yahoo-eng-team team mailing list archive

[Rafal <rafal.ramocki@xxxxxxxxx>]

During work on keystone it appeared that bug is only releated when
use_pool=True in keystone (default). It seams that #1798184 was partial
and may not work for pooled connections.

** Also affects: ldappool
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1862606

Title:
  LDAP support broken if UTF8 characters in DN (python2)

Status in OpenStack Identity (keystone):
  In Progress
Status in ldappool:
  New

Bug description:
  Bug is probably related with this one:

  https://bugs.launchpad.net/keystone/+bug/1798184
  https://bugs.launchpad.net/keystone/+bug/1820333

  
  On keystone 14.1.0 (Rocky) it trows exception when there are UTF-8 encoded characters on users's DN. We're using openldap. In our schema DN is cn=first_name last_name,ou=employee,ou=users,dc=(...). In Poland names with local, utf encoded leters are very common.


  It looks like bug can be fixed by following change:

  --- a/keystone/identity/backends/ldap/common.py
  +++ b/keystone/identity/backends/ldap/common.py
  @@ -177,7 +177,7 @@ def convert_ldap_result(ldap_result):
                   ldap_attrs[kind] = [val2py(x) for x in values]
               except UnicodeDecodeError:
                   LOG.debug('Unable to decode value for attribute %s', kind)
  -        py_result.append((dn, ldap_attrs))
  +        py_result.append((utf8_decode(dn), ldap_attrs))
       if at_least_one_referral:
           LOG.debug('Referrals were returned and ignored. Enable referral '
                     'chasing in keystone.conf via [ldap] chase_referrals')

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1862606/+subscriptions