← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1672425] Re: No 'options' attribute in user_ref when using LDAP identity backend

 

*** This bug is a duplicate of bug 1662762 ***
    https://bugs.launchpad.net/bugs/1662762

The fix for this was merged to master and was backported to ocata.

** This bug has been marked a duplicate of bug 1662762
   Authentication for LDAP user fails at MFA rule check

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1672425

Title:
  No 'options' attribute in user_ref when using LDAP identity backend

Status in OpenStack Identity (keystone):
  In Progress

Bug description:
  While testing the ocata codebase, it seems that the addition of the
  multifactor auth in core, breaks our LDAP identity backend.

  We are getting an exception while loading the user to check if it has
  MFA enabled or not. The LDAP identity driver does not provide a
  options attribute for the user and then it throws an exception in this
  specific line
  (https://github.com/openstack/keystone/blob/8ff15d3e0fc2cf1bdfb202c54a6816a9676119fe/keystone/auth/core.py#L377)

  For giving some context, these are the 2 lines concerned
  (keystone/auth/core.py)

  376:        user_ref = self.identity_api.get_user(user_id)
  377:        mfa_rules = user_ref['options'].get(ro.MFA_RULES_OPT.option_name, [])

  The first one loads the user from the identity driver and the 2nd one
  uses an attribute that does not exist in LDAP implementation, so it
  throws an exception

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1672425/+subscriptions


References