OpenStack Identity (keystone)

LDAP Referrals were returned and ignored

Bug #1800077 reported by Divya K Konoor
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
In Progress
Low
Unassigned

Bug Description

I am using OpenStack with a Windows Active Directory Server, such that the [LDAP] chase referrals attribute is set to True. The LDAP search flow reaches the convert_ldap_result(ldap_result) function inside https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py and the search returns one or more referrals as well. The flow logs the below:

https://github.com/openstack/keystone/blob/master/keystone/identity/backends/ldap/common.py#L180-L182

if at_least_one_referral:
        LOG.debug('Referrals were returned and ignored. Enable referral '
'chasing in keystone.conf via [ldap] chase_referrals')

In my case, the above statement does get logged but the log statement is either incorrect or misleading. There are 2 problems here >>
1. Why does the ldap search bother to search and return referrals if they are going to be ignored anyway?
2. The above message also leads us to believe that the referrals were ignored because the value of chase referrals was False, which is clearly not the case here.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/619336

Changed in keystone:
assignee: nobody → Lance Bragstad (lbragstad)
status: New → In Progress
Revision history for this message
Lance Bragstad (lbragstad) wrote :

Unassigning myself for now in case anyone has time to pick up what's in review [0].

[0] https://review.openstack.org/#/c/619336/

Changed in keystone:
importance: Undecided → Low
assignee: Lance Bragstad (lbragstad) → nobody
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (master)

Change abandoned by Lance Bragstad (<email address hidden>) on branch: master
Review: https://review.opendev.org/619336
Reason: Abandoning this since I haven't updated it in over a year. Someone is more than welcome to pick this up and carry it forward.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.