There's nothing to fix here. max_param_size if for any HTTP parameter, we set this to 64 to prevent a DOS attack.
UserIDs should not be greater than 64, IDs are not usually in the request payload but part of the URL, regardless any userID in keystone is 32 (if stored in SQL) or 64 (if we're shadowing an LDAP user). Now, Username is set to 255 since these values may come from LDAP and be rather large, thus we set it to 255. Additionally, we added validation for user create in this patch: https://review.openstack.org/#/c/348531/7 but as you can see from the comments in the schema for "_identity_name" we do not validate that it must be a specific size, since it could come from an LDAP backend, where we don't have any control over the length of the name. WONTFIX ** Changed in: keystone Status: In Progress => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1279750 Title: username validation 64 chars but can be 255 in database Status in OpenStack Identity (keystone): Won't Fix Bug description: Currently, username/password authentication mechanism has input length validation checker in keystone/token/controllers.py def _authenticate_local(self, context, auth): ... if user_id and len(user_id) > CONF.max_param_size: ... if len(username) > CONF.max_param_size: where by default, keystone.conf set max_param_size to 64 whereas in user db schema, user_id is 64 and username is 255. DB and frontend validation should be consistent in size. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1279750/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp