Merge "Avoid conversion of binary LDAP values" into stable/icehouse
This commit is contained in:
commit
b31fc6da27
|
@ -584,7 +584,8 @@ class RoleApi(common_ldap.BaseLdap):
|
|||
query = '(objectClass=%s)' % self.object_class
|
||||
|
||||
try:
|
||||
roles = conn.search_s(tenant_dn, ldap.SCOPE_ONELEVEL, query)
|
||||
roles = conn.search_s(tenant_dn, ldap.SCOPE_ONELEVEL, query,
|
||||
[self.member_attribute])
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
return []
|
||||
finally:
|
||||
|
@ -620,7 +621,7 @@ class RoleApi(common_ldap.BaseLdap):
|
|||
try:
|
||||
roles = conn.search_s(project_subtree,
|
||||
ldap.SCOPE_SUBTREE,
|
||||
query)
|
||||
query, ['1.1'])
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
return []
|
||||
finally:
|
||||
|
@ -645,7 +646,8 @@ class RoleApi(common_ldap.BaseLdap):
|
|||
conn = self.get_connection()
|
||||
query = '(objectClass=%s)' % self.object_class
|
||||
try:
|
||||
roles = conn.search_s(tenant_dn, ldap.SCOPE_ONELEVEL, query)
|
||||
roles = conn.search_s(tenant_dn, ldap.SCOPE_ONELEVEL, query,
|
||||
['1.1'])
|
||||
for role_dn, _ in roles:
|
||||
try:
|
||||
conn.delete_s(role_dn)
|
||||
|
@ -671,7 +673,8 @@ class RoleApi(common_ldap.BaseLdap):
|
|||
try:
|
||||
for role_dn, _ in conn.search_s(tenant_dn,
|
||||
ldap.SCOPE_SUBTREE,
|
||||
query):
|
||||
query,
|
||||
['1.1']):
|
||||
conn.delete_s(role_dn)
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
pass
|
||||
|
@ -688,7 +691,8 @@ class RoleApi(common_ldap.BaseLdap):
|
|||
try:
|
||||
roles = conn.search_s(project_tree_dn,
|
||||
ldap.SCOPE_SUBTREE,
|
||||
query)
|
||||
query,
|
||||
[self.member_attribute])
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
return []
|
||||
finally:
|
||||
|
|
|
@ -140,14 +140,19 @@ def convert_ldap_result(ldap_result):
|
|||
py_result = []
|
||||
at_least_one_referral = False
|
||||
for dn, attrs in ldap_result:
|
||||
ldap_attrs = {}
|
||||
if dn is None:
|
||||
# this is a Referral object, rather than an Entry object
|
||||
at_least_one_referral = True
|
||||
continue
|
||||
|
||||
py_result.append((utf8_decode(dn),
|
||||
dict((kind, [ldap2py(x) for x in values])
|
||||
for kind, values in six.iteritems(attrs))))
|
||||
for kind, values in six.iteritems(attrs):
|
||||
try:
|
||||
ldap_attrs[kind] = [ldap2py(x) for x in values]
|
||||
except UnicodeDecodeError:
|
||||
LOG.debug('Unable to decode value for attribute %s ', kind)
|
||||
|
||||
py_result.append((utf8_decode(dn), ldap_attrs))
|
||||
if at_least_one_referral:
|
||||
LOG.debug(_('Referrals were returned and ignored. Enable referral '
|
||||
'chasing in keystone.conf via [ldap] chase_referrals'))
|
||||
|
@ -467,7 +472,8 @@ class BaseLdap(object):
|
|||
{'id_attr': self.id_attr,
|
||||
'id': ldap.filter.escape_filter_chars(
|
||||
six.text_type(object_id)),
|
||||
'objclass': self.object_class})
|
||||
'objclass': self.object_class},
|
||||
['1.1'])
|
||||
finally:
|
||||
conn.unbind_s()
|
||||
if search_result:
|
||||
|
|
|
@ -1099,6 +1099,21 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
|||
self.assertEqual(mock_ldap_get.return_value[1]['eMaIl'][0],
|
||||
user['email'])
|
||||
|
||||
def test_binary_attribute_values(self):
|
||||
result = [(
|
||||
'cn=junk,dc=example,dc=com',
|
||||
{
|
||||
'cn': ['junk'],
|
||||
'sn': [uuid.uuid4().hex],
|
||||
'mail': [uuid.uuid4().hex],
|
||||
'binary_attr': ['\x00\xFF\x00\xFF']
|
||||
}
|
||||
), ]
|
||||
py_result = common_ldap_core.convert_ldap_result(result)
|
||||
# The attribute containing the binary value should
|
||||
# not be present in the converted result.
|
||||
self.assertNotIn('binary_attr', py_result[0][1])
|
||||
|
||||
def test_parse_extra_attribute_mapping(self):
|
||||
option_list = ['description:name', 'gecos:password',
|
||||
'fake:invalid', 'invalid1', 'invalid2:',
|
||||
|
|
Loading…
Reference in New Issue