yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1577804] Re: /v3/users?name=<name> bypasses user_filter for LDAP

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Steve Martinelli <1577804@xxxxxxxxxxxxxxxxxx>
Date: Thu, 07 Jul 2016 18:09:07 -0000
Reply-to: Bug 1577804 <1577804@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
    Milestone: None => newton-1

** Also affects: keystone/mitaka
   Importance: Undecided
       Status: New

** Changed in: keystone/mitaka
       Status: New => Fix Released

** Changed in: keystone/mitaka
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1577804

Title:
  /v3/users?name=<name> bypasses user_filter for LDAP

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) mitaka series:
  Fix Released

Bug description:
  using the LDAP driver with user_filter, a GET /v3/users?name=<name>
  returns users that do not match the filter.

  e.g.:

  user_filter = (|(uid=arc1_admin)(uid=arc1_stgmgr))

  # openstack user list
  +----------------------------------------------------------------+-------------+
  | ID                                                             | Name        |
  +----------------------------------------------------------------+-------------+
  | 91476076d6686143dff68d08e87358a29daf0725c549008f9c0852d2c7ab8e | arc1_admin  |
  | 42                                                             |             |
  | 8c1beab95fc4c2b009383827f1ea1ec2880fa6eb5bbe42aebd43aab21ad685 | arc1_stgmgr |
  | b2                                                             |             |
  +----------------------------------------------------------------+-------------+

  
  # openstack user show arc1_dep
  +-----------+------------------------------------------------------------------+
  | Field     | Value                                                            |
  +-----------+------------------------------------------------------------------+
  | domain_id | default                                                          |
  | id        | 631bbab78e33e554bc6c7fd53071c6e046fd37680b1b154261bd6183b123e8b0 |
  | name      | arc1_dep                                                         |
  +-----------+------------------------------------------------------------------+

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1577804/+subscriptions

References

[Bug 1577804] [NEW] /v3/users?name=<name> bypasses user_filter for LDAP
From: Matthew Edmonds, 2016-05-03