[Bug 1850634] Please test proposed package

Fri Dec 13 13:24:31 UTC 2019

Hello Corey, or anyone else affected,

Accepted keystone into queens-proposed. The package will build now and
be available in the Ubuntu Cloud Archive in a few hours, and then in the
-proposed repository.

Please help us by testing this new package. To enable the -proposed
repository:

  sudo add-apt-repository cloud-archive:queens-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-queens-needed to verification-queens-done. If it does
not fix the bug for you, please add a comment stating that, and change
the tag to verification-queens-failed. In either case, details of your
testing will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance!

** Tags added: verification-queens-needed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1850634

Title:
  queens regresion: _dn_to_id() not using utf8_encode/decode

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive queens series:
  Fix Committed
Status in OpenStack Identity (keystone):
  Triaged
Status in keystone package in Ubuntu:
  Invalid
Status in keystone source package in Bionic:
  Fix Committed

Bug description:
  [Impact]

  There's a regression in the LDAP common backend code due to a recent
  stable/queens backport that shouldn't have been backported past
  stable/rocky. It was backported as part of the fixes for
  https://bugs.launchpad.net/bugs/1782922.

  The following patch shouldn't have been backported to stable/queens:
  https://review.opendev.org/#/c/672519/

  The reason why is because the following patch, which switched to bytes_mode=False, doesn't exist in stable/queens:
  https://review.opendev.org/#/c/613648/
  In particular see the changes to _dn_to_id() in https://review.opendev.org/#/c/613648/4/keystone/identity/backends/ldap/common.py.

  Those changes didn't happen in stable/queens so _dn_to_id should still
  be UTF-8 encoding/decoding the appropriate fields. In other words it
  should still be using the following in stable/queens:

          if self.id_attr == utf8_decode(
                  ldap.dn.str2dn(utf8_encode(dn))[0][0][0].lower()):
              return utf8_decode(ldap.dn.str2dn(utf8_encode(dn))[0][0][1])

  [Test Case]
  See test case in https://bugs.launchpad.net/bugs/1782922.

  [Regression Potential]
  The code that will be fixed for this bug (ie. the code in the if statement) is being reverted to what it used to be prior to the bug fix for https://bugs.launchpad.net/bugs/1782922. Prior to 1782922, _dn_to_id() used to only consist of the code that is in the if statment, so the regression potential is very low. Code will be tested to minimize regression potential and patch has been submitted upstream.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1850634/+subscriptions