Public bug reported: I am using OpenStack with a Windows Active Directory Server, such that the [LDAP] chase referrals attribute is set to True. The LDAP search flow reaches the convert_ldap_result(ldap_result) function inside https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py and the search returns one or more referrals as well. The flow logs the below:
https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L180-L182 if at_least_one_referral: LOG.debug('Referrals were returned and ignored. Enable referral ' 'chasing in keystone.conf via [ldap] chase_referrals') In my case, the above statement does get logged but the log statement is either incorrect or misleading. There are 2 problems here >> 1. Why does the ldap search bother to search and return referrals if they are going to be ignored anyway? 2. The above message also leads us to believe that the referrals were ignored because the value of chase referrals was False, which is clearly not the case here. ** Affects: keystone Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1800077 Title: LDAP Referrals were returned and ignored Status in OpenStack Identity (keystone): New Bug description: I am using OpenStack with a Windows Active Directory Server, such that the [LDAP] chase referrals attribute is set to True. The LDAP search flow reaches the convert_ldap_result(ldap_result) function inside https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py and the search returns one or more referrals as well. The flow logs the below: https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L180-L182 if at_least_one_referral: LOG.debug('Referrals were returned and ignored. Enable referral ' 'chasing in keystone.conf via [ldap] chase_referrals') In my case, the above statement does get logged but the log statement is either incorrect or misleading. There are 2 problems here >> 1. Why does the ldap search bother to search and return referrals if they are going to be ignored anyway? 2. The above message also leads us to believe that the referrals were ignored because the value of chase referrals was False, which is clearly not the case here. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1800077/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
