yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1478579] Re: When user in AD doesn't have ID field all user handlers error out

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Doug Hellmann <doug@xxxxxxxxxxxxxxxx>
Date: Thu, 03 Sep 2015 18:14:25 -0000
Reply-to: Bug 1478579 <1478579@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: Fix Committed => Fix Released

** Changed in: keystone
    Milestone: None => liberty-3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1478579

Title:
  When user in AD doesn't have ID field all user handlers error out

Status in Keystone:
  Fix Released

Bug description:
  We have keystone integrated with AD.

  'user_id_attribute' is set to 'info'. So, when our users first get
  created in AD, they don't always have this field populated. When a
  user does not have a populated 'info' attribute, all keystone queries
  fail, not just queries or rows containing that user.

  Jul 7 14:02:12 node-38 keystone-all ID attribute info not found in
  LDAP object <AD CN Object here>

  Some examples of how I see keystone should be have in this situation:

  List all users - list only correct users and ignore invalid.

  Authenticate invalid user - this request should not be authenticated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1478579/+subscriptions

References

[Bug 1478579] [NEW] When user in AD doesn't have ID field all user handlers error out
From: Victor Denisov, 2015-07-27