yahoo-eng-team team mailing list archive

[Victor Denisov <vdenisov@xxxxxxxxxxxx>]

Public bug reported:

We have keystone integrated with AD.

'user_id_attribute' is set to 'info'. So, when our users first get
created in AD, they don't always have this field populated. When a user
does not have a populated 'info' attribute, all keystone queries fail,
not just queries or rows containing that user.

Jul 7 14:02:12 node-38 keystone-all ID attribute info not found in LDAP
object <AD CN Object here>

Some examples of how I see keystone should be have in this situation:

List all users - list only correct users and ignore invalid.

Authenticate invalid user - this request should not be authenticated.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1478579

Title:
  When user in AD doesn't have ID field all user handlers error out

Status in Keystone:
  New

Bug description:
  We have keystone integrated with AD.

  'user_id_attribute' is set to 'info'. So, when our users first get
  created in AD, they don't always have this field populated. When a
  user does not have a populated 'info' attribute, all keystone queries
  fail, not just queries or rows containing that user.

  Jul 7 14:02:12 node-38 keystone-all ID attribute info not found in
  LDAP object <AD CN Object here>

  Some examples of how I see keystone should be have in this situation:

  List all users - list only correct users and ignore invalid.

  Authenticate invalid user - this request should not be authenticated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1478579/+subscriptions