yahoo-eng-team team mailing list archive

[Matthew Edmonds <edmondsw@xxxxxxxxxx>]

Yeah, those instructions were followed, but the problem here was that
some users didn't have a value set in the property that was used for
name. More specifically, the customer used a field that holds the email
address as the name, and some users didn't have an email address. But
even beyond that, we couldn't tell them to use a different LDAP
attribute because there was no single attribute that consistently had a
value for all users, even cn. You could argue that LDAP was
misconfigured, but good luck getting that fixed in a large enterprise
environment (which this was). You could argue that keystone was
misconfigured, but in this case there was not a better LDAP attribute to
use for name. So I'd like to see keystone handle this better somehow.
Could keystone report a name of "" or "<missing>" or something when the
attribute that is supposed to have the name is not found on a given
resource?

** Changed in: keystone
       Status: Invalid => New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1704205

Title:
  GET /v3/role_assignments?effective&include_names API fails with
  unexpected 500 error

Status in OpenStack Identity (keystone):
  New

Bug description:
  In an environment like ldap server as identity backend, where a group
  has role assignment but some users in group doesn't have "name"
  attribute configured in ldap. So while fetching effective role
  assignments with include_names, it is failing in below stack trace
  error.

  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi Traceback (most recent call last):
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi     result = method(req, **params)
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 999, in list_role_assignments_wrapper
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi     return self.list_role_assignments(request)
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/controller.py", line 235, in wrapper
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi     return f(self, request, filters, **kwargs)
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 956, in list_role_assignments
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi     return self._list_role_assignments(request, filters)
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/assignment/controllers.py", line 945, in _list_role_assignments
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi     include_names=include_names)
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/manager.py", line 123, in wrapped
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi     __ret_val = __f(*args, **kwargs)
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 948, in list_role_assignments
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi     return self._get_names_from_role_assignments(role_assignments)
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/assignment/core.py", line 974, in _get_names_from_role_assignments
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi     new_assign['user_name'] = _user['name']
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi KeyError: 'name'
  2017-07-13 05:06:10.835 10460 ERROR keystone.common.wsgi

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1704205/+subscriptions