** Also affects: keystone/kilo
Importance: Undecided
Status: New
** Changed in: keystone/kilo
Importance: Undecided => High
** Changed in: keystone/kilo
Assignee: (unassigned) => Dolph Mathews (dolph)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1454309
Title:
Keystone v3 user/tenant lookup by name via OpenStack CLI client fails
Status in Keystone:
Fix Released
Status in Keystone kilo series:
In Progress
Bug description:
When using the openstack CLI client to look up users/tenants by name
(e.g., openstack user show admin or openstack openstack project show
AdminTenant), it fails with a 500 and the following traceback:
2015-05-12 09:27:22.483530 2015-05-12 09:27:22.483 31012 DEBUG
keystone.common.ldap.core [-] LDAP search: base=ou=People,dc=local,dc=lan
scope=2 filterstr=(&(&None(sn=admin))(objectClass=inetOrgPerson)) attrs=['cn',
'userPassword', 'enabled', 'sn', 'mail'] attrsonly=0 search_s
/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:931
2015-05-12 09:27:22.483677 2015-05-12 09:27:22.483 31012 DEBUG
keystone.common.ldap.core [-] LDAP unbind unbind_s
/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py:904
2015-05-12 09:27:22.485831 2015-05-12 09:27:22.483 31012 ERROR
keystone.common.wsgi [-] {'desc': 'Bad search filter'}
2015-05-12 09:27:22.485874 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi Traceback (most recent call last):
2015-05-12 09:27:22.485881 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 239, in
__call__
2015-05-12 09:27:22.485885 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi result = method(context, **params)
2015-05-12 09:27:22.485897 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/common/controller.py", line 202, in
wrapper
2015-05-12 09:27:22.485901 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi return f(self, context, filters, **kwargs)
2015-05-12 09:27:22.485904 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/identity/controllers.py", line 223,
in list_users
2015-05-12 09:27:22.485908 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi hints=hints)
2015-05-12 09:27:22.485911 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/common/manager.py", line 52, in
wrapper
2015-05-12 09:27:22.485915 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi return f(self, *args, **kwargs)
2015-05-12 09:27:22.485919 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 342, in
wrapper
2015-05-12 09:27:22.485922 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi return f(self, *args, **kwargs)
2015-05-12 09:27:22.485926 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 353, in
wrapper
2015-05-12 09:27:22.485930 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi return f(self, *args, **kwargs)
2015-05-12 09:27:22.485933 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/identity/core.py", line 791, in
list_users
2015-05-12 09:27:22.485937 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi ref_list = driver.list_users(hints)
2015-05-12 09:27:22.485941 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line 82,
in list_users
2015-05-12 09:27:22.485944 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi return self.user.get_all_filtered(hints)
2015-05-12 09:27:22.485948 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/identity/backends/ldap.py", line
269, in get_all_filtered
2015-05-12 09:27:22.485951 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi return [self.filter_attributes(user) for user in
self.get_all(query)]
2015-05-12 09:27:22.485964 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1863, in
get_all
2015-05-12 09:27:22.485968 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi for x in self._ldap_get_all(ldap_filter)
2015-05-12 09:27:22.485972 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 1467, in
_ldap_get_all
2015-05-12 09:27:22.485975 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi attrs)
2015-05-12 09:27:22.485979 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 944, in
search_s
2015-05-12 09:27:22.485983 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi attrlist_utf8, attrsonly)
2015-05-12 09:27:22.485986 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/keystone/common/ldap/core.py", line 541, in
search_s
2015-05-12 09:27:22.485995 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi attrlist, attrsonly)
2015-05-12 09:27:22.485999 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 552, in search_s
2015-05-12 09:27:22.486002 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
2015-05-12 09:27:22.486009 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 545, in search_ext_s
2015-05-12 09:27:22.486013 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi msgid =
self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
2015-05-12 09:27:22.486017 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 541, in search_ext
2015-05-12 09:27:22.486036 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi timeout,sizelimit,
2015-05-12 09:27:22.486040 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi File
"/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 99, in _ldap_call
2015-05-12 09:27:22.486044 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi result = func(*args,**kwargs)
2015-05-12 09:27:22.486047 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi FILTER_ERROR: {'desc': 'Bad search filter'}
2015-05-12 09:27:22.486050 2015-05-12 09:27:22.483 31012 TRACE
keystone.common.wsgi
The LDAP filter string is being composed in a way that causes None to
be substituted in at one point:
(&(&None(sn=admin))(objectClass=inetOrgPerson))
I traced it through the code and found that the problem method is
keystone.common.ldap.core.BaseLdap.filter_query (line 1674 of
keystone/common/ldap/core.py on the stable/kilo branch). The method
argument query is None by default, which ends up being substituted
into the query string later on. Changing the default value of query to
an empty string causes things to function as expected.
(I am waiting on internal permission to contribute code, so I haven't
created a PR for this at this time.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1454309/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
