** Changed in: keystone/kilo
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1468000
Title:
Group lookup by name in LDAP via v3 fails
Status in OpenStack Identity (keystone):
Fix Released
Status in OpenStack Identity (keystone) kilo series:
Fix Released
Bug description:
This bug is similar to
https://bugs.launchpad.net/keystone/+bug/1454309 but relates to
groups. When issuing an "openstack group show <group_name>" command on
a domain associated with LDAP, invalid LDAP query is composed and
Keystone returns ISE 500:
$ openstack --os-token ADMIN --os-url http://localhost:35357/v3
--os-identity-api-version 3 group show --domain ad 'Domain Admins'
ERROR: openstack An unexpected error prevented the server from fulfilling
your request: {'desc': 'Bad search filter'} (Disable debug mode to suppress
these details.) (HTTP 500) (Request-ID:
req-06fd5907-6ade-4872-95ab-e66f0809986a)
Here's the log:
2015-06-23 15:59:41.627 8571 DEBUG keystone.common.ldap.core [-] LDAP search:
base=CN=Users,DC=dept,DC=example,DC=org scope=2
filterstr=(&(&None(sAMAccountName=Domain Admins))(objectClass=group))
attrs=['cn', 'sAMAccountName', 'description'] attrsonly=0 search_s
/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py:933
2015-06-23 15:59:41.628 8571 DEBUG keystone.common.ldap.core [-] LDAP unbind
unbind_s
/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py:906
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi [-] {'desc': 'Bad
search filter'}
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi Traceback (most
recent call last):
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/wsgi.py",
line 240, in __call__
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi result =
method(context, **params)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/controller.py",
line 202, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self,
context, filters, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/controllers.py",
line 310, in list_groups
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi hints=hints)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/manager.py",
line 54, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self,
*args, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py",
line 342, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self,
*args, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py",
line 353, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return f(self,
*args, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/core.py",
line 1003, in list_groups
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi ref_list =
driver.list_groups(hints)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/backends/ldap.py",
line 164, in list_groups
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return
self.group.get_all_filtered(hints)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/identity/backends/ldap.py",
line 402, in get_all_filtered
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi for group in
self.get_all(query)]
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
line 1507, in get_all
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi for x in
self._ldap_get_all(ldap_filter)]
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
line 1469, in _ldap_get_all
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
line 946, in search_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrlist_utf8,
attrsonly)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
line 642, in wrapper
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return func(self,
conn, *args, **kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/keystone/common/ldap/core.py",
line 772, in search_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi attrsonly)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py",
line 559, in search_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py",
line 920, in search_ext_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return
self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py",
line 862, in _apply_method_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi return
func(self,*args,**kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py",
line 552, in search_ext_s
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi msgid =
self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py",
line 548, in search_ext
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi timeout,sizelimit,
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi File
"/home/vagrant/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py",
line 106, in _ldap_call
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi result =
func(*args,**kwargs)
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi FILTER_ERROR:
{'desc': 'Bad search filter'}
2015-06-23 15:59:41.628 8571 ERROR keystone.common.wsgi
2015-06-23 15:59:41.650 8571 INFO eventlet.wsgi.server [-] 127.0.0.1 - -
[23/Jun/2015 15:59:41] "GET
/v3/groups?domain_id=a225c3b5b4af44a2964b7f941538bc45&name=Domain+Admins
HTTP/1.1" 500 459 0.104950
Bug is reproduced on current keystone master (Liberty).
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1468000/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
