yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #54660
[Bug 1609653] [NEW] keystone ldap does not support Hebrew
Public bug reported:
We are trying to integrate openstack kilo with the customer active
directory. We followed this steps:
http://docs.openstack.org/developer/keystone/configuration.html#configuring-the-ldap-identity-provider
But we have some issues with users who are defined with Hebrew
distinguished names. The keystone ignores all users data with
base64 encoded.
Digged into the source files, we found that following changes are needed to enable the support:
--- keystone/common/ldap/core.py.orig 2016-07-15 11:13:02.894182008 +0100
+++ keystone/common/ldap/core.py 2016-07-18 10:22:32.958092493 +0100
@@ -13,6 +13,7 @@
# under the License.
import abc
+import base64
import codecs
import functools
import os.path
@@ -117,7 +118,15 @@ def enabled2py(val):
return int(val)
except ValueError:
pass
- return utf8_decode(val)
+ if val is None:
+ return None
+ if val.startswith(': '):
+ try:
+ return utf8_decode(base64.urlsafe_b64decode(val[2:]))
+ except:
+ return utf8_decode(val)
+ else:
+ return utf8_decode(val)
def ldap2py(val):
@@ -129,7 +138,15 @@ def ldap2py(val):
:param val: LDAP formatted value
:returns: val converted to preferred Python type
"""
- return utf8_decode(val)
+ if val is None:
+ return None
+ if val.startswith(': '):
+ try:
+ return utf8_decode(base64.urlsafe_b64decode(val[2:]))
+ except:
+ return utf8_decode(val)
+ else:
+ return utf8_decode(val)
def convert_ldap_result(ldap_result):
I've checked the source in Mitaka, to find this case is not handdled either. Not sure if it's considered of in Newton release.
In general, release kilo,liberty, Mitaka all has this bug.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1609653
Title:
keystone ldap does not support Hebrew
Status in OpenStack Identity (keystone):
New
Bug description:
We are trying to integrate openstack kilo with the customer active
directory. We followed this steps:
http://docs.openstack.org/developer/keystone/configuration.html#configuring-the-ldap-identity-provider
But we have some issues with users who are defined with Hebrew
distinguished names. The keystone ignores all users data with
base64 encoded.
Digged into the source files, we found that following changes are needed to enable the support:
--- keystone/common/ldap/core.py.orig 2016-07-15 11:13:02.894182008 +0100
+++ keystone/common/ldap/core.py 2016-07-18 10:22:32.958092493 +0100
@@ -13,6 +13,7 @@
# under the License.
import abc
+import base64
import codecs
import functools
import os.path
@@ -117,7 +118,15 @@ def enabled2py(val):
return int(val)
except ValueError:
pass
- return utf8_decode(val)
+ if val is None:
+ return None
+ if val.startswith(': '):
+ try:
+ return utf8_decode(base64.urlsafe_b64decode(val[2:]))
+ except:
+ return utf8_decode(val)
+ else:
+ return utf8_decode(val)
def ldap2py(val):
@@ -129,7 +138,15 @@ def ldap2py(val):
:param val: LDAP formatted value
:returns: val converted to preferred Python type
"""
- return utf8_decode(val)
+ if val is None:
+ return None
+ if val.startswith(': '):
+ try:
+ return utf8_decode(base64.urlsafe_b64decode(val[2:]))
+ except:
+ return utf8_decode(val)
+ else:
+ return utf8_decode(val)
def convert_ldap_result(ldap_result):
I've checked the source in Mitaka, to find this case is not handdled either. Not sure if it's considered of in Newton release.
In general, release kilo,liberty, Mitaka all has this bug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1609653/+subscriptions
