Merge "Don't try to convert LDAP attributes to boolean" into stable/juno

3 files changed, 31 insertions, 6 deletions

diff --git a/keystone/common/ldap/core.py b/keystone/common/ldap/core.py
index 3427b17d3..e796d0306 100644
--- a/keystone/common/ldap/core.py
+++ b/keystone/common/ldap/core.py
@@ -125,16 +125,11 @@ def ldap2py(val):
     """Convert an LDAP formatted value to Python type used by OpenStack.
 
     Virtually all LDAP values are stored as UTF-8 encoded strings.
-    OpenStack prefers values which are Python types, e.g. unicode,
-    boolean, etc.
+    OpenStack prefers values which are unicode friendly.
 
     :param val: LDAP formatted value
     :returns: val converted to preferred Python type
     """
-    try:
-        return LDAP_VALUES[val]
-    except KeyError:
-        pass
     return utf8_decode(val)
 
 
diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py
index d46f675bb..e2ca050a9 100644
--- a/keystone/tests/test_backend_ldap.py
+++ b/keystone/tests/test_backend_ldap.py
@@ -649,6 +649,20 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
         # If this doesn't raise, then the test is successful.
         user = self.identity_api.create_user(user)
 
+    def test_create_user_with_boolean_string_names(self):
+        # Ensure that any attribute that is equal to the string 'TRUE'
+        # or 'FALSE' will not be converted to a boolean value, it
+        # should be returned as is.
+        boolean_strings = ['TRUE', 'FALSE', 'true', 'false', 'True', 'False',
+                           'TrUe' 'FaLse']
+        for name in boolean_strings:
+            user = {
+                'name': name,
+                'domain_id': CONF.identity.default_domain_id}
+            user_ref = self.identity_api.create_user(user)
+            user_info = self.identity_api.get_user(user_ref['id'])
+            self.assertEqual(name, user_info['name'])
+
     def test_unignored_user_none_mapping(self):
         # Ensure that an attribute that maps to None that is not explicitly
         # ignored in configuration is implicitly ignored without triggering
diff --git a/keystone/tests/unit/common/test_ldap.py b/keystone/tests/unit/common/test_ldap.py
index 183d0ba5c..1b3a6984a 100644
--- a/keystone/tests/unit/common/test_ldap.py
+++ b/keystone/tests/unit/common/test_ldap.py
@@ -484,3 +484,19 @@ class CommonLdapTestCase(tests.BaseTestCase):
         # flag should be 225, the 0 is dropped.
         self.assertEqual(expected_bitmask, py_result[0][1]['enabled'][0])
         self.assertEqual(user_id, py_result[0][1]['user_id'][0])
+
+    def test_user_id_and_user_name_with_boolean_string(self):
+        boolean_strings = ['TRUE', 'FALSE', 'true', 'false', 'True', 'False',
+                           'TrUe' 'FaLse']
+        for user_name in boolean_strings:
+            user_id = uuid.uuid4().hex
+            result = [(
+                'cn=dummy,dc=example,dc=com',
+                {
+                    'user_id': [user_id],
+                    'user_name': [user_name]
+                }
+            ), ]
+            py_result = ks_ldap.convert_ldap_result(result)
+            # The user name should still be a string value.
+            self.assertEqual(user_name, py_result[0][1]['user_name'][0])