← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1361306] Re: Keystone doesn't handle user_attribute_id mapping

 

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1361306

Title:
  Keystone doesn't handle user_attribute_id mapping

Status in OpenStack Identity (Keystone):
  Fix Released

Bug description:
  By default keystone gets the id from first field of DN. It doesn't use
  user_id_attibute mapping from keystone.conf

  In the following code, "id" attribute is always  1 element in DN
  ---Relevent code---

  https://github.com/openstack/keystone/blob/de2c6e15b9f45969c307ac6d1f634d933537aeaa/keystone/common/ldap/core.py#L1277-L1304

    @staticmethod
      def _dn_to_id(dn):
          return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

  def _ldap_res_to_model(self, res):
          obj = self.model(id=self._dn_to_id(res[0]))
          # LDAP attribute names may be returned in a different case than
          # they are defined in the mapping, so we need to check for keys
          # in a case-insensitive way.  We use the case specified in the
          # mapping for the model to ensure we have a predictable way of
          # retrieving values later.
          lower_res = dict((k.lower(), v) for k, v in six.iteritems(res[1]))
          for k in obj.known_keys:
              if k in self.attribute_ignore:
                  continue

              try:
                  v = lower_res[self.attribute_mapping.get(k, k).lower()]
              except KeyError:
                  pass
              else:
                  try:
                      obj[k] = v[0]
                  except IndexError:
                      obj[k] = None

          return obj

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1361306/+subscriptions


References