← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #64131

[Bug 1692090] [NEW] _dn_to_id ignores user_id_attribute

  Thread PreviousDate PreviousThread Next 
Public bug reported:

_dn_to_id is not affected when user_id_attribute is changed in keystone.conf.
https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L1280

Considering the following LDAP directory:

...
# userid, Users, openstack.org
dn: cn=userid,ou=Users,dc=openstack,dc=org
objectClass: inetOrgPerson
userPassword:: e1NTSEF9Rit1bTlOS2FKdWM2bWFhWUtmRGQ5dmlBdEd6NEFydHY=
sn: 25cbd5b54da849128b89c3f7ab6e5bff
cn: userid

# test-group, UserGroups, openstack.org
dn: cn=test-group,ou=UserGroups,dc=openstack,dc=org
objectClass: groupOfNames
cn: test-group
ou: f44a7fbb9e174ba5823474c759d43643
member: cn=userid,ou=Users,dc=openstack,dc=org
...

keystone.conf:

...
user_id_attribute = sn
user_name_attribute = cn
...

This results in users unable to found in groups.
e.g. `openstack user list --domain default --group test-group`
Expected: User ID and Name are returned
+----------------------------------+---------------------+
| ID                               | Name                |
+----------------------------------+---------------------+
| 25cbd5b54da849128b89c3f7ab6e5bff | userid              |
+----------------------------------+---------------------+

Actual: Nothing is returned

** Affects: keystone
     Importance: Undecided
     Assignee: Boris Kudryavtsev (bkudryavtsev)
         Status: New


** Tags: ldap

** Changed in: keystone
     Assignee: (unassigned) => Boris Kudryavtsev (bkudryavtsev)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1692090

Title:
  _dn_to_id ignores user_id_attribute

Status in OpenStack Identity (keystone):
  New

Bug description:
  _dn_to_id is not affected when user_id_attribute is changed in keystone.conf.
  https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L1280

  Considering the following LDAP directory:

  ...
  # userid, Users, openstack.org
  dn: cn=userid,ou=Users,dc=openstack,dc=org
  objectClass: inetOrgPerson
  userPassword:: e1NTSEF9Rit1bTlOS2FKdWM2bWFhWUtmRGQ5dmlBdEd6NEFydHY=
  sn: 25cbd5b54da849128b89c3f7ab6e5bff
  cn: userid

  # test-group, UserGroups, openstack.org
  dn: cn=test-group,ou=UserGroups,dc=openstack,dc=org
  objectClass: groupOfNames
  cn: test-group
  ou: f44a7fbb9e174ba5823474c759d43643
  member: cn=userid,ou=Users,dc=openstack,dc=org
  ...

  keystone.conf:

  ...
  user_id_attribute = sn
  user_name_attribute = cn
  ...

  This results in users unable to found in groups.
  e.g. `openstack user list --domain default --group test-group`
  Expected: User ID and Name are returned
  +----------------------------------+---------------------+
  | ID                               | Name                |
  +----------------------------------+---------------------+
  | 25cbd5b54da849128b89c3f7ab6e5bff | userid              |
  +----------------------------------+---------------------+

  Actual: Nothing is returned

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1692090/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next