diff options
author | Zuul <zuul@review.opendev.org> | 2022-06-14 13:38:18 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2022-06-14 13:38:18 +0000 |
commit | 9477584a396ca0e3352567847afe6f862718f625 (patch) | |
tree | b691ea412b3360d885a6fb25b8de708e38247272 | |
parent | 97a63ca8d548a6b8381280cccf0a80062060bd6a (diff) | |
parent | 256dbe9fe8a7b40dc8f1fd65cc004c92a5721940 (diff) | |
download | keystone-9477584a396ca0e3352567847afe6f862718f625.tar.gz |
Merge "Fix issue with LDAP backend returning bytes instead of string" into stable/ussuri
-rw-r--r-- | keystone/identity/backends/ldap/common.py | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/keystone/identity/backends/ldap/common.py b/keystone/identity/backends/ldap/common.py index d4cdda845..dc6a0010b 100644 --- a/keystone/identity/backends/ldap/common.py +++ b/keystone/identity/backends/ldap/common.py @@ -1400,9 +1400,24 @@ class BaseLdap(object): pass else: try: - obj[k] = v[0] + value = v[0] except IndexError: - obj[k] = None + value = None + + # NOTE(xek): Some LDAP servers return bytes data type + # We convert it to string here, so that it is consistent with + # the other (SQL) backends. + # Bytes data type caused issues in the past, because it could + # be cached and then passed into str() method to be used as + # LDAP filters, which results in an unexpected b'...' prefix. + if isinstance(value, bytes): + try: + value = value.decode('utf-8') + except UnicodeDecodeError: + LOG.error("Error decoding value %r (object id %r).", + value, res[0]) + raise + obj[k] = value return obj |