yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #45177
[Bug 1468000] Re: Group lookup by name in LDAP via v3 fails
** Changed in: keystone/kilo
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1468000
Title:
Group lookup by name in LDAP via v3 fails
Status in OpenStack Identity (keystone):
Fix Released
Status in OpenStack Identity (keystone) kilo series:
Fix Released
Bug description:
This bug is similar to
https://bugs.launchpad.net/keystone/+bug/1454309 but relates to
groups. When issuing an "openstack group show <group_name>" command on
a domain associated with LDAP, invalid LDAP query is composed and
Keystone returns ISE 500:
$ openstack --os-token ADMIN --os-url http://localhost:35357/v3 --os-identity-api-version 3 group show --domain ad 'Domain Admins'
ERROR: openstack An unexpected error prevented the server from fulfilling your request: {'desc': 'Bad search filter'} (Disable debug mode to suppress these details.) (HTTP 500) (Request-ID: req-06fd5907-6ade-4872-95ab-e66f0809986a)
Here's the log:
2015-06-23 15:59:41.627 8571 DEBUG keystone.common.ldap.core [-] LDAP search: base=CN=Users,DC=dept,DC=example,DC=org scope=2 filterstr=(&(&None(sAMAccountName=Domain Admins))(objectClass=group)) attrs=['cn', 'sAMAccountName', 'description'] attrsonly=0 search_s /home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py:933
2015-06-23 15:59:41.628 8571 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py:906
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi [-] {'desc': 'Bad search filter'}
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi Traceback (most recent call last):
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/wsgi.py", line 240, in __call__
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi result = method(context, **params)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/controller.py", line 202, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self, context, filters, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/controllers.py", line 310, in list_groups
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi hints=hints)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/manager.py", line 54, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py", line 342, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py", line 353, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self, *args, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py", line 1003, in list_groups
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi ref_list = driver.list_groups(hints)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/backends/ldap.py", line 164, in list_groups
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return self.group.get_all_filtered(hints)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/backends/ldap.py", line 402, in get_all_filtered
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi for group in self.get_all(query)]
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 1507, in get_all
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi for x in self._ldap_get_all(ldap_filter)]
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 1469, in _ldap_get_all
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 946, in search_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrlist_utf8, attrsonly)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 642, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return func(self, conn, *args, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 772, in search_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrsonly)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 559, in search_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 920, in search_ext_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 862, in _apply_method_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return func(self,*args,**kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 552, in search_ext_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 548, in search_ext
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi timeout,sizelimit,
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi result = func(*args,**kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi FILTER_ERROR: {'desc': 'Bad search filter'}
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi
2015-06-23 15:59:41.650 8571 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [23/Jun/2015 15:59:41] "GET /v3/groups?domain_id=a225c3b5b4af44a2964b7f941538bc45&name=Domain+Admins HTTP/1.1" 500 459 0.104950
Bug is reproduced on current keystone master (Liberty).
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1468000/+subscriptions
References
