yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1862606] [NEW] LDAP support broken if UTF8 characters in DN (python2)

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rafal Ramocki <rafal.ramocki@xxxxx>
Date: Mon, 10 Feb 2020 09:18:26 -0000
Reply-to: Bug 1862606 <1862606@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Bug is probably related with this one:

https://bugs.launchpad.net/keystone/+bug/1798184
https://bugs.launchpad.net/keystone/+bug/1820333


On keystone 14.1.0 (Rocky) it trows exception when there are UTF-8 encoded characters on users's DN. We're using openldap. In our schema DN is cn=first_name last_name,ou=employee,ou=users,dc=(...). In Poland names with local, utf encoded leters are very common.


It looks like bug can be fixed by following change:

--- a/keystone/identity/backends/ldap/common.py
+++ b/keystone/identity/backends/ldap/common.py
@@ -177,7 +177,7 @@ def convert_ldap_result(ldap_result):
                 ldap_attrs[kind] = [val2py(x) for x in values]
             except UnicodeDecodeError:
                 LOG.debug('Unable to decode value for attribute %s', kind)
-        py_result.append((dn, ldap_attrs))
+        py_result.append((utf8_decode(dn), ldap_attrs))
     if at_least_one_referral:
         LOG.debug('Referrals were returned and ignored. Enable referral '
                   'chasing in keystone.conf via [ldap] chase_referrals')

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1862606

Title:
  LDAP support broken if UTF8 characters in DN (python2)

Status in OpenStack Identity (keystone):
  New

Bug description:
  Bug is probably related with this one:

  https://bugs.launchpad.net/keystone/+bug/1798184
  https://bugs.launchpad.net/keystone/+bug/1820333

  
  On keystone 14.1.0 (Rocky) it trows exception when there are UTF-8 encoded characters on users's DN. We're using openldap. In our schema DN is cn=first_name last_name,ou=employee,ou=users,dc=(...). In Poland names with local, utf encoded leters are very common.


  It looks like bug can be fixed by following change:

  --- a/keystone/identity/backends/ldap/common.py
  +++ b/keystone/identity/backends/ldap/common.py
  @@ -177,7 +177,7 @@ def convert_ldap_result(ldap_result):
                   ldap_attrs[kind] = [val2py(x) for x in values]
               except UnicodeDecodeError:
                   LOG.debug('Unable to decode value for attribute %s', kind)
  -        py_result.append((dn, ldap_attrs))
  +        py_result.append((utf8_decode(dn), ldap_attrs))
       if at_least_one_referral:
           LOG.debug('Referrals were returned and ignored. Enable referral '
                     'chasing in keystone.conf via [ldap] chase_referrals')

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1862606/+subscriptions

Follow ups

[Bug 1862606] Re: LDAP support broken if UTF8 characters in DN (python2)
From: Rafal, 2020-02-19