[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
This is fixed in xenial-queens keystone 2:13.0.2-0ubuntu3~cloud0. ** Changed in: cloud-archive/queens Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Hi @dorina-t this patch is already release in Bionic (Queens) and is ready to be released for xenial Queens UCA so lets ping @corey.bryant to see if he can get it released. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Hi all, would it be possible to obtain the hotfix for Queens, so we can provide it to a customer, who would like to test it in their Lab environment? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
This bug was fixed in the package keystone - 2:13.0.2-0ubuntu3 --- keystone (2:13.0.2-0ubuntu3) bionic; urgency=medium * d/p/0002-fixing-dn-to-id.patch: Dropped. This patch shouldn't have been backported to stable/queens (LP: #1850634). -- Corey Bryant Wed, 30 Oct 2019 08:55:58 -0400 ** Changed in: keystone (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
** Changed in: cloud-archive Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
@Corey, verification done ;-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
@Felipe, by any chance can you re-test with the fix for LP: #1850634 which is in bionic-proposed? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
tested the package that fixes this bugfollowing the instructions at https://launchpadlibrarian.net/449185359/bug-1782922-testing.txt, everything works ok, and no regressions were detected. testing bed log: $ tox -e func-smoke func-smoke installed: DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support,amulet==1.21.0,aodhclient==1.3.0,appdirs==1.4.3,Babel==2.7.0,backports.os==0.1.1,blessings==1.6,bundletester==0.12.2,certifi==2019.9.11,cffi==1.13.1,chardet==3.0.4,charm-tools==2.7.2,charmhelpers==0.20.4,Cheetah3==3.2.4,cliff==2.16.0,cmd2==0.8.9,colander==1.7.0,configparser==4.0.2,contextlib2==0.6.0.post1,coverage==4.5.4,cryptography==2.8,debtcollector==1.22.0,decorator==4.4.0,dict2colander==0.2,distro==1.4.0,distro-info==0.0.0,dogpile.cache==0.8.0,entrypoints==0.3,enum34==1.1.6,extras==1.0.0,fasteners==0.15,fixtures==3.0.0,flake8==2.4.1,funcsigs==1.0.2,functools32==3.2.3.post2,future==0.18.1,futures==3.3.0,futurist==1.9.0,gnocchiclient==3.1.1,httplib2==0.14.0,idna==2.8,importlib-metadata==0.23,ipaddress==1.0.23,iso8601==0.1.12,Jinja2==2.10.3,jmespath==0.9.4,jsonpatch==1.24,jsonpointer==2.0,jsonschema==2.5.1,juju-deployer==0.11.0,juju-wait==2.5.0,jujubundlelib==0.5.6,jujuclient==0.54.0,keyring==18.0.1,keystoneauth1==3.18.0,launchpadlib==1.10.7,lazr.authentication==0.1.3,lazr.restfulclient==0.14.2,lazr.uri==1.0.3,libcharmstore==0.0.9,linecache2==1.0.0,macaroonbakery==1.2.3,MarkupSafe==1.1.1,mccabe==0.3.1,mock==3.0.5,monotonic==1.5,more-itertools==5.0.0,msgpack==0.6.2,munch==2.3.2,netaddr==0.7.19,netifaces==0.10.9,nose==1.3.7,oauth==1.0.1,oauthlib==3.1.0,openstacksdk==0.36.0,os-client-config==1.33.0,os-service-types==1.7.0,osc-lib==1.14.1,oslo.concurrency==3.30.0,oslo.config==6.11.1,oslo.context==2.23.0,oslo.i18n==3.24.0,oslo.log==3.44.1,oslo.serialization==2.29.2,oslo.utils==3.41.2,osprofiler==2.8.2,otherstuf==1.1.0,parse==1.12.1,path.py==11.5.2,pathlib2==2.3.5,pathspec==0.3.4,pbr==5.4.3,pep8==1.7.1,pika==0.13.1,pkg-resources==0.0.0,prettytable==0.7.2,protobuf==3.10.0,pycparser==2.19,pyflakes==0.8.1,pyinotify==0.9.6,pymacaroons==0.13.0,PyNaCl==1.3.0,pyOpenSSL==19.0.0,pyparsing==2.4.2,pyperclip==1.7.0,pyRFC3339==1.1,python-barbicanclient==4.9.0,python-ceilometerclient==2.9.0,python-cinderclient==4.3.0,python-dateutil==2.8.0,python-designateclient==3.0.0,python-glanceclient==2.17.0,python-heatclient==1.18.0,python-keystoneclient==3.22.0,python-manilaclient==1.29.0,python-mimeparse==1.6.0,python-neutronclient==6.14.0,python-novaclient==16.0.0,python-openstackclient==4.0.0,python-subunit==1.3.0,python-swiftclient==3.8.1,pytz==2019.3,pyudev==0.21.0,PyYAML==3.13,requests==2.22.0,requestsexceptions==1.4.0,rfc3986==1.3.2,ruamel.ordereddict==0.4.14,ruamel.yaml==0.15.100,scandir==1.10.0,SecretStorage==2.3.1,simplejson==3.16.0,six==1.12.0,stestr==2.5.1,stevedore==1.31.0,stuf==0.9.16,subprocess32==3.5.4,Tempita==0.5.2,testresources==2.0.1,testtools==2.3.0,theblues==0.5.2,traceback2==1.4.0,translationstring==1.3,unicodecsv==0.14.1,unittest2==1.1.0,urllib3==1.25.6,vergit==1.0.2,virtualenv==16.7.7,voluptuous==0.11.7,wadllib==1.3.3,warlock==1.3.3,wcwidth==0.1.7,WebOb==1.8.5,websocket-client==0.40.0,wrapt==1.11.2,wsgi-intercept==1.9.0,zipp==0.6.0,zope.interface==4.6.0 func-smoke run-test-pre: PYTHONHASHSEED='0' func-smoke runtests: commands[0] | bundletester -vl DEBUG -r json -o func-results.json gate-basic-xenial-queens --no-destroy DEBUG:bundletester.utils:Updating JUJU_MODEL: "" -> "laptop:admin/lp1782922-xenial" DEBUG:root:Bootstrap environment: laptop:admin/lp1782922-xenial DEBUG:deployer.env:Connecting to laptop:admin/lp1782922-xenial... DEBUG:jujuclient.connector:Connecting to wss://10.5.0.7:17070/model/a92a4e4e-4efa-48c7-8682-62cfbc070af8/api DEBUG:deployer.env:Connected. DEBUG:deployer.env: Terminating machines forcefully INFO:deployer.env: Waiting for machine termination DEBUG:jujuclient.connector:Connecting to wss://10.5.0.7:17070/model/a92a4e4e-4efa-48c7-8682-62cfbc070af8/api DEBUG:root:Waiting for applications to be removed... DEBUG:runner:call ['/home/freyes/Projects/charms/openstack/builds/keystone-ldap/.tox/func-smoke/bin/charm-proof'] (cwd: /tmp/bundletester-j7cjEm/keystone-ldap) DEBUG:runner:I: `display-name` not provided, add for custom naming in the UI DEBUG:runner:I: config.yaml: option ssl_key has no default value DEBUG:runner:I: config.yaml: option ssl_cert has no default value DEBUG:runner:I: config.yaml: option ldap-user has no default value DEBUG:runner:I: config.yaml: option ldap-server has no default value DEBUG:runner:I: config.yaml: option ssl_ca has no default value DEBUG:runner:I: config.yaml: option ldap-password has no default value DEBUG:runner:I: config.yaml: option domain-name has no defa
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
I tested the fix for this code following the instructions at https://launchpadlibrarian.net/449185359/bug-1782922-testing.txt and everything works ok, and no regressions were detected. testing bed log: $ tox -e func-smoke func-smoke installed: DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support,amulet==1.21.0,aodhclient==1.3.0,appdirs==1.4.3,Babel==2.7.0,backports.os==0.1.1,blessings==1.6,bundletester==0.12.2,certifi==2019.9.11,cffi==1.13.1,chardet==3.0.4,charm-tools==2.7.2,charmhelpers==0.20.4,Cheetah3==3.2.4,cliff==2.16.0,cmd2==0.8.9,colander==1.7.0,configparser==4.0.2,contextlib2==0.6.0.post1,coverage==4.5.4,cryptography==2.8,debtcollector==1.22.0,decorator==4.4.0,dict2colander==0.2,distro==1.4.0,distro-info==0.0.0,dogpile.cache==0.8.0,entrypoints==0.3,enum34==1.1.6,extras==1.0.0,fasteners==0.15,fixtures==3.0.0,flake8==2.4.1,funcsigs==1.0.2,functools32==3.2.3.post2,future==0.18.1,futures==3.3.0,futurist==1.9.0,gnocchiclient==3.1.1,httplib2==0.14.0,idna==2.8,importlib-metadata==0.23,ipaddress==1.0.23,iso8601==0.1.12,Jinja2==2.10.3,jmespath==0.9.4,jsonpatch==1.24,jsonpointer==2.0,jsonschema==2.5.1,juju-deployer==0.11.0,juju-wait==2.5.0,jujubundlelib==0.5.6,jujuclient==0.54.0,keyring==18.0.1,keystoneauth1==3.18.0,launchpadlib==1.10.7,lazr.authentication==0.1.3,lazr.restfulclient==0.14.2,lazr.uri==1.0.3,libcharmstore==0.0.9,linecache2==1.0.0,macaroonbakery==1.2.3,MarkupSafe==1.1.1,mccabe==0.3.1,mock==3.0.5,monotonic==1.5,more-itertools==5.0.0,msgpack==0.6.2,munch==2.3.2,netaddr==0.7.19,netifaces==0.10.9,nose==1.3.7,oauth==1.0.1,oauthlib==3.1.0,openstacksdk==0.36.0,os-client-config==1.33.0,os-service-types==1.7.0,osc-lib==1.14.1,oslo.concurrency==3.30.0,oslo.config==6.11.1,oslo.context==2.23.0,oslo.i18n==3.24.0,oslo.log==3.44.1,oslo.serialization==2.29.2,oslo.utils==3.41.2,osprofiler==2.8.2,otherstuf==1.1.0,parse==1.12.1,path.py==11.5.2,pathlib2==2.3.5,pathspec==0.3.4,pbr==5.4.3,pep8==1.7.1,pika==0.13.1,pkg-resources==0.0.0,prettytable==0.7.2,protobuf==3.10.0,pycparser==2.19,pyflakes==0.8.1,pyinotify==0.9.6,pymacaroons==0.13.0,PyNaCl==1.3.0,pyOpenSSL==19.0.0,pyparsing==2.4.2,pyperclip==1.7.0,pyRFC3339==1.1,python-barbicanclient==4.9.0,python-ceilometerclient==2.9.0,python-cinderclient==4.3.0,python-dateutil==2.8.0,python-designateclient==3.0.0,python-glanceclient==2.17.0,python-heatclient==1.18.0,python-keystoneclient==3.22.0,python-manilaclient==1.29.0,python-mimeparse==1.6.0,python-neutronclient==6.14.0,python-novaclient==16.0.0,python-openstackclient==4.0.0,python-subunit==1.3.0,python-swiftclient==3.8.1,pytz==2019.3,pyudev==0.21.0,PyYAML==3.13,requests==2.22.0,requestsexceptions==1.4.0,rfc3986==1.3.2,ruamel.ordereddict==0.4.14,ruamel.yaml==0.15.100,scandir==1.10.0,SecretStorage==2.3.1,simplejson==3.16.0,six==1.12.0,stestr==2.5.1,stevedore==1.31.0,stuf==0.9.16,subprocess32==3.5.4,Tempita==0.5.2,testresources==2.0.1,testtools==2.3.0,theblues==0.5.2,traceback2==1.4.0,translationstring==1.3,unicodecsv==0.14.1,unittest2==1.1.0,urllib3==1.25.6,vergit==1.0.2,virtualenv==16.7.7,voluptuous==0.11.7,wadllib==1.3.3,warlock==1.3.3,wcwidth==0.1.7,WebOb==1.8.5,websocket-client==0.40.0,wrapt==1.11.2,wsgi-intercept==1.9.0,zipp==0.6.0,zope.interface==4.6.0 func-smoke run-test-pre: PYTHONHASHSEED='0' func-smoke runtests: commands[0] | bundletester -vl DEBUG -r json -o func-results.json gate-basic-bionic-queens --no-destroy DEBUG:bundletester.utils:Updating JUJU_MODEL: "" -> "laptop:admin/lp1782922-bionic" DEBUG:root:Bootstrap environment: laptop:admin/lp1782922-bionic DEBUG:deployer.env:Connecting to laptop:admin/lp1782922-bionic... DEBUG:jujuclient.connector:Connecting to wss://10.5.0.7:17070/model/9869a39e-c6c2-4ecd-8e7d-e5736d15ca51/api DEBUG:deployer.env:Connected. DEBUG:deployer.env: Terminating machines forcefully INFO:deployer.env: Waiting for machine termination DEBUG:jujuclient.connector:Connecting to wss://10.5.0.7:17070/model/9869a39e-c6c2-4ecd-8e7d-e5736d15ca51/api DEBUG:root:Waiting for applications to be removed... DEBUG:runner:call ['/home/freyes/Projects/charms/openstack/builds/keystone-ldap/.tox/func-smoke/bin/charm-proof'] (cwd: /tmp/bundletester-AmwJen/keystone-ldap) DEBUG:runner:I: `display-name` not provided, add for custom naming in the UI DEBUG:runner:I: config.yaml: option ssl_key has no default value DEBUG:runner:I: config.yaml: option ssl_cert has no default value DEBUG:runner:I: config.yaml: option ldap-user has no default value DEBUG:runner:I: config.yaml: option ldap-server has no default value DEBUG:runner:I: config.yaml: option ssl_ca has no default value DEBUG:runner:I: config.yaml: option ldap-password has no default value DEBUG:runner:I: config.yaml: option domain-name has no default
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
This bug was fixed in the package keystone - 2:14.1.0-0ubuntu1.1~cloud1 --- keystone (2:14.1.0-0ubuntu1.1~cloud1) bionic-rocky; urgency=medium . * d/p/000*-fixing-dn-to-id.patch: Fix LDAP backend's dn_to_id function for cases were id is not in the DN (LP: #1782922). ** Changed in: cloud-archive/rocky Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
This bug was fixed in the package keystone - 2:15.0.0-0ubuntu1.2~cloud0 --- keystone (2:15.0.0-0ubuntu1.2~cloud0) bionic-stein; urgency=medium . * New update for the Ubuntu Cloud Archive. . keystone (2:15.0.0-0ubuntu1.2) disco; urgency=medium . * d/p/000*-fixing-dn-to-id.patch: Fix LDAP backend's dn_to_id function for cases were id is not in the DN (LP: #1782922). ** Changed in: cloud-archive/stein Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
This bug was fixed in the package keystone - 2:15.0.0-0ubuntu1.2 --- keystone (2:15.0.0-0ubuntu1.2) disco; urgency=medium * d/p/000*-fixing-dn-to-id.patch: Fix LDAP backend's dn_to_id function for cases were id is not in the DN (LP: #1782922). -- Corey Bryant Wed, 18 Sep 2019 11:08:09 +0200 ** Changed in: keystone (Ubuntu Disco) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
This has been tested successfully on disco-proposed, stein-proposed, and rocky-proposed using the steps in https://bugs.launchpad.net/keystone/+bug/1782922/comments/28. Note: The current package version in bionic-proposed (keystone 2:13.0.2-0ubuntu2) has a regression that is being fixed via https://bugs.launchpad.net/bugs/1850634. ** Tags removed: verification-needed-bionic verification-rocky-needed verification-stein-needed ** Tags added: verification-failed-bionic verification-rocky-done verification-stein-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Please see the attached document for testing details. ** Attachment removed: "bug-1782922-testing.txt" https://bugs.launchpad.net/keystone/+bug/1782922/+attachment/5301241/+files/bug-1782922-testing.txt ** Attachment added: "bug-1782922-testing.txt" https://bugs.launchpad.net/keystone/+bug/1782922/+attachment/5301394/+files/bug-1782922-testing.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Please see the attached document for testing details. ** Attachment added: "bug-1782922-testing.txt" https://bugs.launchpad.net/keystone/+bug/1782922/+attachment/5301395/+files/bug-1782922-testing.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Here's what I tested with ** Attachment removed: "bug-1782922-initial-testing-details.txt" https://bugs.launchpad.net/keystone/+bug/1782922/+attachment/5271834/+files/bug-1782922-initial-testing-details.txt ** Attachment added: "bug-1782922-testing.txt" https://bugs.launchpad.net/keystone/+bug/1782922/+attachment/5301241/+files/bug-1782922-testing.txt ** Description changed: [Impact] When using the keystone LDAP backend, changing user_id_attribute breaks group mapping. This is because the _dn_to_id() method only calculated the uid to be the first RDN of the DN. _dn_to_id() is updated in the fix to also deal with the case where the uid is set to a different attribute. [Test Case] - See details in comment #5: https://bugs.launchpad.net/keystone/+bug/1782922/comments/5 + See details in comment #25: https://bugs.launchpad.net/keystone/+bug/1782922/comments/25 [Regression Potential] The patch takes a minimal approach to the fix and includes unit tests to help ensure the patched code doesn't regress. The patches have landed in all upstream releases back to stable/queens which helps get even more exposure with upstream reviews, gate testing and real deployments. [Original Description] Env Details: Openstack version: Queens (17.0.5) OS: CentOS 7.5 LDAP: Active Directory, Windows Server 2012R2 We changed the user_id_attribute to sAMAccountName when configuring keystone. [ user_id_attribute = "sAMAccountName" ; group_members_are_ids = False ]. Unfortunately this bricks the group mapping logic in keystone. The relevant code in keystone: `list_users_in_group` [1] -> gets all groups from the LDAP server, and then calls `_transform_group_member_ids`. `_transform_group_member_ids` tries to match the user ids (for posixGroups e.g.) or the DN. However DN matching does not match the full DN. It rather takes the first RDN of the DN and computes the keystone user id [2]. The first RDN in Active Directory is the "CN". While the user-create part honors the user_id_attribute and takes "sAMAccountName" in our configuration. The generated user-ids in keystone now do not match anymore and hence group mapping is broken. A fix could be looking up the user by the DN received from the 'member' attribute of a given group and compare the configured 'user_id_attribute' of the received ldap user id and the in keystone stored user id. A quick fix could also be to mention that behavior in the documentation. /e: related https://bugs.launchpad.net/keystone/+bug/1231488/comments/19 [1] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L1285 [2] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/core.py#L126 [3] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L1296 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Disco-proposed testing was successful following steps listed in https://bugs.launchpad.net/keystone/+bug/1782922/comments/25. ** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Verified successfully with testing details listed in https://bugs.launchpad.net/keystone/+bug/1782922/comments/25. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Hello Jakob, or anyone else affected, Accepted keystone into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/keystone/2:13.0.2-0ubuntu2 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: keystone (Ubuntu Bionic) Status: Triaged => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Hello Corey, I was trying to verify the SRU that it's in disco-proposed without success. IIUC, the commands "openstack user list" and "openstack group list" should fail when the package installed is 2:15.0.0-0ubuntu1.1 , here is the output of my terminal, could you help me understand if I'm doing something wrong? $ juju add-model lp1782922 && sleep 5 && tox -e func-smoke Added 'lp1782922' model on stsstack/stsstack with credential 'laptop' for user 'laptop' func-smoke installed: DEPRECATION: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support,amulet==1.21.0,aodhclient==1.3.0,appdirs==1.4.3,Babel==2.7.0,backports.os==0.1.1,blessings==1.6,bundletester==0.12.2,certifi==2019.9.11,cffi==1.13.1,chardet==3.0.4,charm-tools==2.7.2,charmhelpers==0.20.4,Cheetah3==3.2.4,cliff==2.16.0,cmd2==0.8.9,colander==1.7.0,configparser==4.0.2,contextlib2==0.6.0.post1,coverage==4.5.4,cryptography==2.8,debtcollector==1.22.0,decorator==4.4.0,dict2colander==0.2,distro==1.4.0,distro-info==0.0.0,dogpile.cache==0.8.0,entrypoints==0.3,enum34==1.1.6,extras==1.0.0,fasteners==0.15,fixtures==3.0.0,flake8==2.4.1,funcsigs==1.0.2,functools32==3.2.3.post2,future==0.18.1,futures==3.3.0,futurist==1.9.0,gnocchiclient==3.1.1,httplib2==0.14.0,idna==2.8,importlib-metadata==0.23,ipaddress==1.0.23,iso8601==0.1.12,Jinja2==2.10.3,jmespath==0.9.4,jsonpatch==1.24,jsonpointer==2.0,jsonschema==2.5.1,juju-deployer==0.11.0,juju-wait==2.5.0,jujubundlelib==0.5.6,jujuclient==0.54.0,keyring==18.0.1,keystoneauth1==3.18.0,launchpadlib==1.10.7,lazr.authentication==0.1.3,lazr.restfulclient==0.14.2,lazr.uri==1.0.3,libcharmstore==0.0.9,linecache2==1.0.0,macaroonbakery==1.2.3,MarkupSafe==1.1.1,mccabe==0.3.1,mock==3.0.5,monotonic==1.5,more-itertools==5.0.0,msgpack==0.6.2,munch==2.3.2,netaddr==0.7.19,netifaces==0.10.9,nose==1.3.7,oauth==1.0.1,oauthlib==3.1.0,openstacksdk==0.36.0,os-client-config==1.33.0,os-service-types==1.7.0,osc-lib==1.14.1,oslo.concurrency==3.30.0,oslo.config==6.11.1,oslo.context==2.23.0,oslo.i18n==3.24.0,oslo.log==3.44.1,oslo.serialization==2.29.2,oslo.utils==3.41.2,osprofiler==2.8.2,otherstuf==1.1.0,parse==1.12.1,path.py==11.5.2,pathlib2==2.3.5,pathspec==0.3.4,pbr==5.4.3,pep8==1.7.1,pika==0.13.1,pkg-resources==0.0.0,prettytable==0.7.2,protobuf==3.10.0,pycparser==2.19,pyflakes==0.8.1,pyinotify==0.9.6,pymacaroons==0.13.0,PyNaCl==1.3.0,pyOpenSSL==19.0.0,pyparsing==2.4.2,pyperclip==1.7.0,pyRFC3339==1.1,python-barbicanclient==4.9.0,python-ceilometerclient==2.9.0,python-cinderclient==4.3.0,python-dateutil==2.8.0,python-designateclient==3.0.0,python-glanceclient==2.17.0,python-heatclient==1.18.0,python-keystoneclient==3.22.0,python-manilaclient==1.29.0,python-mimeparse==1.6.0,python-neutronclient==6.14.0,python-novaclient==16.0.0,python-openstackclient==4.0.0,python-subunit==1.3.0,python-swiftclient==3.8.1,pytz==2019.3,pyudev==0.21.0,PyYAML==3.13,requests==2.22.0,requestsexceptions==1.4.0,rfc3986==1.3.2,ruamel.ordereddict==0.4.14,ruamel.yaml==0.15.100,scandir==1.10.0,SecretStorage==2.3.1,simplejson==3.16.0,six==1.12.0,stestr==2.5.1,stevedore==1.31.0,stuf==0.9.16,subprocess32==3.5.4,Tempita==0.5.2,testresources==2.0.1,testtools==2.3.0,theblues==0.5.2,traceback2==1.4.0,translationstring==1.3,unicodecsv==0.14.1,unittest2==1.1.0,urllib3==1.25.6,vergit==1.0.2,virtualenv==16.7.7,voluptuous==0.11.7,wadllib==1.3.3,warlock==1.3.3,wcwidth==0.1.7,WebOb==1.8.5,websocket-client==0.40.0,wrapt==1.11.2,wsgi-intercept==1.9.0,zipp==0.6.0,zope.interface==4.6.0 func-smoke run-test-pre: PYTHONHASHSEED='0' func-smoke runtests: commands[0] | bundletester -vl DEBUG -r json -o func-results.json dev-basic-disco-stein --no-destroy DEBUG:bundletester.utils:Updating JUJU_MODEL: "" -> "stsstack-stsstack:laptop/lp1782922" DEBUG:root:Bootstrap environment: stsstack-stsstack:laptop/lp1782922 DEBUG:deployer.env:Connecting to stsstack-stsstack:laptop/lp1782922... DEBUG:jujuclient.connector:Connecting to wss://10.5.0.5:17070/model/e7ab1a55-5cb4-4787-827f-72c414ce7443/api DEBUG:deployer.env:Connected. DEBUG:deployer.env: Terminating machines forcefully INFO:deployer.env: Waiting for machine termination DEBUG:jujuclient.connector:Connecting to wss://10.5.0.5:17070/model/e7ab1a55-5cb4-4787-827f-72c414ce7443/api DEBUG:root:Waiting for applications to be removed... DEBUG:runner:call ['/home/freyes/Projects/charms/openstack/builds/keystone-ldap/.tox/func-smoke/bin/charm-proof'] (cwd: /tmp/bundletester-0AQeci/keystone-ldap) DEBUG:runner:I: `display-name` not provided, add for custom naming in the UI DEBUG:runner:I: config.yaml: option ssl_key has no default value DEBUG:runner:I: config.yaml: option ssl_cert has no default value DEBUG:runner:I: config.yaml: option ldap-user has no default value DEBUG:runner:
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
I see Corey added the template in bug comment #15, possibly because he does not have the powers to modify the bug description in this case? Anyway, I'll copy it over to the description field and accept. ** Description changed: + [Impact] + When using the keystone LDAP backend, changing user_id_attribute breaks group mapping. This is because the _dn_to_id() method only calculated the uid to be the first RDN of the DN. _dn_to_id() is updated in the fix to also deal with the case where the uid is set to a different attribute. + + [Test Case] + See details in comment #5: https://bugs.launchpad.net/keystone/+bug/1782922/comments/5 + + [Regression Potential] + The patch takes a minimal approach to the fix and includes unit tests to help ensure the patched code doesn't regress. The patches have landed in all upstream releases back to stable/queens which helps get even more exposure with upstream reviews, gate testing and real deployments. + + [Original Description] + Env Details: Openstack version: Queens (17.0.5) OS: CentOS 7.5 LDAP: Active Directory, Windows Server 2012R2 We changed the user_id_attribute to sAMAccountName when configuring keystone. [ user_id_attribute = "sAMAccountName" ; group_members_are_ids = False ]. Unfortunately this bricks the group mapping logic in keystone. The relevant code in keystone: `list_users_in_group` [1] -> gets all groups from the LDAP server, and then calls `_transform_group_member_ids`. `_transform_group_member_ids` tries to match the user ids (for posixGroups e.g.) or the DN. However DN matching does not match the full DN. It rather takes the first RDN of the DN and computes the keystone user id [2]. The first RDN in Active Directory is the "CN". While the user-create part honors the user_id_attribute and takes "sAMAccountName" in our configuration. The generated user-ids in keystone now do not match anymore and hence group mapping is broken. A fix could be looking up the user by the DN received from the 'member' attribute of a given group and compare the configured 'user_id_attribute' of the received ldap user id and the in keystone stored user id. A quick fix could also be to mention that behavior in the documentation. /e: related https://bugs.launchpad.net/keystone/+bug/1231488/comments/19 [1] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L1285 [2] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/core.py#L126 [3] https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L1296 ** Changed in: keystone (Ubuntu Disco) Status: Incomplete => Fix Committed ** Tags added: verification-needed verification-needed-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
(It should be possible to confirm from a log that this newly added test did in fact run.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
The SRU diff looks good, but the SRU template is missing. Since I see that a new test is added as part of the patch, for test case I'll accept an answer that the tests are run either at build time or via autopkgtest. ** Changed in: keystone (Ubuntu Disco) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Ubuntu SRU Details: [Impact] When using the keystone LDAP backend, changing user_id_attribute breaks group mapping. This is because the _dn_to_id() method only calculated the uid to be the first RDN of the DN. _dn_to_id() is updated in the fix to also deal with the case where the uid is set to a different attribute. [Test Case] See details in comment #5: https://bugs.launchpad.net/keystone/+bug/1782922/comments/5 [Regression Potential] The patch takes a minimal approach to the fix and includes unit tests to help ensure the patched code doesn't regress. The patches have landed in all upstream releases back to stable/queens which helps get even more exposure with upstream reviews, gate testing and real deployments. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Cosmic is EOL. will fix direction in Rocky cloud archive ** Changed in: keystone (Ubuntu Cosmic) Status: Triaged => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
For Ubuntu, a new package version including this fix has been uploaded to the following: * eoan (and train cloud archive) - https://launchpad.net/ubuntu/+source/keystone * disco unapproved queue - https://launchpad.net/ubuntu/disco/+queue?queue_state=1&queue_text=keystone * rocky-staging (cosmic is EOL) - https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/rocky-staging/+packages?field.name_filter=keystone&field.status_filter=published&field.series_filter= * bionic unapproved queue - https://launchpad.net/ubuntu/bionic/+queue?queue_state=1&queue_text=keystone ** Changed in: keystone (Ubuntu Eoan) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
** Changed in: cloud-archive/stein Status: Fix Committed => New ** Changed in: cloud-archive/stein Status: New => Triaged ** Changed in: cloud-archive/rocky Status: Fix Committed => Triaged ** Changed in: cloud-archive/queens Status: Fix Committed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
** Changed in: cloud-archive/train Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
** Tags added: sts-sru-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Reviewed: https://review.opendev.org/674030 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=9d9451e13c8e7a1835d721be7b8a4a5c6dff2b95 Submitter: Zuul Branch:stable/queens commit 9d9451e13c8e7a1835d721be7b8a4a5c6dff2b95 Author: Raildo Mascena Date: Mon Apr 1 16:48:07 2019 -0300 Fixing dn_to_id function for cases were id is not in the DN The more common scenario to return the uid as part of the RDN in a DN, However, it's a valid case to not have the uid in the RDN, so we need to search in the LDAP based on the DN and return the uid in the entire object. Also, we do not support multivalued attribute id on DN, so the test case covering this case, it was adjusted for raise NotFound. Closes-Bug: 1782922 Change-Id: I87a3bfa94b5907ce4c6b4eb8e124ec948b390bf2 (cherry picked from commit a1dc21f3d34ae34bc6a5c9acebc0eb752495ae7a) ** Changed in: cloud-archive/queens Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Reviewed: https://review.opendev.org/672350 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=909cc9fa8380a03dfdb808db7fb863400fa36054 Submitter: Zuul Branch:stable/stein commit 909cc9fa8380a03dfdb808db7fb863400fa36054 Author: Raildo Mascena Date: Mon Apr 1 16:48:07 2019 -0300 Fixing dn_to_id function for cases were id is not in the DN The more common scenario to return the uid as part of the RDN in a DN, However, it's a valid case to not have the uid in the RDN, so we need to search in the LDAP based on the DN and return the uid in the entire object. Also, we do not support multivalued attribute id on DN, so the test case covering this case, it was adjusted for raise NotFound. Closes-Bug: 1782922 Change-Id: I87a3bfa94b5907ce4c6b4eb8e124ec948b390bf2 (cherry picked from commit a1dc21f3d34ae34bc6a5c9acebc0eb752495ae7a) ** Changed in: cloud-archive/stein Status: Triaged => Fix Committed ** Changed in: cloud-archive/rocky Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Note that the patch that was merged had a bug which is being fixed in https://review.opendev.org/#/c/672519/ so both patches will need to be merged and backported. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Subscribing field-high which wasn't carried over from the other duplicate bug https://bugs.launchpad.net/keystone/+bug/1832766 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Reviewed: https://review.opendev.org/649177 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=a1dc21f3d34ae34bc6a5c9acebc0eb752495ae7a Submitter: Zuul Branch:master commit a1dc21f3d34ae34bc6a5c9acebc0eb752495ae7a Author: Raildo Mascena Date: Mon Apr 1 16:48:07 2019 -0300 Fixing dn_to_id function for cases were id is not in the DN The more common scenario to return the uid as part of the RDN in a DN, However, it's a valid case to not have the uid in the RDN, so we need to search in the LDAP based on the DN and return the uid in the entire object. Also, we do not support multivalued attribute id on DN, so the test case covering this case, it was adjusted for raise NotFound. Closes-Bug: 1782922 Change-Id: I87a3bfa94b5907ce4c6b4eb8e124ec948b390bf2 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
** Changed in: keystone Assignee: Corey Bryant (corey.bryant) => Guang Yee (guang-yee) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
Here's what I'm currently testing with. Deployment-wise it's openstack charms specific but the other details should be meaningful to others. ** Attachment added: "bug-1782922-initial-testing-details.txt" https://bugs.launchpad.net/keystone/+bug/1782922/+attachment/5271834/+files/bug-1782922-initial-testing-details.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1782922] Re: LDAP: changing user_id_attribute bricks group mapping
** Also affects: keystone (Ubuntu) Importance: Undecided Status: New ** Changed in: keystone (Ubuntu) Status: New => Triaged ** Changed in: keystone (Ubuntu) Importance: Undecided => Medium ** Also affects: keystone (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: keystone (Ubuntu Eoan) Importance: Medium Status: Triaged ** Also affects: keystone (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: keystone (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: keystone (Ubuntu Bionic) Status: New => Triaged ** Changed in: keystone (Ubuntu Cosmic) Status: New => Triaged ** Changed in: keystone (Ubuntu Disco) Status: New => Triaged ** Changed in: keystone (Ubuntu Cosmic) Importance: Undecided => Medium ** Changed in: keystone (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: keystone (Ubuntu Disco) Importance: Undecided => Medium ** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/stein Importance: Undecided Status: New ** Also affects: cloud-archive/queens Importance: Undecided Status: New ** Also affects: cloud-archive/train Importance: Undecided Status: New ** Also affects: cloud-archive/rocky Importance: Undecided Status: New ** Changed in: cloud-archive/queens Importance: Undecided => Medium ** Changed in: cloud-archive/queens Status: New => Triaged ** Changed in: cloud-archive/rocky Importance: Undecided => Medium ** Changed in: cloud-archive/rocky Status: New => Triaged ** Changed in: cloud-archive/stein Importance: Undecided => Medium ** Changed in: cloud-archive/stein Status: New => Triaged ** Changed in: cloud-archive/train Importance: Undecided => Medium ** Changed in: cloud-archive/train Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782922 Title: LDAP: changing user_id_attribute bricks group mapping To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1782922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
