← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #81100

[Bug 1857086] [NEW] Trying to update user options field for ldap user gives 403 forbidden

  Thread PreviousDate PreviousThread Next 
Public bug reported:

I am trying to set up MFA for ldap users. Ldap configuration is done.
While running the below api as an admin, I get the 403 forbidden error.

PATCH "/v3/users/{user_id}"

{
    "user": {
        "enabled": true,
        "options": {
            "multi_factor_auth_enabled": true
        }
    }
}

Result -> You are not authorized to perform the requested action, 403
Forbidden.

There is not much information in the logs. Found the below in
keystone.log,

2019-12-19 23:58:59.759 51472 WARNING keystone.server.flask.application
[req-7d011897-6662-46d1-9df3-8956bf9f5639
bf9f5018298590e9c675df62943158939e2e145758538564bca05042bc0a556a
f9fe381c5db344ec8445bb8d45d0285b - default default] You are not
authorized to perform the requested action.: Forbidden: You are not
authorized to perform the requested action.

Is this a bug or setting user options is not allowed for ldap users?

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1857086

Title:
  Trying to update user options field for ldap user gives 403 forbidden

Status in OpenStack Identity (keystone):
  New

Bug description:
  I am trying to set up MFA for ldap users. Ldap configuration is done.
  While running the below api as an admin, I get the 403 forbidden
  error.

  PATCH "/v3/users/{user_id}"

  {
      "user": {
          "enabled": true,
          "options": {
              "multi_factor_auth_enabled": true
          }
      }
  }

  Result -> You are not authorized to perform the requested action, 403
  Forbidden.

  There is not much information in the logs. Found the below in
  keystone.log,

  2019-12-19 23:58:59.759 51472 WARNING
  keystone.server.flask.application [req-
  7d011897-6662-46d1-9df3-8956bf9f5639
  bf9f5018298590e9c675df62943158939e2e145758538564bca05042bc0a556a
  f9fe381c5db344ec8445bb8d45d0285b - default default] You are not
  authorized to perform the requested action.: Forbidden: You are not
  authorized to perform the requested action.

  Is this a bug or setting user options is not allowed for ldap users?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1857086/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next