OpenStack Identity (keystone)

Keystone to ignore ldap users/groups with blank spaces in their name

Bug #1727726 reported by prashkre
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
prashkre
OpenStack Identity (keystone) queens-2

Bug Description

With ldap server as backend, keystone has to handle users whose names having only white spaces.

For e.g. From the below ldap query user result, keystone has to ignore user "'dn': u'cn=\\ \\ ,o=suffix2,o=IBM_SUFFIX'" which has only white spaces in its name.

ldap_query_result =
[{'dn': u'cn=arc1_posix_user,o=suffix2,o=IBM_SUFFIX', 'id': u'arc1_posix_user_uid', 'name': u'arc1_posix_user'},
 {'dn': u'cn=arc1_posix_user_group,O=IBM_SUFFIX', 'id': u'arc1_posix_user_group', 'name': u'arc1_posix_user_group'},
 {'dn': u'cn=\\ \\ ,o=suffix2,o=IBM_SUFFIX', 'id': u'arc1_posix_user', 'name': u' '},
 {'dn': u'cn=arc1_posix_user3,o=suffix2,O=IBM_SUFFIX', 'id': u'arc1_posix_user', 'name': u'arc1_posix_user3'}]

prashkre (prashkre)
summary: - Keystone to ignore ldap users with blank spaces in names
+ Keystone to ignore ldap users with blank spaces in their name
prashkre (prashkre)
Changed in keystone:
assignee: nobody → prashkre (prashkre)
summary: - Keystone to ignore ldap users with blank spaces in their name
+ Keystone to ignore ldap users/groups with blank spaces in their name
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/515409

Changed in keystone:
status: New → In Progress
Lance Bragstad (lbragstad)
Changed in keystone:
importance: Undecided → Medium
tags: added: ldap
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/515409
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=789573a0f17fd3ea8abd1a89034b865035925a8f
Submitter: Zuul
Branch: master

commit 789573a0f17fd3ea8abd1a89034b865035925a8f
Author: prashkre <email address hidden>
Date: Thu Oct 26 18:47:33 2017 +0530

    Filter users/groups in ldap with whitespaces

    All users and groups are required to have a name. With this fix,
    Keystone will ignore users and groups that do have only white
    spaces as value for the LDAP attribute which Keystone has been
    configured to use for that entity's name.

    Change-Id: Id539e1b7e1cea8b05cd9bb753707e1fc98244d29
    Closes-Bug: #1727726

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/519846

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/pike)

Reviewed: https://review.openstack.org/519846
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=d0721d7cf4dc808946a7016b0ca2830c8850d5d9
Submitter: Zuul
Branch: stable/pike

commit d0721d7cf4dc808946a7016b0ca2830c8850d5d9
Author: prashkre <email address hidden>
Date: Thu Oct 26 18:47:33 2017 +0530

    Filter users/groups in ldap with whitespaces

    All users and groups are required to have a name. With this fix,
    Keystone will ignore users and groups that do have only white
    spaces as value for the LDAP attribute which Keystone has been
    configured to use for that entity's name.

    Change-Id: Id539e1b7e1cea8b05cd9bb753707e1fc98244d29
    Closes-Bug: #1727726
    (cherry picked from commit 789573a0f17fd3ea8abd1a89034b865035925a8f)

tags: added: in-stable-pike
Lance Bragstad (lbragstad)
Changed in keystone:
milestone: none → queens-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 13.0.0.0b2

This issue was fixed in the openstack/keystone 13.0.0.0b2 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 12.0.1

This issue was fixed in the openstack/keystone 12.0.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.