This bug was fixed in the package keystone - 2:13.0.2-0ubuntu3
---------------
keystone (2:13.0.2-0ubuntu3) bionic; urgency=medium
* d/p/0002-fixing-dn-to-id.patch: Dropped. This patch shouldn't have
been backported to stable/queens (LP: #1850634).
-- Corey Bryant <[email protected]> Wed, 30 Oct 2019 08:55:58
-0400
** Changed in: keystone (Ubuntu Bionic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1850634
Title:
queens regresion: _dn_to_id() not using utf8_encode/decode
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive queens series:
Fix Committed
Status in OpenStack Identity (keystone):
Triaged
Status in keystone package in Ubuntu:
Invalid
Status in keystone source package in Bionic:
Fix Released
Bug description:
[Impact]
There's a regression in the LDAP common backend code due to a recent
stable/queens backport that shouldn't have been backported past
stable/rocky. It was backported as part of the fixes for
https://bugs.launchpad.net/bugs/1782922.
The following patch shouldn't have been backported to stable/queens:
https://review.opendev.org/#/c/672519/
The reason why is because the following patch, which switched to
bytes_mode=False, doesn't exist in stable/queens:
https://review.opendev.org/#/c/613648/
In particular see the changes to _dn_to_id() in
https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.
Those changes didn't happen in stable/queens so _dn_to_id should still
be UTF-8 encoding/decoding the appropriate fields. In other words it
should still be using the following in stable/queens:
if self.id_attr == utf8_decode(
ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])
[Test Case]
See test case in https://bugs.launchpad.net/bugs/1782922.
[Regression Potential]
The code that will be fixed for this bug (ie. the code in the if statement)
is being reverted to what it used to be prior to the bug fix for
https://bugs.launchpad.net/bugs/1782922. Prior to 1782922, _dn_to_id() used to
only consist of the code that is in the if statment, so the regression
potential is very low. Code will be tested to minimize regression potential and
patch has been submitted upstream.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1850634/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
