Public bug reported: Our LDAP lookup users in group logic assumes that the member attribute contains the user DN.
https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap.py#L168 However, this is not the case for posixGroup (RFC 2307) where the memberUid is really the uid of the user, not the DN. Similarly, when looking up groups for a user, we are assuming the member attribute contains the user DN https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap.py#L364 This is not the case for posixAccount where user group membership is done via uidNumber. In this case, we should first lookup the uidNumber, then use it to construct the LDAP query to lookup the groups for the user. ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1489105 Title: group membership lookup does not support posixGroup (RFC2307) Status in Keystone: New Bug description: Our LDAP lookup users in group logic assumes that the member attribute contains the user DN. https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap.py#L168 However, this is not the case for posixGroup (RFC 2307) where the memberUid is really the uid of the user, not the DN. Similarly, when looking up groups for a user, we are assuming the member attribute contains the user DN https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap.py#L364 This is not the case for posixAccount where user group membership is done via uidNumber. In this case, we should first lookup the uidNumber, then use it to construct the LDAP query to lookup the groups for the user. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1489105/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
