← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1415271] Re: user_enabled_attribute string support is poor

 

** Changed in: keystone
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1415271

Title:
  user_enabled_attribute string support is poor

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone juno series:
  In Progress

Bug description:
  When attempting to authenticate with our ldap, we were running into
  trouble getting the right value to show up for the user's enabled
  attribute.

  The result from ldap was:
  [('uid=123456789,c=us,ou=our_ldap,o=ibm.com', {'mail': ['shaun@xxxxxxxx'], 'passwordisexpired': ['false'], 'uid': ['123456789']})]

  which is turned into:
  [(u'uid=123456789,c=us,ou=our_ldap,o=ibm.com', {'mail': [u'shaun@xxxxxxxx'], 'passwordisexpired': [u'false'], 'uid': [123456789]})]

  the _ldap_res_to_model  function in ldap/core.py seems to be OK, but
  the same one at the identity backend for ldap seems to have a few
  bugs:

  the object before:
  {'email': u'shaun@xxxxxxxx', 'enabled': u'false', 'id': 123456789, 'name': u'shaun@xxxxxxxx'} 

  the object after:
  {'dn': u'uid=123456789,c=us,ou=our_ldap,o=ibm.com', 'email': u'shaun@xxxxxxxx', 'enabled': False, 'id': 123456789, 'name': u'shaun@xxxxxxxx'} 

  Note that the enabled field is still False, just a boolean now instead
  of string.

  Looks like at:
  https://github.com/openstack/keystone/blob/stable/juno/keystone/identity/backends/ldap.py#L223-L227

  The check for if type(str) is insufficient, and calling lower, without
  the parentheses is pointless.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1415271/+subscriptions


References