OpenStack Identity (keystone)

  1. Bug #1798184
  2. Comment #0

Comment 0 for bug 1798184

Revision history for this message
Corey Bryant (corey.bryant) wrote : PY3: python3-ldap does not allow bytes for no bytes for DN/RDN/field names

Under Python 2, python-ldap uses bytes by default. Under Python 3 this is removed and bytes aren't allowed for DN/RDN/field names.

More details are here: http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode
and here: https://github.com/python-ldap/python-ldap/blob/python-ldap-3.1.0/Lib/ldap/ldapobject.py#L111

== initial traceback ==

Here's the initial traceback from the failure: https://paste.ubuntu.com/p/67THZb2m5m/

The last bit of the error is:

  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 314, in _ldap_call
    result = func(*args,**kwargs)
TypeError: simple_bind() argument 1 must be str or None, not bytes

A closer look at func shows:

func=<built-in method simple_bind of LDAP object at 0x7f9d0177b760>
args=(b'cn=admin,dc=test,dc=com', b'crapper', None, None)

== keystone ldap backend use of python-ldap ==

In simple_bind_s() of keystone's ldap backend, who and cred are encoded as byte strings:

https://github.com/openstack/keystone/blob/14.0.0/keystone/identity/backends/ldap/common.py#L885

but that appears to no longer be valid use of python-ldap for py3.