group

 

Public bug reported:

Using the LDAP identity backend,
If there is no member in the group and using GET http://{IP}:35357/v3/groups/{group_id}/users to get the user list
Keystone will return 500.

The traceback as below:

[-] 'member'
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 238, in __call__
    result = method(context, **params)
  File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 200, in wrapper
    return f(self, context, filters, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystone/identity/controllers.py", line 700, in list_users_in_group
    domain_scope=self._get_domain_id_for_request(context))
  File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 177, in wrapper
    return f(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 441, in list_users_in_group
    user_list = driver.list_users_in_group(group_id)
  File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 162, in list_users_i
n_group
    for user_dn in self.group.list_group_users(group_id):
  File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 352, in list_group_users
    user_dns = member[self.member_attribute] #if member else []
KeyError: 'member'

** Affects: keystone
     Importance: Undecided
     Assignee: Lin, Bo-Chun (sherry7737)
         Status: In Progress

** Description changed:

- Using the LDAP identity backend, 
- If there is no member in the group and using GET http://10.2.2.1:35357/v3/groups/{group_id}/users to get the user list
+ Using the LDAP identity backend,
+ If there is no member in the group and using GET http://{IP}:35357/v3/groups/{group_id}/users to get the user list
  Keystone will return 500.
  
  The traceback as below:
  
-  ERROR keystone.common.wsgi [-] 'member'
-  TRACE keystone.common.wsgi Traceback (most recent call last):
-  TRACE keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 238, in __call__
-  TRACE keystone.common.wsgi     result = method(context, **params)
-  TRACE keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 200, in wrapper
-  TRACE keystone.common.wsgi     return f(self, context, filters, **kwargs)
-  TRACE keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/controllers.py", line 700, in list_users_in_group
-  TRACE keystone.common.wsgi     domain_scope=self._get_domain_id_for_request(context))
-  TRACE keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 177, in wrapper
-  TRACE keystone.common.wsgi     return f(self, *args, **kwargs)
-  TRACE keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 441, in list_users_in_group
-  TRACE keystone.common.wsgi     user_list = driver.list_users_in_group(group_id)
-  TRACE keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 162, in list_users_i
+ [-] 'member'
+ Traceback (most recent call last):
+   File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 238, in __call__
+     result = method(context, **params)
+   File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 200, in wrapper
+     return f(self, context, filters, **kwargs)
+   File "/usr/lib/python2.7/dist-packages/keystone/identity/controllers.py", line 700, in list_users_in_group
+     domain_scope=self._get_domain_id_for_request(context))
+   File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 177, in wrapper
+     return f(self, *args, **kwargs)
+   File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 441, in list_users_in_group
+     user_list = driver.list_users_in_group(group_id)
+   File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 162, in list_users_i
  n_group
-  TRACE keystone.common.wsgi     for user_dn in self.group.list_group_users(group_id):
-  TRACE keystone.common.wsgi   File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 352, in list_group_users
-  TRACE keystone.common.wsgi     user_dns = member[self.member_attribute] #if member else []
-  TRACE keystone.common.wsgi KeyError: 'member'
+     for user_dn in self.group.list_group_users(group_id):
+   File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 352, in list_group_users
+     user_dns = member[self.member_attribute] #if member else []
+ KeyError: 'member'

** Changed in: keystone
     Assignee: (unassigned) => Lin, Bo-Chun (sherry7737)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1259426

Title:
  LDAP list group users crash when no member in the group

Status in OpenStack Identity (Keystone):
  In Progress

Bug description:
  Using the LDAP identity backend,
  If there is no member in the group and using GET http://{IP}:35357/v3/groups/{group_id}/users to get the user list
  Keystone will return 500.

  The traceback as below:

  [-] 'member'
  Traceback (most recent call last):
    File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 238, in __call__
      result = method(context, **params)
    File "/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 200, in wrapper
      return f(self, context, filters, **kwargs)
    File "/usr/lib/python2.7/dist-packages/keystone/identity/controllers.py", line 700, in list_users_in_group
      domain_scope=self._get_domain_id_for_request(context))
    File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 177, in wrapper
      return f(self, *args, **kwargs)
    File "/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 441, in list_users_in_group
      user_list = driver.list_users_in_group(group_id)
    File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 162, in list_users_i
  n_group
      for user_dn in self.group.list_group_users(group_id):
    File "/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 352, in list_group_users
      user_dns = member[self.member_attribute] #if member else []
  KeyError: 'member'

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1259426/+subscriptions


Follow ups

References