yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #13150
[Bug 1245247] Re: For ldap, API wrongly reports user is in group
Reviewed: https://review.openstack.org/85103
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=628f383fbb14ae99679957ab05a02562a4d43d91
Submitter: Jenkins
Branch: milestone-proposed
commit 628f383fbb14ae99679957ab05a02562a4d43d91
Author: wanghong <w.wanghong@xxxxxxxxxx>
Date: Mon Mar 17 17:22:08 2014 +0800
For ldap, API wrongly reports user is in group
When the ldap identity backend is configured,
HEAD v3/groups/{group_id}/users/{user_id}
always returns 200, even if the user is not actually in the group.
This is because the sql and kvs backend will raise NotFound
exception if the user is not in the group, but the ldap backend
just return result.
Change-Id: Ie1585c8aebe054091bd76fded666bf41125ff9ca
Closes-Bug: 1245247
** Changed in: keystone
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1245247
Title:
For ldap, API wrongly reports user is in group
Status in OpenStack Identity (Keystone):
Fix Released
Bug description:
When the ldap identity backend is configured,
HEAD v3/groups/{group_id}/users/{user_id}
always returns 200, regardless of whether or not the user is actually in the group.
Fix is simple:
keystone.identity.backends.ldap.check_user_in_group() should raise an exception if the user isn't in the group, rather than just return false
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1245247/+subscriptions