a1dc21f3d3
The more common scenario to return the uid as part of the RDN in a DN, However, it's a valid case to not have the uid in the RDN, so we need to search in the LDAP based on the DN and return the uid in the entire object. Also, we do not support multivalued attribute id on DN, so the test case covering this case, it was adjusted for raise NotFound. Closes-Bug: 1782922 Change-Id: I87a3bfa94b5907ce4c6b4eb8e124ec948b390bf2
11 lines
497 B
YAML
11 lines
497 B
YAML
---
|
|
fixes:
|
|
- |
|
|
[`bug 1782922 <https://bugs.launchpad.net/keystone/+bug/1782922>`_]
|
|
Fixed the problem where Keystone indiscriminately return the first RDN
|
|
as the user ID, regardless whether it matches the configured
|
|
'user_id_attribute' or not. This will break deployments where
|
|
'group_members_are_ids' are set to False and 'user_id_attribute' is not
|
|
in the DN. This patch will perform a lookup by DN if the first RND does
|
|
not match the configured 'user_id_attribute'.
|