← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #19496

[Bug 1361306] [NEW] Keysttone doesn't handle user_attribute_id mapping

  Thread PreviousDate PreviousThread Next 
Public bug reported:

By default keystone gets the id from first field of DN. It doesn't use
user_id_attibute mapping from keystone.conf

In the following code, "id" attribute is always  1 element in DN
---Relevent code---

  @staticmethod
    def _dn_to_id(dn):
        return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])


def _ldap_res_to_model(self, res):
        obj = self.model(id=self._dn_to_id(res[0]))
        # LDAP attribute names may be returned in a different case than
        # they are defined in the mapping, so we need to check for keys
        # in a case-insensitive way.  We use the case specified in the
        # mapping for the model to ensure we have a predictable way of
        # retrieving values later.
        lower_res = dict((k.lower(), v) for k, v in six.iteritems(res[1]))
        for k in obj.known_keys:
            if k in self.attribute_ignore:
                continue

            try:
                v = lower_res[self.attribute_mapping.get(k, k).lower()]
            except KeyError:
                pass
            else:
                try:
                    obj[k] = v[0]
                except IndexError:
                    obj[k] = None

        return obj

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1361306

Title:
  Keysttone doesn't handle user_attribute_id mapping

Status in OpenStack Identity (Keystone):
  New

Bug description:
  By default keystone gets the id from first field of DN. It doesn't use
  user_id_attibute mapping from keystone.conf

  In the following code, "id" attribute is always  1 element in DN
  ---Relevent code---

    @staticmethod
      def _dn_to_id(dn):
          return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

  
  def _ldap_res_to_model(self, res):
          obj = self.model(id=self._dn_to_id(res[0]))
          # LDAP attribute names may be returned in a different case than
          # they are defined in the mapping, so we need to check for keys
          # in a case-insensitive way.  We use the case specified in the
          # mapping for the model to ensure we have a predictable way of
          # retrieving values later.
          lower_res = dict((k.lower(), v) for k, v in six.iteritems(res[1]))
          for k in obj.known_keys:
              if k in self.attribute_ignore:
                  continue

              try:
                  v = lower_res[self.attribute_mapping.get(k, k).lower()]
              except KeyError:
                  pass
              else:
                  try:
                      obj[k] = v[0]
                  except IndexError:
                      obj[k] = None

          return obj

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1361306/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next