** Also affects: keystone/icehouse Importance: Undecided Status: New
** Also affects: keystone/kilo Importance: High Assignee: Steve Martinelli (stevemar) Status: In Progress ** Also affects: keystone/juno Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1396763 Title: user id beginning with 0 cannot authenticate through ldap Status in OpenStack Identity (Keystone): In Progress Status in Keystone icehouse series: New Status in Keystone juno series: New Status in Keystone kilo series: In Progress Bug description: In the case where the [ldap] user_id_attribute = uid Lets say a user attempts to authenticate with steve...@example.com, and the UID returned is 01234567. The following log entries show that the leading 0 is dropped: keystone.common.ldap.core [-] LDAP search: base=o=example.com scope=2 filterstr=(&(emailAddress=steve...@example.com)(objectClass=person)) attrs=['emailAddress', 'userPassword', 'enabled', 'uid'] attrsonly=0 search_s /opt/stack/keystone/keystone/common/ldap/core.py:926 keystone.common.ldap.core [-] LDAP unbind unbind_s /opt/stack/keystone/keystone/common/ldap/core.py:899 keystone.identity.core [-] ID Mapping - Domain ID: default, Default Driver: True, Domains: False, UUIDs: False, Compatible IDs: True _set_domain_id_and_mapping /opt/stack/keystone/keystone/identity/core.py:321 keystone.identity.core [-] Local ID: 1234567 _set_domain_id_and_mapping_for_single_ref /opt/stack/keystone/keystone/identity/core.py:339 keystone.common.ldap.core [-] LDAP init: use_tls=False tls_cacertfile=None tls_cacertdir=None tls_req_cert=2 tls_avail=1 _common_ldap_initialization /opt/stack/keystone/keystone/common/ldap/core.py:575 ** here is where the leading 0 is dropped ** keystone.common.ldap.core [-] LDAP search: base=o=example.com scope=2 filterstr=(&(uid=1234567)(objectClass=person)) attrs=['emailAddress', 'userPassword', 'enabled', 'uid'] attrsonly=0 search_s /opt/stack/keystone/keystone/common/ldap/core.py:926 keystone.common.ldap.core [-] LDAP unbind unbind_s /opt/stack/keystone/keystone/common/ldap/core.py:899 keystone.common.wsgi [-] Authorization failed. Invalid username or password (Disable debug mode to suppress these details.) The main code in question is the following in keystone.common.ldap.core.py https://github.com/openstack/keystone/blob/master/keystone/common/ldap/core.py#L110-L128 try: return LDAP_VALUES[val] except KeyError: pass try: return int(val) except ValueError: pass return utf8_decode(val) Where we attempt to convert all fields to int, and if it fails proceed to string. On a semi-related note: the PyCADF library explicitly expects user_ids to be strings, so I had to add str() to user_id in the _get_request_audit_info function, in notifications.py: initiator = resource.Resource(typeURI=taxonomy.ACCOUNT_USER, name=user_id, host=host) to initiator = resource.Resource(typeURI=taxonomy.ACCOUNT_USER, name=str(user_id), host=host) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1396763/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp