yahoo-eng-team team mailing list archive

[Lance Bragstad <lbragstad@xxxxxxxxx>]

I'm going to mark this as Invalid for the time being since we don't have
a plan to support MFA for non-SQL users. Please feel free to continue
using this bug report for discussion, though.

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1857086

Title:
  Trying to update user options field for ldap user gives 403 forbidden

Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  I am trying to set up MFA for ldap users. Ldap configuration is done.
  While running the below api as an admin, I get the 403 forbidden
  error.

  PATCH "/v3/users/{user_id}"

  {
      "user": {
          "enabled": true,
          "options": {
              "multi_factor_auth_enabled": true
          }
      }
  }

  Result -> You are not authorized to perform the requested action, 403
  Forbidden.

  There is not much information in the logs. Found the below in
  keystone.log,

  2019-12-19 23:58:59.759 51472 WARNING
  keystone.server.flask.application [req-
  7d011897-6662-46d1-9df3-8956bf9f5639
  bf9f5018298590e9c675df62943158939e2e145758538564bca05042bc0a556a
  f9fe381c5db344ec8445bb8d45d0285b - default default] You are not
  authorized to perform the requested action.: Forbidden: You are not
  authorized to perform the requested action.

  Is this a bug or setting user options is not allowed for ldap users?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1857086/+subscriptions