yahoo-eng-team team mailing list archive

[Nathan Kinder <nkinder@xxxxxxxxxx>]

Public bug reported:

When LDAP is being used as a backend, attributes that are mapped to
'None' will trigger a 500 error if they are not also configured to be
ignored.   This can be easily reproduced by modifying the default config
as follows:

-------------------------------------------------------------
# List of attributes stripped off the user on update. (list
# value)
#user_attribute_ignore=default_project_id,tenants
user_attribute_ignore=tenants

# LDAP attribute mapped to default_project_id for users.
# (string value)
#user_default_project_id_attribute=<None>
-------------------------------------------------------------

If you then perform a 'keystone user-list', it will trigger a 500 error:

-------------------------------------------------------------
[root@keystone ~(keystone_admin)]# keystone user-list
Authorization Failed: An unexpected error prevented the server from fulfilling your request. (HTTP 500)
-------------------------------------------------------------

The end of the stacktrace in keystone.log clearly shows the problem:

-------------------------------------------------------------
2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 502, in _ldap_res_to_model
2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi     v = lower_res[self.attribute_mapping.get(k, k).lower()]
2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi AttributeError: 'NoneType' object has no attribute 'lower'
-------------------------------------------------------------

** Affects: keystone
     Importance: Undecided
     Assignee: Nathan Kinder (nkinder)
         Status: In Progress

** Changed in: keystone
       Status: New => In Progress

** Changed in: keystone
     Assignee: (unassigned) => Nathan Kinder (nkinder)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1335437

Title:
  LDAP attributes mapped to None can cause 500 errors

Status in OpenStack Identity (Keystone):
  In Progress

Bug description:
  When LDAP is being used as a backend, attributes that are mapped to
  'None' will trigger a 500 error if they are not also configured to be
  ignored.   This can be easily reproduced by modifying the default
  config as follows:

  -------------------------------------------------------------
  # List of attributes stripped off the user on update. (list
  # value)
  #user_attribute_ignore=default_project_id,tenants
  user_attribute_ignore=tenants

  # LDAP attribute mapped to default_project_id for users.
  # (string value)
  #user_default_project_id_attribute=<None>
  -------------------------------------------------------------

  If you then perform a 'keystone user-list', it will trigger a 500
  error:

  -------------------------------------------------------------
  [root@keystone ~(keystone_admin)]# keystone user-list
  Authorization Failed: An unexpected error prevented the server from fulfilling your request. (HTTP 500)
  -------------------------------------------------------------

  The end of the stacktrace in keystone.log clearly shows the problem:

  -------------------------------------------------------------
  2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 502, in _ldap_res_to_model
  2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi     v = lower_res[self.attribute_mapping.get(k, k).lower()]
  2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi AttributeError: 'NoneType' object has no attribute 'lower'
  -------------------------------------------------------------

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1335437/+subscriptions