yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1373232] [NEW] The ldap driver needs to bubble up some ldap exceptions

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Mahesh Sawaiker <mahesh_sawaiker@xxxxxxxxxxxxxxxx>
Date: Wed, 24 Sep 2014 05:19:19 -0000
Reply-to: Bug 1373232 <1373232@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

LDAP driver can bubble up some exceptions as 400 errors.
Example ldap.CONSTRAINT_VIOLATION and ldap.UNWILLING

    def update_user(self, user_id, user):
        self.user.check_allow_update()
        if 'id' in user and user['id'] != user_id:
            raise exception.ValidationError(_('Cannot change user ID'))
        old_obj = self.user.get(user_id)
        #Defect 118381, user name update in ldap should be allowed.
        #if 'name' in user and old_obj.get('name') != user['name']:
          #  raise exception.Conflict(_('Cannot change user name'))

        #user = utils.hash_ldap_user_password(user)
        if self.user.enabled_mask:
            self.user.mask_enabled_attribute(user)
        try:
                self.user.update(user_id, user, old_obj)
        except ldap.CONSTRAINT_VIOLATION as e:
            if 'info' in e[0]:
                raise  exception.ValidationError(e[0]['info'])
            else:
                raise AssertionError(_('Error updating user'))
        return self.user.get_filtered(user_id)

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1373232

Title:
  The ldap driver needs to bubble up some ldap exceptions

Status in OpenStack Identity (Keystone):
  New

Bug description:
  LDAP driver can bubble up some exceptions as 400 errors.
  Example ldap.CONSTRAINT_VIOLATION and ldap.UNWILLING

      def update_user(self, user_id, user):
          self.user.check_allow_update()
          if 'id' in user and user['id'] != user_id:
              raise exception.ValidationError(_('Cannot change user ID'))
          old_obj = self.user.get(user_id)
          #Defect 118381, user name update in ldap should be allowed.
          #if 'name' in user and old_obj.get('name') != user['name']:
            #  raise exception.Conflict(_('Cannot change user name'))

          #user = utils.hash_ldap_user_password(user)
          if self.user.enabled_mask:
              self.user.mask_enabled_attribute(user)
          try:
                  self.user.update(user_id, user, old_obj)
          except ldap.CONSTRAINT_VIOLATION as e:
              if 'info' in e[0]:
                  raise  exception.ValidationError(e[0]['info'])
              else:
                  raise AssertionError(_('Error updating user'))
          return self.user.get_filtered(user_id)

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1373232/+subscriptions

Follow ups

[Bug 1373232] Re: The ldap driver needs to bubble up some ldap exceptions
From: David Stanek, 2017-03-31
[Bug 1373232] [NEW] The ldap driver needs to bubble up some ldap exceptions
From: Mahesh Sawaiker, 2014-09-24

References

[Bug 1373232] [NEW] The ldap driver needs to bubble up some ldap exceptions
From: Mahesh Sawaiker, 2014-09-24