** Changed in: keystone/kilo Status: Fix Committed => Fix Released
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1468000 Title: Group lookup by name in LDAP via v3 fails Status in OpenStack Identity (keystone): Fix Released Status in OpenStack Identity (keystone) kilo series: Fix Released Bug description: This bug is similar to https://bugs.launchpad.net/keystone/+bug/1454309 but relates to groups. When issuing an "openstack group show <group_name>" command on a domain associated with LDAP, invalid LDAP query is composed and Keystone returns ISE 500: $ openstack --os-token ADMIN --os-url http://localhost:35357/v3 --os-identity-api-version 3 group show --domain ad 'Domain Admins' ERROR: openstack An unexpected error prevented the server from fulfilling your request: {'desc': 'Bad search filter'} (Disable debug mode to suppress these details.) (HTTP 500) (Request-ID: req-06fd5907-6ade-4872-95ab-e66f0809986a) Here's the log: 2015-06-23 15:59:41.627 8571 DEBUG keystone.common.ldap.core [-] LDAP search: base=CN=Users,DC=dept,DC=example,DC=org scope=2 filterstr=(&(&None(sAMAccountName=Domain Admins))(objectClass=group)) attrs=['cn', 'sAMAccountName', 'description'] attrsonly=0 search_s /home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py:933 2015-06-23 15:59:41.628 8571 DEBUG keystone.common.ldap.core [-] LDAP unbind unbind_s /home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py:906 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi [-] {'desc': 'Bad search filter'} 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi Traceback (most recent call last): 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/wsgi.py", line 240, in __call__ 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi result = method(context, **params) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/controller.py", line 202, in wrapper 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self, context, filters, **kwargs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/controllers.py", line 310, in list_groups 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi hints=hints) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/manager.py", line 54, in wrapper 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py", line 342, in wrapper 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py", line 353, in wrapper 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self, *args, **kwargs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py", line 1003, in list_groups 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi ref_list = driver.list_groups(hints) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/backends/ldap.py", line 164, in list_groups 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return self.group.get_all_filtered(hints) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/backends/ldap.py", line 402, in get_all_filtered 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi for group in self.get_all(query)] 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 1507, in get_all 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi for x in self._ldap_get_all(ldap_filter)] 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 1469, in _ldap_get_all 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 946, in search_s 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrlist_utf8, attrsonly) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 642, in wrapper 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return func(self, conn, *args, **kwargs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py", line 772, in search_s 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrsonly) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 559, in search_s 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 920, in search_ext_s 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 862, in _apply_method_s 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return func(self,*args,**kwargs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 552, in search_ext_s 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 548, in search_ext 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi timeout,sizelimit, 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File "/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi result = func(*args,**kwargs) 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi FILTER_ERROR: {'desc': 'Bad search filter'} 2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi 2015-06-23 15:59:41.650 8571 INFO eventlet.wsgi.server [-] 127.0.0.1 - - [23/Jun/2015 15:59:41] "GET /v3/groups?domain_id=a225c3b5b4af44a2964b7f941538bc45&name=Domain+Admins HTTP/1.1" 500 459 0.104950 Bug is reproduced on current keystone master (Liberty). To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1468000/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp