diff options
| author | Nathan Kinder <nkinder@redhat.com> | 2014-09-30 07:39:33 -0700 |
|---|---|---|
| committer | Nathan Kinder <nkinder@redhat.com> | 2014-09-30 20:07:44 -0700 |
| commit | eefa0feaf5aa933fb9cb6313eb58ad3b0cb501fc (patch) | |
| tree | 2ced92fd3f6a8a8132df5334a7a45dd7b448621a | |
| parent | 6778df0d8f5700c1e6d80f6605af25466d3a4c3e (diff) | |
| download | keystone-eefa0feaf5aa933fb9cb6313eb58ad3b0cb501fc.tar.gz | |
Fix parsing of emulated enabled DN
If a non-default emulated enabled DN is specified in configuration,
the DN structure returned from python-ldap is incorrectly converted
to a string. This leads to an index error when we attempt to extract
the RDN attribute and value.
This patch removes the incorrect string conversion and instead does
the proper conversion on the RDN strings that we extract.
Change-Id: I8f0c4594cfa9a41e1875870c3eb63fae32c8c041
Resolves-bug: #1375772
(cherry picked from commit 5380ddaadb0ce34b866b097cb6ac1396d2b30100)
| -rw-r--r-- | keystone/common/ldap/core.py | 6 | ||||
| -rw-r--r-- | keystone/tests/test_backend_ldap.py | 9 |
2 files changed, 12 insertions, 3 deletions
diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py index be4671f92..be17069a5 100644 --- a/keystone/common/ldap/core.py +++ b/keystone/common/ldap/core.py @@ -1670,10 +1670,10 @@ class EnabledEmuMixIn(BaseLdap): naming_attr = (naming_attr_name, [naming_attr_value]) else: # Extract the attribute name and value from the configured DN. - naming_dn = utf8_decode( - ldap.dn.str2dn(utf8_encode(self.enabled_emulation_dn))) + naming_dn = ldap.dn.str2dn(utf8_encode(self.enabled_emulation_dn)) naming_rdn = naming_dn[0][0] - naming_attr = (naming_rdn[0], [naming_rdn[1]]) + naming_attr = (utf8_decode(naming_rdn[0]), + utf8_decode(naming_rdn[1])) self.enabled_emulation_naming_attr = naming_attr def _get_enabled(self, object_id): diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py index aef7ca7c1..3f7cfd6a5 100644 --- a/keystone/tests/test_backend_ldap.py +++ b/keystone/tests/test_backend_ldap.py @@ -1836,6 +1836,15 @@ class LDAPIdentityEnabledEmulation(LDAPIdentity): self.identity_api.get_user, user['id']) + def test_user_auth_emulated(self): + self.config_fixture.config(group='ldap', + user_enabled_emulation_dn='cn=test,dc=test') + self.reload_backends(CONF.identity.default_domain_id) + self.identity_api.authenticate( + context={}, + user_id=self.user_foo['id'], + password=self.user_foo['password']) + def test_user_enable_attribute_mask(self): self.skipTest( "Enabled emulation conflicts with enabled mask") |