← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1245247] Re: For ldap, API wrongly reports user is in group

 

Reviewed:  https://review.openstack.org/85103
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=628f383fbb14ae99679957ab05a02562a4d43d91
Submitter: Jenkins
Branch:    milestone-proposed

commit 628f383fbb14ae99679957ab05a02562a4d43d91
Author: wanghong <w.wanghong@xxxxxxxxxx>
Date:   Mon Mar 17 17:22:08 2014 +0800

    For ldap, API wrongly reports user is in group
    
    When the ldap identity backend is configured,
    HEAD v3/groups/​{group_id}​/users/​{user_id}
    always returns 200, even if the user is not actually in the group.
    This is because the sql and kvs backend will raise NotFound
    exception if the user is not in the group, but the ldap backend
    just return result.
    
    Change-Id: Ie1585c8aebe054091bd76fded666bf41125ff9ca
    Closes-Bug: 1245247


** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1245247

Title:
  For ldap, API wrongly reports user is in group

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  When the ldap identity backend is configured,
  HEAD v3/groups/​{group_id}​/users/​{user_id}
  always returns 200, regardless of whether or not the user is actually in the group.

  Fix is simple:
  keystone.identity.backends.ldap.check_user_in_group() should raise an exception if the user isn't in the group, rather than just return false

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1245247/+subscriptions