Bug 991686
Summary: | LDAP Gecos field and broken authorisation | ||
---|---|---|---|
Product: | [Retired] Pulp | Reporter: | redbugzilla |
Component: | user-experience | Assignee: | Sayli Karmarkar <skarmark> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Preethi Thomas <pthomas> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | Master | CC: | cperry, leprasmurf |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | 2.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-12-09 14:30:25 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
redbugzilla
2013-08-03 16:09:42 UTC
There's something wrong with the check function in /usr/lib/python2.6/site-packages/pulp/servermanagers/auth/user/cud.py. Comment out lines 70 and 71 and the authentication appears to succeed. The user is created, at the least. /usr/lib/python2.6/site-packages/pulp/servermanagers/auth/user/cud.py # if invalid_type(name, basestring): # invalid_values.append('name') Tim, Thanks for all the details in the bug report. I checked our code and it does look like our parsing of LDAP gecos field maybe wrong. A user in pulp has a 'name' attribute which stores full name of the user. For LDAP users, we parse gecos field (expecting it to be of type basestring) and use it as the 'name' of given user. It looks like what we are receiving in the gecos field in this case is an array and not a string, resulting in an invalid value error. When you are adding LDAP users, if you can pass just the name of the user instead of an array with the name inside it, it will authenticate and authorize without any issues. I will also look some more and see whether a standard format of gecos field in LDAP is an array. If that is the case, it makes sense for us to fix this on our side. Looked some more and it looks like usually, gecos attribute is a string with user's full name, but it can sometimes contain a list with multiple entries. No matter what, Pulp should have an additional check in there to make sure it is a string before adding it to user's name attribute. Aligning it to an earlier release to get it done sooner. commit f459b67e1fe765d9d68bada4c0e13732135c5d6f Author: Sayli Karmarkar <skarmark> Date: Wed Aug 28 01:00:42 2013 -0700 fixed broken ldap authorisation when gecos field contains a list instead of a string with user's fullname Merged. build: 2.3.0-0.10.alpha verified running the following script passed [root@preethi ~]# python populate_users_new.py See populate.log for descriptive output. [root@preethi ~]# [root@preethi ~]# pulp-admin auth user list +----------------------------------------------------------------------+ Users +----------------------------------------------------------------------+ Login: admin Name: admin Login: pulpuser1 Name: pulpuser1 Pulp 2.3 released. |