During work on keystone it appeared that bug is only releated when
use_pool=True in keystone (default). It seams that #1798184 was partial
and may not work for pooled connections.
** Also affects: ldappool
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1862606
Title:
LDAP support broken if UTF8 characters in DN (python2)
Status in OpenStack Identity (keystone):
In Progress
Status in ldappool:
New
Bug description:
Bug is probably related with this one:
https://bugs.launchpad.net/keystone/+bug/1798184
https://bugs.launchpad.net/keystone/+bug/1820333
On keystone 14.1.0 (Rocky) it trows exception when there are UTF-8 encoded
characters on users's DN. We're using openldap. In our schema DN is
cn=first_name last_name,ou=employee,ou=users,dc=(...). In Poland names with
local, utf encoded leters are very common.
It looks like bug can be fixed by following change:
--- a/keystone/identity/backends/ldap/common.py
+++ b/keystone/identity/backends/ldap/common.py
@@ -177,7 +177,7 @@ def convert_ldap_result(ldap_result):
ldap_attrs[kind] = [val2py(x) for x in values]
except UnicodeDecodeError:
LOG.debug('Unable to decode value for attribute %s', kind)
- py_result.append((dn, ldap_attrs))
+ py_result.append((utf8_decode(dn), ldap_attrs))
if at_least_one_referral:
LOG.debug('Referrals were returned and ignored. Enable referral '
'chasing in keystone.conf via [ldap] chase_referrals')
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1862606/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
