OpenStack Identity (keystone)

  1. Bug #1361306
  2. Comment #0

Comment 0 for bug 1361306

Revision history for this message
Haneef Ali (haneef) wrote : Keysttone doesn't handle user_attribute_id mapping

By default keystone gets the id from first field of DN. It doesn't use user_id_attibute mapping from keystone.conf

In the following code, "id" attribute is always 1 element in DN
---Relevent code---

  @staticmethod
    def _dn_to_id(dn):
        return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

def _ldap_res_to_model(self, res):
        obj = self.model(id=self._dn_to_id(res[0]))
        # LDAP attribute names may be returned in a different case than
        # they are defined in the mapping, so we need to check for keys
        # in a case-insensitive way. We use the case specified in the
        # mapping for the model to ensure we have a predictable way of
        # retrieving values later.
        lower_res = dict((k.lower(), v) for k, v in six.iteritems(res[1]))
        for k in obj.known_keys:
            if k in self.attribute_ignore:
                continue

            try:
                v = lower_res[self.attribute_mapping.get(k, k).lower()]
            except KeyError:
                pass
            else:
                try:
                    obj[k] = v[0]
                except IndexError:
                    obj[k] = None

        return obj