Back to bug 1300395
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla Rules Engine | 2016-01-20 16:23:35 UTC | Target Release | --- | 8.0 |
| Nathan Kinder | 2016-01-20 16:24:50 UTC | Priority | unspecified | high |
| CC | rhos-flags | |||
| Target Milestone | --- | ga | ||
| Flags | needinfo?(rhos-flags) | |||
| Alan Pevec | 2016-01-20 16:36:58 UTC | Keywords | Triaged | |
| Nathan Kinder | 2016-01-20 17:50:35 UTC | Keywords | Rebase | |
| Red Hat Bugzilla | 2016-01-20 17:50:35 UTC | Doc Type | Bug Fix | Rebase: Bug Fixes and Enhancements |
| Nathan Kinder | 2016-01-20 17:52:37 UTC | Status | NEW | ASSIGNED |
| Assignee | ayoung | nkinder | ||
| Nathan Kinder | 2016-01-20 18:28:13 UTC | Doc Text | Important: if this rebase also contains *enhancements* (or contains only enhancements), select the correct option from the Doc Type drop-down list. Rebase package(s) to version: 8.0.1 Highlights and important bug fixes: * A hard-coded LDAP membership attribute was used by the Identity service when checking if a user is enabled if the "enabled emulation" feature is being used. This would cause users who are enabled may show as disabled if an unexpected LDAP membership attribute is used. The "enabled emulation" membership check now uses the configurable LDAP membership attribute that is used for group resources. (Launchpad bug #1515302, rhbz#1282944) * If a user_id just happens to be of 16 character length, the Identity service could incorrectly assume that it was handling a UUID value. This would trigger a "Could not find user" error in the Identity service logs. This has been corrected to properly handle 16 character user IDs. (Launchpad bug #1497461) | |
| Doc Type | Rebase: Bug Fixes and Enhancements | Rebase: Bug Fixes Only | ||
| Nathan Kinder | 2016-01-20 18:30:37 UTC | Doc Text | Important: if this rebase also contains *enhancements* (or contains only enhancements), select the correct option from the Doc Type drop-down list. Rebase package(s) to version: 8.0.1 Highlights and important bug fixes: * A hard-coded LDAP membership attribute was used by the Identity service when checking if a user is enabled if the "enabled emulation" feature is being used. This would cause users who are enabled may show as disabled if an unexpected LDAP membership attribute is used. The "enabled emulation" membership check now uses the configurable LDAP membership attribute that is used for group resources. (Launchpad bug #1515302, rhbz#1282944) * If a user_id just happens to be of 16 character length, the Identity service could incorrectly assume that it was handling a UUID value. This would trigger a "Could not find user" error in the Identity service logs. This has been corrected to properly handle 16 character user IDs. (Launchpad bug #1497461) | Important: if this rebase also contains *enhancements* (or contains only enhancements), select the correct option from the Doc Type drop-down list. Rebase package(s) to version: 8.0.1 Highlights and important bug fixes: * A hard-coded LDAP membership attribute was used by the Identity service when checking if a user is enabled if the "enabled emulation" feature is being used. This would cause users who are enabled may show as disabled if an unexpected LDAP membership attribute is used. The "enabled emulation" membership check now uses the configurable LDAP membership attribute that is used for group resources. (Launchpad bug #1515302, rhbz#1282944) * If a user_id just happens to be of 16 character length, the Identity service could incorrectly assume that it was handling a UUID value when using the Fernet token provider. This would trigger a "Could not find user" error in the Identity service logs. This has been corrected to properly handle 16 character user IDs. (Launchpad bug #1497461) |
| Jon Schlueter | 2016-01-20 18:32:55 UTC | CC | jschluet | |
| Jon Schlueter | 2016-01-20 18:33:25 UTC | Flags | needinfo?(rhos-flags) | |
| Scott Lewis | 2016-01-20 18:48:41 UTC | CC | sclewis | |
| Nathan Kinder | 2016-01-20 18:51:53 UTC | Status | ASSIGNED | MODIFIED |
| Fixed In Version | openstack-keystone-8.0.1-1.el7ost | |||
| Alexander Chuzhoy | 2016-01-20 20:08:10 UTC | CC | sasha | |
| errata-xmlrpc | 2016-01-21 19:38:32 UTC | Status | MODIFIED | ON_QA |
| Jon Schlueter | 2016-01-21 19:48:27 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2016-01-22 21:26:27 UTC | Status | MODIFIED | ON_QA |
| nlevinki | 2016-02-02 09:55:50 UTC | Status | ON_QA | VERIFIED |
| Martin Lopes | 2016-03-22 04:23:17 UTC | CC | mlopes | |
| Doc Text | Important: if this rebase also contains *enhancements* (or contains only enhancements), select the correct option from the Doc Type drop-down list. Rebase package(s) to version: 8.0.1 Highlights and important bug fixes: * A hard-coded LDAP membership attribute was used by the Identity service when checking if a user is enabled if the "enabled emulation" feature is being used. This would cause users who are enabled may show as disabled if an unexpected LDAP membership attribute is used. The "enabled emulation" membership check now uses the configurable LDAP membership attribute that is used for group resources. (Launchpad bug #1515302, rhbz#1282944) * If a user_id just happens to be of 16 character length, the Identity service could incorrectly assume that it was handling a UUID value when using the Fernet token provider. This would trigger a "Could not find user" error in the Identity service logs. This has been corrected to properly handle 16 character user IDs. (Launchpad bug #1497461) | This rebase package for Identity Service addresses the following issues: * Identity Service (keystone) uses a hard-coded LDAP membership attribute when checking if a user is enabled, if the 'enabled emulation' feature is being used. Consequently, users who were `enabled` may show as `disabled` if an unexpected LDAP membership attribute is used. With this fix, the 'enabled emulation' membership check now uses the configurable LDAP membership attribute that is used for group resources. As a result, the 'enabled' status for users is shown correctly when different LDAP membership attributes are configured. (Launchpad bug #1515302, Red Hat BZ#1282944) * If a user_id just happens to be of 16 character length, the Identity service could incorrectly assume that it was handling a UUID value when using the Fernet token provider. This would trigger a "Could not find user" error in the Identity service logs. This has been corrected to properly handle 16 character user IDs. (Launchpad bug #1497461) |
||
| errata-xmlrpc | 2016-04-07 21:25:23 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-04-07 17:25:23 UTC | |||
| Perry Myers | 2016-04-26 17:39:04 UTC | CC | pmyers |
Back to bug 1300395