** Changed in: keystone Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1415271
Title: user_enabled_attribute string support is poor Status in OpenStack Identity (Keystone): Fix Released Status in Keystone juno series: In Progress Bug description: When attempting to authenticate with our ldap, we were running into trouble getting the right value to show up for the user's enabled attribute. The result from ldap was: [('uid=123456789,c=us,ou=our_ldap,o=ibm.com', {'mail': ['sh...@acme.com'], 'passwordisexpired': ['false'], 'uid': ['123456789']})] which is turned into: [(u'uid=123456789,c=us,ou=our_ldap,o=ibm.com', {'mail': [u'sh...@acme.com'], 'passwordisexpired': [u'false'], 'uid': [123456789]})] the _ldap_res_to_model function in ldap/core.py seems to be OK, but the same one at the identity backend for ldap seems to have a few bugs: the object before: {'email': u'sh...@acme.com', 'enabled': u'false', 'id': 123456789, 'name': u'sh...@acme.com'} the object after: {'dn': u'uid=123456789,c=us,ou=our_ldap,o=ibm.com', 'email': u'sh...@acme.com', 'enabled': False, 'id': 123456789, 'name': u'sh...@acme.com'} Note that the enabled field is still False, just a boolean now instead of string. Looks like at: https://github.com/openstack/keystone/blob/stable/juno/keystone/identity/backends/ldap.py#L223-L227 The check for if type(str) is insufficient, and calling lower, without the parentheses is pointless. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1415271/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp