yahoo-eng-team team mailing list archive

[Anton Aksola <aakso@xxxxxx>]

Public bug reported:

When full LDAP logging is enabled, we can see that the inital LDAP
search query does not use the user_filter while it tries to find the
user DN from the LDAP.

This causes authentication to fail if we have two users with same name
in the LDAP  in the same tree but with different ids. We use memberOf
filter to limit which users are seen by Keystone.

I traced the issue to keystone/common/ldap/core.py method get_by_name
which only seems to filter by user name ignoring the filter set in the
configuration.

** Affects: keystone
     Importance: Undecided
         Status: New


** Tags: ldap

** Tags added: ldap

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1394083

Title:
  ldap user_filter is not honored while authenticating

Status in OpenStack Identity (Keystone):
  New

Bug description:
  When full LDAP logging is enabled, we can see that the inital LDAP
  search query does not use the user_filter while it tries to find the
  user DN from the LDAP.

  This causes authentication to fail if we have two users with same name
  in the LDAP  in the same tree but with different ids. We use memberOf
  filter to limit which users are seen by Keystone.

  I traced the issue to keystone/common/ldap/core.py method get_by_name
  which only seems to filter by user name ignoring the filter set in the
  configuration.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1394083/+subscriptions