Bug 1300395

Summary: Rebase openstack-keystone to 8.0.1
Product: Red Hat OpenStack Reporter: Nathan Kinder <nkinder>
Component: openstack-keystoneAssignee: Nathan Kinder <nkinder>
Status: CLOSED ERRATA QA Contact: nlevinki <nlevinki>
Severity: high Docs Contact:
Priority: high    
Version: 8.0 (Liberty)CC: jdennis, jschluet, mlopes, nkinder, sasha, sclewis, yeylon
Target Milestone: gaKeywords: Rebase, Triaged
Target Release: 8.0 (Liberty)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-keystone-8.0.1-1.el7ost Doc Type: Rebase: Bug Fixes Only
Doc Text:
This rebase package for Identity Service addresses the following issues: * Identity Service (keystone) uses a hard-coded LDAP membership attribute when checking if a user is enabled, if the 'enabled emulation' feature is being used. Consequently, users who were `enabled` may show as `disabled` if an unexpected LDAP membership attribute is used. With this fix, the 'enabled emulation' membership check now uses the configurable LDAP membership attribute that is used for group resources. As a result, the 'enabled' status for users is shown correctly when different LDAP membership attributes are configured. (Launchpad bug #1515302, Red Hat BZ#1282944) * If a user_id just happens to be of 16 character length, the Identity service could incorrectly assume that it was handling a UUID value when using the Fernet token provider. This would trigger a "Could not find user" error in the Identity service logs. This has been corrected to properly handle 16 character user IDs. (Launchpad bug #1497461)
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-07 21:25:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nathan Kinder 2016-01-20 16:23:34 UTC 
We need to rebase openstack-keystone to the 8.0.1 release from the liberty/stable branch for RHEL OSP8, as there is at least one bug in there which we've backported to earlier RHEL OSP releases.
Comment 5 nlevinki 2016-02-02 09:55:50 UTC 
rpm -qa |grep keystone
openstack-keystone-8.0.1-1.el7ost.noarch
python-keystoneclient-1.7.2-1.el7ost.noarch
python-keystonemiddleware-2.3.1-1.el7ost.noarch
python-keystone-8.0.1-1.el7ost.noarch
python-keystoneauth1-1.1.0-4.el7ost.noarch
Comment 6 errata-xmlrpc 2016-04-07 21:25:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0603.html