Merge "Implicitly ignore attributes that are mapped to None in LDAP"

2014-07-22 16:37:06 +00:00 · 2014-07-22 16:37:06 +00:00 · 4fed413cd3
parent 95850c01c1 10a3edb780
commit 4fed413cd3
2 changed files with 25 additions and 1 deletions
--- a/keystone/common/ldap/core.py
+++ b/keystone/common/ldap/core.py
@ -1009,7 +1009,12 @@ class BaseLdap(object):
                continue

            try:
-                v = lower_res[self.attribute_mapping.get(k, k).lower()]
+                map_attr = self.attribute_mapping.get(k, k)
+                if map_attr is None:
+                    # Ignore attributes that are mapped to None.
+                    continue
+
+                v = lower_res[map_attr.lower()]
            except KeyError:
                pass
            else:
--- a/keystone/tests/test_backend_ldap.py
+++ b/keystone/tests/test_backend_ldap.py
@ -632,6 +632,25 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
        # If this doesn't raise, then the test is successful.
        user = self.identity_api.create_user(user)

+    def test_unignored_user_none_mapping(self):
+        # Ensure that an attribute that maps to None that is not explicitly
+        # ignored in configuration is implicitly ignored without triggering
+        # an error.
+        conf = self.get_config(CONF.identity.default_domain_id)
+        conf.ldap.user_attribute_ignore = ['enabled', 'email',
+                                           'tenants', 'tenantId']
+        self.reload_backends(CONF.identity.default_domain_id)
+
+        user = {'name': u'fäké1',
+                'password': u'fäképass1',
+                'domain_id': CONF.identity.default_domain_id,
+                }
+
+        user_ref = self.identity_api.create_user(user)
+
+        # If this doesn't raise, then the test is successful.
+        self.identity_api.get_user(user_ref['id'])
+
    def test_update_user_name(self):
        """A user's name cannot be changed through the LDAP driver."""
        self.assertRaises(exception.Conflict,