← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1394083] Re: ldap user_filter is not honored while authenticating

 

[Expired for OpenStack Identity (keystone) because there has been no
activity for 60 days.]

** Changed in: keystone
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1394083

Title:
  ldap user_filter is not honored while authenticating

Status in OpenStack Identity (keystone):
  Expired

Bug description:
  When full LDAP logging is enabled, we can see that the inital LDAP
  search query does not use the user_filter while it tries to find the
  user DN from the LDAP.

  This causes authentication to fail if we have two users with same name
  in the LDAP  in the same tree but with different ids. We use memberOf
  filter to limit which users are seen by Keystone.

  I traced the issue to keystone/common/ldap/core.py method get_by_name
  which only seems to filter by user name ignoring the filter set in the
  configuration.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1394083/+subscriptions


References