** Changed in: keystone/juno
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1241134
Title:
Using LDAP with enabled ignored, no error when attempt to change
Status in OpenStack Identity (Keystone):
Fix Released
Status in Keystone juno series:
Fix Released
Bug description:
When the Keystone server is configured to use LDAP as the identity backend
and 'enabled' is in user_attribute_ignore and then the user is disabled (for
example with keystone user-update --enabled false), the server returns
successful and the command doesn't report an error even though the user remains
enabled.
The server should report an error like 403 Forbidden or 501 Not
Implemented if the user tries to change the enabled attribute and it's
ignored.
This would improve security since the way it is now Keystone gives the
impression that the user has been disabled even when they have not
been.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1241134/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
