[Expired for OpenStack Identity (keystone) because there has been no
activity for 60 days.]
** Changed in: keystone
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1692090
Title:
_dn_to_id ignores user_id_attribute
Status in OpenStack Identity (keystone):
Expired
Bug description:
_dn_to_id is not affected when user_id_attribute is changed in keystone.conf.
https://github.com/openstack/keystone/blob/c3ca06ff47cced16ea9de3d6ef1a6c583bb3cf38/keystone/identity/backends/ldap/common.py#L1280
Considering the following LDAP directory:
...
# userid, Users, openstack.org
dn: cn=userid,ou=Users,dc=openstack,dc=org
objectClass: inetOrgPerson
userPassword:: e1NTSEF9Rit1bTlOS2FKdWM2bWFhWUtmRGQ5dmlBdEd6NEFydHY=
sn: 25cbd5b54da849128b89c3f7ab6e5bff
cn: userid
# test-group, UserGroups, openstack.org
dn: cn=test-group,ou=UserGroups,dc=openstack,dc=org
objectClass: groupOfNames
cn: test-group
ou: f44a7fbb9e174ba5823474c759d43643
member: cn=userid,ou=Users,dc=openstack,dc=org
...
keystone.conf:
...
user_id_attribute = sn
user_name_attribute = cn
...
This results in users unable to found in groups.
e.g. `openstack user list --domain default --group test-group`
Expected: User ID and Name are returned
+----------------------------------+---------------------+
| ID | Name |
+----------------------------------+---------------------+
| 25cbd5b54da849128b89c3f7ab6e5bff | userid |
+----------------------------------+---------------------+
Actual: Nothing is returned
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1692090/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
