** Changed in: keystone/icehouse
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1361306
Title:
Keystone doesn't handle user_attribute_id mapping
Status in Keystone:
Fix Released
Status in Keystone icehouse series:
Won't Fix
Bug description:
By default keystone gets the id from first field of DN. It doesn't use
user_id_attibute mapping from keystone.conf
In the following code, "id" attribute is always 1 element in DN
---Relevent code---
https://github.com/openstack/keystone/blob/de2c6e15b9f45969c307ac6d1f634d933537aeaa/keystone/common/ldap/core.py#L1277-L1304
@staticmethod
def _dn_to_id(dn):
return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])
def _ldap_res_to_model(self, res):
obj = self.model(id=self._dn_to_id(res[0]))
# LDAP attribute names may be returned in a different case than
# they are defined in the mapping, so we need to check for keys
# in a case-insensitive way. We use the case specified in the
# mapping for the model to ensure we have a predictable way of
# retrieving values later.
lower_res = dict((k.lower(), v) for k, v in six.iteritems(res[1]))
for k in obj.known_keys:
if k in self.attribute_ignore:
continue
try:
v = lower_res[self.attribute_mapping.get(k, k).lower()]
except KeyError:
pass
else:
try:
obj[k] = v[0]
except IndexError:
obj[k] = None
return obj
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1361306/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
