yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #27878
[Bug 1241134] Re: Using LDAP with enabled ignored, no error when attempt to change
** Changed in: keystone/juno
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1241134
Title:
Using LDAP with enabled ignored, no error when attempt to change
Status in OpenStack Identity (Keystone):
Fix Released
Status in Keystone juno series:
Fix Released
Bug description:
When the Keystone server is configured to use LDAP as the identity backend and 'enabled' is in user_attribute_ignore and then the user is disabled (for example with keystone user-update --enabled false), the server returns successful and the command doesn't report an error even though the user remains enabled.
The server should report an error like 403 Forbidden or 501 Not
Implemented if the user tries to change the enabled attribute and it's
ignored.
This would improve security since the way it is now Keystone gives the
impression that the user has been disabled even when they have not
been.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1241134/+subscriptions