"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "keystone/identity/backends/ldap/common.py" between
keystone-15.0.0.tar.gz and keystone-15.0.1.tar.gz

About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Stein" series (maintained release).

common.py  (keystone-15.0.0):common.py  (keystone-15.0.1)
skipping to change at line 1267 skipping to change at line 1267
'id': ldap.filter.escape_filter_chars( 'id': ldap.filter.escape_filter_chars(
six.text_type(object_id)), six.text_type(object_id)),
'objclass': self.object_class}, 'objclass': self.object_class},
attrlist=DN_ONLY) attrlist=DN_ONLY)
if search_result: if search_result:
dn, attrs = search_result[0] dn, attrs = search_result[0]
return dn return dn
else: else:
return self._id_to_dn_string(object_id) return self._id_to_dn_string(object_id)
@staticmethod def _dn_to_id(self, dn):
def _dn_to_id(dn): # Check if the naming attribute in the DN is the same as keystone's
return ldap.dn.str2dn(dn)[0][0][1] # configured 'id' attribute'. If so, extract the ID value from the DN
if self.id_attr == ldap.dn.str2dn(dn)[0][0][0].lower():
return ldap.dn.str2dn(dn)[0][0][1]
else:
# The 'ID' attribute is NOT in the DN, so we need to perform an
# LDAP search to look it up from the user entry itself.
with self.get_connection() as conn:
search_result = conn.search_s(dn, ldap.SCOPE_BASE)
if search_result:
try:
id_list = search_result[0][1][self.id_attr]
except KeyError:
message = ('ID attribute %(id_attr)s not found in LDAP '
'object %(dn)s.') % ({'id_attr': self.id_attr,
'dn': search_result})
LOG.warning(message)
raise exception.NotFound(message=message)
if len(id_list) > 1:
message = ('In order to keep backward compatibility, in '
'the case of multivalued ids, we are '
'returning the first id %(id_attr) in the '
'DN.') % ({'id_attr': id_list[0]})
LOG.warning(message)
return id_list[0]
else:
message = _('DN attribute %(dn)s not found in LDAP') % (
{'dn': dn})
raise exception.NotFound(message=message)
def _ldap_res_to_model(self, res): def _ldap_res_to_model(self, res):
# LDAP attribute names may be returned in a different case than # LDAP attribute names may be returned in a different case than
# they are defined in the mapping, so we need to check for keys # they are defined in the mapping, so we need to check for keys
# in a case-insensitive way. We use the case specified in the # in a case-insensitive way. We use the case specified in the
# mapping for the model to ensure we have a predictable way of # mapping for the model to ensure we have a predictable way of
# retrieving values later. # retrieving values later.
lower_res = {k.lower(): v for k, v in res[1].items()} lower_res = {k.lower(): v for k, v in res[1].items()}
id_attrs = lower_res.get(self.id_attr.lower()) id_attrs = lower_res.get(self.id_attr.lower())
 End of changes. 1 change blocks. 
3 lines changed or deleted 31 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)