[Expired for OpenStack Identity (keystone) because there has been no
activity for 60 days.]
** Changed in: keystone
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1394083
Title:
ldap user_filter is not honored while authenticating
Status in OpenStack Identity (keystone):
Expired
Bug description:
When full LDAP logging is enabled, we can see that the inital LDAP
search query does not use the user_filter while it tries to find the
user DN from the LDAP.
This causes authentication to fail if we have two users with same name
in the LDAP in the same tree but with different ids. We use memberOf
filter to limit which users are seen by Keystone.
I traced the issue to keystone/common/ldap/core.py method get_by_name
which only seems to filter by user name ignoring the filter set in the
configuration.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1394083/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
