← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #46337

[Bug 1546136] [NEW] openstack user group lookup returns nothing

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When issuing "openstack group list --user <openldapuserID> --user-domain
<domain>" command on a domain associated with OpenLDAP, an incorrect
LDAP query is composed and openstack-keystone report just nothing.

OpenLDAP is running on a CentOS 7 host.
Openstack keystone release is Liberty running on a CentOS 7 host.
OpenLDAP version: OpenLDAP: slapd 2.4.39 (Sep 29 2015 13:31:12)
openstack v: 1.7.2

Keystone log when issuing the command:

LDAP search: base=ou=Group,dc=gvadc,dc=localdomain scope=2
filterstr=(&(memberUid=cn=<first_name
last_name>,ou=People,dc=<domain>,dc=localdomain)(objectClass=posixGroup)(cn=*))
attrs=['cn', 'description'] attrsonly=0 search_s /usr/lib/python2.7
/site-packages/keystone/common/ldap/core.py:934

When translating the query to ldapsearch returns no results because of the filterstr memberUID=cn=first_name last_name instead of the userid.
ldapsearch -H ldap://<openldapserver> -D cn=Manager,dc=<domain>,dc=localdomain -W -x -b ou=Group,dc=<domain>,dc=localdomain "(&(memberUid=cn=<first_name last_name>l,ou=People,dc=<domain>,dc=localdomain)(objectClass=posixGroup)(cn=*))"

With the correct filter, the search is successfull
ldapsearch -H ldap://<openldapserver> -D cn=Manager,dc=<domain>,dc=localdomain -W -x -b ou=Group,dc=<domain>,dc=localdomain "(&(memberUid=<openldapuserID)(objectClass=posixGroup)(cn=*))"

So it seems that the filterstr is not correctly composed by the
openstack-python scripts.

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1546136

Title:
  openstack user group lookup returns nothing

Status in OpenStack Identity (keystone):
  New

Bug description:
  When issuing "openstack group list --user <openldapuserID> --user-
  domain <domain>" command on a domain associated with OpenLDAP, an
  incorrect LDAP query is composed and openstack-keystone report just
  nothing.

  OpenLDAP is running on a CentOS 7 host.
  Openstack keystone release is Liberty running on a CentOS 7 host.
  OpenLDAP version: OpenLDAP: slapd 2.4.39 (Sep 29 2015 13:31:12)
  openstack v: 1.7.2

  Keystone log when issuing the command:

  LDAP search: base=ou=Group,dc=gvadc,dc=localdomain scope=2
  filterstr=(&(memberUid=cn=<first_name
  last_name>,ou=People,dc=<domain>,dc=localdomain)(objectClass=posixGroup)(cn=*))
  attrs=['cn', 'description'] attrsonly=0 search_s /usr/lib/python2.7
  /site-packages/keystone/common/ldap/core.py:934

  When translating the query to ldapsearch returns no results because of the filterstr memberUID=cn=first_name last_name instead of the userid.
  ldapsearch -H ldap://<openldapserver> -D cn=Manager,dc=<domain>,dc=localdomain -W -x -b ou=Group,dc=<domain>,dc=localdomain "(&(memberUid=cn=<first_name last_name>l,ou=People,dc=<domain>,dc=localdomain)(objectClass=posixGroup)(cn=*))"

  With the correct filter, the search is successfull
  ldapsearch -H ldap://<openldapserver> -D cn=Manager,dc=<domain>,dc=localdomain -W -x -b ou=Group,dc=<domain>,dc=localdomain "(&(memberUid=<openldapuserID)(objectClass=posixGroup)(cn=*))"

  So it seems that the filterstr is not correctly composed by the
  openstack-python scripts.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1546136/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next