Browse Source

Merge "Properly handle octet (byte) strings when converting LDAP responses" into stable/train

changes/22/769222/1
Zuul 1 month ago
committed by Gerrit Code Review
parent
commit
6df6aec584
3 changed files with 30 additions and 1 deletions
  1. +11
    -1
      keystone/identity/backends/ldap/common.py
  2. +14
    -0
      keystone/tests/unit/identity/backends/test_ldap_common.py
  3. +5
    -0
      releasenotes/notes/bug-1889936-78d6853b5212b8f1.yaml

+ 11
- 1
keystone/identity/backends/ldap/common.py View File

@@ -17,6 +17,7 @@ import codecs
import os.path
import re
import sys
import uuid
import weakref

import ldap.controls
@@ -94,7 +95,16 @@ def utf8_decode(value):
:raises UnicodeDecodeError: for invalid UTF-8 encoding
"""
if isinstance(value, six.binary_type):
return _utf8_decoder(value)[0]
try:
return _utf8_decoder(value)[0]
except UnicodeDecodeError:
# NOTE(lbragstad): We could be dealing with a UUID in byte form,
# which some LDAP implementations use.
uuid_byte_string_length = 16
if len(value) == uuid_byte_string_length:
return six.text_type(uuid.UUID(bytes_le=value))
else:
raise
return six.text_type(value)




+ 14
- 0
keystone/tests/unit/identity/backends/test_ldap_common.py View File

@@ -520,6 +520,20 @@ class CommonLdapTestCase(unit.BaseTestCase):
# The user name should still be a string value.
self.assertEqual(user_name, py_result[0][1]['user_name'][0])

def test_user_id_attribute_is_uuid_in_byte_form(self):
results = [(
'cn=alice,dc=example,dc=com',
{
'cn': [b'cn=alice'],
'objectGUID': [b'\xdd\xd8Rt\xee]bA\x8e(\xe39\x0b\xe1\xf8\xe8'],
'email': [uuid.uuid4().hex],
'sn': [uuid.uuid4().hex]
}
)]
py_result = common_ldap.convert_ldap_result(results)
exp_object_guid = '7452d8dd-5dee-4162-8e28-e3390be1f8e8'
self.assertEqual(exp_object_guid, py_result[0][1]['objectGUID'][0])


class LDAPFilterQueryCompositionTest(unit.BaseTestCase):
"""These test cases test LDAP filter generation."""


+ 5
- 0
releasenotes/notes/bug-1889936-78d6853b5212b8f1.yaml View File

@@ -0,0 +1,5 @@
---
fixes:
- |
[`bug 1889936 <https://bugs.launchpad.net/keystone/+bug/1889936>`_]
Properly decode octet strings, or byte arrays, returned from LDAP.

Loading…
Cancel
Save