Reviewed: https://review.opendev.org/674782 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c7fae97d873f72068ca65538ec5b5919c0ac7d5a Submitter: Zuul Branch: master
commit c7fae97d873f72068ca65538ec5b5919c0ac7d5a Author: Radosław Piliszek <[email protected]> Date: Tue Aug 6 13:25:17 2019 +0200 Honor group_members_are_ids for user_enabled_emulation Applied when group config is to be honored (i.e. set user_enabled_emulation_use_group_config). Conditionals follow usage of group_members_are_ids. Added new test for the case with ids. It fails without fix. The original test expanded to ensure the change did not break its internals either. It passes without fix as well. Additionally some TODOs are added for observed potential issues. Change-Id: I7874a70e6109219baee80309c3a27f8af9905a6d Closes-Bug: #1839133 Signed-off-by: Radosław Piliszek <[email protected]> ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1839133 Title: LDAP: group_members_are_ids ignored for user_enabled_emulation_use_group_config Status in OpenStack Identity (keystone): Fix Released Bug description: This is re: http://lists.openstack.org/pipermail/openstack-discuss/2019-August/008210.html "[keystone] [stein] user_enabled_emulation config problem" I set: user_tree_dn = ou=Users,o=UCO user_objectclass = inetOrgPerson user_id_attribute = uid user_name_attribute = uid user_enabled_emulation = true user_enabled_emulation_dn = cn=Users,ou=Groups,o=UCO user_enabled_emulation_use_group_config = true group_tree_dn = ou=Groups,o=UCO group_objectclass = posixGroup group_id_attribute = cn group_name_attribute = cn group_member_attribute = memberUid group_members_are_ids = true Keystone properly lists members of the Users group but they all remain disabled. I ran keystone with debug and discovered that it looks for memberUid=<DN> instead of memberUid=<ID>, e.g. memberUid=uid=r.piliszek,ou=Users,o=UCO instead of memberUid=r.piliszek I will submit a proposal with my patch to gerrit but will require some assistance with creating a unit test that fails without patch and works with it. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1839133/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
