*** This bug is a duplicate of bug 1662762 ***
https://bugs.launchpad.net/bugs/1662762
The fix for this was merged to master and was backported to ocata.
** This bug has been marked a duplicate of bug 1662762
Authentication for LDAP user fails at MFA rule check
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1672425
Title:
No 'options' attribute in user_ref when using LDAP identity backend
Status in OpenStack Identity (keystone):
In Progress
Bug description:
While testing the ocata codebase, it seems that the addition of the
multifactor auth in core, breaks our LDAP identity backend.
We are getting an exception while loading the user to check if it has
MFA enabled or not. The LDAP identity driver does not provide a
options attribute for the user and then it throws an exception in this
specific line
(https://github.com/openstack/keystone/blob/8ff15d3e0fc2cf1bdfb202c54a6816a9676119fe/keystone/auth/core.py#L377)
For giving some context, these are the 2 lines concerned
(keystone/auth/core.py)
376: user_ref = self.identity_api.get_user(user_id)
377: mfa_rules = user_ref['options'].get(ro.MFA_RULES_OPT.option_name,
[])
The first one loads the user from the identity driver and the 2nd one
uses an attribute that does not exist in LDAP implementation, so it
throws an exception
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1672425/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
