[Yahoo-eng-team] [Bug 1468000] Re: Group lookup by name in LDAP via v3 fails

Fri, 24 Jul 2015 08:47:14 -0700 

** Also affects: keystone/kilo
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1468000

Title:
  Group lookup by name in LDAP via v3 fails

Status in Keystone:
  Fix Committed
Status in Keystone kilo series:
  New

Bug description:
  This bug is similar to
  https://bugs.launchpad.net/keystone/+bug/1454309 but relates to
  groups. When issuing an "openstack group show <group_name>" command on
  a domain associated with LDAP, invalid LDAP query is composed and
  Keystone returns ISE 500:

  $ openstack --os-token ADMIN --os-url http://localhost:35357/v3 
--os-identity-api-version 3 group show --domain ad 'Domain Admins'
  ERROR: openstack An unexpected error prevented the server from fulfilling 
your request: {'desc': 'Bad search filter'} (Disable debug mode to suppress 
these details.) (HTTP 500) (Request-ID: 
req-06fd5907-6ade-4872-95ab-e66f0809986a)

  Here's the log:

  2015-06-23 15:59:41.627 8571 DEBUG keystone.common.ldap.core [-] LDAP search: 
base=CN=Users,DC=dept,DC=example,DC=org scope=2 
filterstr=(&(&None(sAMAccountName=Domain Admins))(objectClass=group)) 
attrs=['cn', 'sAMAccountName', 'description'] attrsonly=0 search_s 
/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py:933
  2015-06-23 15:59:41.628 8571 DEBUG keystone.common.ldap.core [-] LDAP unbind 
unbind_s 
/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py:906
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi [-] {'desc': 'Bad 
search filter'}
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi Traceback (most 
recent call last):
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/wsgi.py",
 line 240, in __call__
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     result = 
method(context, **params)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/controller.py",
 line 202, in wrapper
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return f(self, 
context, filters, **kwargs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/controllers.py",
 line 310, in list_groups
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     hints=hints)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/manager.py",
 line 54, in wrapper
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return f(self, 
*args, **kwargs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py",
 line 342, in wrapper
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return f(self, 
*args, **kwargs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py",
 line 353, in wrapper
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return f(self, 
*args, **kwargs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py",
 line 1003, in list_groups
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     ref_list = 
driver.list_groups(hints)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/backends/ldap.py",
 line 164, in list_groups
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return 
self.group.get_all_filtered(hints)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/backends/ldap.py",
 line 402, in get_all_filtered
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     for group in 
self.get_all(query)]
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
 line 1507, in get_all
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     for x in 
self._ldap_get_all(ldap_filter)]
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
 line 1469, in _ldap_get_all
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     attrs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
 line 946, in search_s
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     attrlist_utf8, 
attrsonly)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
 line 642, in wrapper
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return func(self, 
conn, *args, **kwargs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
 line 772, in search_s
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     attrsonly)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", 
line 559, in search_s
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return 
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", 
line 920, in search_ext_s
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return 
self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", 
line 862, in _apply_method_s
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     return 
func(self,*args,**kwargs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", 
line 552, in search_ext_s
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     msgid = 
self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", 
line 548, in search_ext
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     timeout,sizelimit,
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi   File 
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", 
line 106, in _ldap_call
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi     result = 
func(*args,**kwargs)
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi FILTER_ERROR: 
{'desc': 'Bad search filter'}
  2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi 
  2015-06-23 15:59:41.650 8571 INFO eventlet.wsgi.server [-] 127.0.0.1 - - 
[23/Jun/2015 15:59:41] "GET 
/v3/groups?domain_id=a225c3b5b4af44a2964b7f941538bc45&name=Domain+Admins 
HTTP/1.1" 500 459 0.104950

  Bug is reproduced on current keystone master (Liberty).

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1468000/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to