Reviewed: https://review.openstack.org/611190 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=eca0829c4c65e6b64f08023ce2d5a55dc329248f Submitter: Zuul Branch: master
commit eca0829c4c65e6b64f08023ce2d5a55dc329248f Author: Corey Bryant <[email protected]> Date: Tue Oct 16 16:19:15 2018 -0400 PY3: switch to using unicode text values In Python 3, python-ldap no longer allows bytes for some fields (DNs, RDNs, attribute names, queries). Instead, text values are represented as str, the Unicode text type. Compatibility support is provided for Python 2 by setting bytes_mode=False [1]. Update the keystone LDAP backend to adhere to this behavior by using bytes_mode=False for Python 2 and dropping UTF-8 encoding and decoding fields that are now represented as text in python-ldap. [1] More details about byte/str usage in python-ldap can be found at: http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode Note that at a minimum python-ldappool 2.3.1 is required. For more details see Depends-On's below. Change-Id: Ifdd0644cd7042407a008c85c0b2c40a971c90bc3 Closes-Bug: #1798184 Depends-On: https://review.openstack.org/611401 Depends-On: https://review.openstack.org/613632 Depends-On: https://review.openstack.org/614052 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1798184 Title: PY3: python3-ldap does not allow bytes for DN/RDN/field names Status in OpenStack Identity (keystone): Fix Released Status in ldappool: New Bug description: Under Python 2, python-ldap uses bytes by default. Under Python 3 this is removed and bytes aren't allowed for DN/RDN/field names. More details are here: http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode and here: https://github.com/python-ldap/python-ldap/blob/python-ldap-3.1.0/Lib/ldap/ldapobject.py#L111 == initial traceback == Here's the initial traceback from the failure: https://paste.ubuntu.com/p/67THZb2m5m/ The last bit of the error is: File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 314, in _ldap_call result = func(*args,**kwargs) TypeError: simple_bind() argument 1 must be str or None, not bytes A closer look at func shows: func=<built-in method simple_bind of LDAP object at 0x7f9d0177b760> args=(b'cn=admin,dc=test,dc=com', b'crapper', None, None) == keystone ldap backend use of python-ldap == In simple_bind_s() of keystone's ldap backend, who and cred are encoded as byte strings: https://github.com/openstack/keystone/blob/14.0.0/keystone/identity/backends/ldap/common.py#L885 but that appears to no longer be valid use of python-ldap for py3. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1798184/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
