Public bug reported: There's a regression in the LDAP common backend code due to a recent stable/queens backport that shouldn't have been backported past stable/rocky.
The following patch shouldn't have been backported to stable/queens: https://review.opendev.org/#/c/672519/ The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens: https://review.opendev.org/#/c/613648/ In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py. Those changes didn't happen in stable/queens so _dn_to_id should still be UTF-8 encoding/decoding the appropriate fields. In other words it should still be using the following in stable/queens: def _dn_to_id(self, dn): # Check if the naming attribute in the DN is the same as keystone's # configured 'id' attribute'. If so, extract the ID value from the DN if self.id_attr == utf8_decode( ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()): return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1]) ** Affects: keystone Importance: Undecided Status: New ** Affects: keystone (Ubuntu) Importance: Undecided Status: Invalid ** Affects: keystone (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1850634 Title: stable/queens regresion - _dn_to_id() should still be using utf8_encode/utf8_decode in queens Status in OpenStack Identity (keystone): New Status in keystone package in Ubuntu: Invalid Status in keystone source package in Bionic: New Bug description: There's a regression in the LDAP common backend code due to a recent stable/queens backport that shouldn't have been backported past stable/rocky. The following patch shouldn't have been backported to stable/queens: https://review.opendev.org/#/c/672519/ The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens: https://review.opendev.org/#/c/613648/ In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py. Those changes didn't happen in stable/queens so _dn_to_id should still be UTF-8 encoding/decoding the appropriate fields. In other words it should still be using the following in stable/queens: def _dn_to_id(self, dn): # Check if the naming attribute in the DN is the same as keystone's # configured 'id' attribute'. If so, extract the ID value from the DN if self.id_attr == utf8_decode( ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()): return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1]) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1850634/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
