yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1335437] Re: LDAP attributes mapped to None can cause 500 errors

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Alan Pevec <1335437@xxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Aug 2014 10:19:51 -0000
Reply-to: Bug 1335437 <1335437@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: keystone/icehouse
   Importance: Undecided
       Status: New

** Changed in: keystone/icehouse
   Importance: Undecided => Low

** Changed in: keystone/icehouse
       Status: New => In Progress

** Changed in: keystone/icehouse
     Assignee: (unassigned) => Nathan Kinder (nkinder)

** Tags removed: icehouse-backport-potential

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1335437

Title:
  LDAP attributes mapped to None can cause 500 errors

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone icehouse series:
  In Progress

Bug description:
  When LDAP is being used as a backend, attributes that are mapped to
  'None' will trigger a 500 error if they are not also configured to be
  ignored.   This can be easily reproduced by modifying the default
  config as follows:

  -------------------------------------------------------------
  # List of attributes stripped off the user on update. (list
  # value)
  #user_attribute_ignore=default_project_id,tenants
  user_attribute_ignore=tenants

  # LDAP attribute mapped to default_project_id for users.
  # (string value)
  #user_default_project_id_attribute=<None>
  -------------------------------------------------------------

  If you then perform a 'keystone user-list', it will trigger a 500
  error:

  -------------------------------------------------------------
  [root@keystone ~(keystone_admin)]# keystone user-list
  Authorization Failed: An unexpected error prevented the server from fulfilling your request. (HTTP 500)
  -------------------------------------------------------------

  The end of the stacktrace in keystone.log clearly shows the problem:

  -------------------------------------------------------------
  2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 502, in _ldap_res_to_model
  2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi     v = lower_res[self.attribute_mapping.get(k, k).lower()]
  2014-06-28 06:23:36.366 21931 TRACE keystone.common.wsgi AttributeError: 'NoneType' object has no attribute 'lower'
  -------------------------------------------------------------

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1335437/+subscriptions

References

[Bug 1335437] [NEW] LDAP attributes mapped to None can cause 500 errors
From: Nathan Kinder, 2014-06-28