[Bug 1798184] Re: [SRU] PY3: python3-ldap does not allow bytes for DN/RDN/field names

Brian Murray brian at ubuntu.com
Tue Mar 19 21:07:40 UTC 2019


Hello Corey, or anyone else affected,

Accepted keystone into cosmic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/keystone/2:14.0.1-0ubuntu3 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-cosmic to verification-done-cosmic. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-cosmic. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Tags removed: verification-failed verification-failed-cosmic
** Tags added: verification-needed verification-needed-cosmic

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1798184

Title:
  [SRU] PY3: python3-ldap does not allow bytes for DN/RDN/field names

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive rocky series:
  Triaged
Status in Ubuntu Cloud Archive stein series:
  Fix Released
Status in OpenStack Identity (keystone):
  Fix Released
Status in ldappool:
  Fix Released
Status in keystone package in Ubuntu:
  Fix Released
Status in python-ldappool package in Ubuntu:
  Fix Released
Status in keystone source package in Cosmic:
  Fix Committed
Status in python-ldappool source package in Cosmic:
  Fix Committed
Status in keystone source package in Disco:
  Fix Released
Status in python-ldappool source package in Disco:
  Fix Released

Bug description:
  [Impact]
  Keystone LDAP backend doesn't work for PY3.

  Under Python 2, python-ldap uses bytes by default. Under Python 3 this
  is removed and bytes aren't allowed for DN/RDN/field names.

  More details are here: http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode
  and here: https://github.com/python-ldap/python-ldap/blob/python-ldap-3.1.0/Lib/ldap/ldapobject.py#L111

  == initial traceback ==

  Here's the initial traceback from the failure:
  https://paste.ubuntu.com/p/67THZb2m5m/

  The last bit of the error is:

    File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 314, in _ldap_call
      result = func(*args,**kwargs)
  TypeError: simple_bind() argument 1 must be str or None, not bytes

  A closer look at func shows:

  func=<built-in method simple_bind of LDAP object at 0x7f9d0177b760>
  args=(b'cn=admin,dc=test,dc=com', b'crapper', None, None)

  == keystone ldap backend use of python-ldap ==

  In simple_bind_s() of keystone's ldap backend, who and cred are
  encoded as byte strings:

  https://github.com/openstack/keystone/blob/14.0.0/keystone/identity/backends/ldap/common.py#L885

  but that appears to no longer be valid use of python-ldap for py3.

  
  [Test Case]

  Run charm-keystone-ldap functional tests for OpenStack Rocky or above.

  [Regression Potential]
  The only regression potential would be for PY2 code paths. PY3 code paths never worked for keystone's LDAP backend. The approach to the patch have purposefully minimized amount of code required and therefore regression potential for PY2. Note that Rocky for Ubuntu supports PY2 but as of Stein Ubuntu has dropped PY2 support.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1798184/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list