Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1361754 - [RGW-LDAP] :- RGW doesn't differentiate between local user and LDAP user with the same name
[RGW-LDAP] :- RGW doesn't differentiate between local user and LDAP user wit...
Status: ASSIGNED
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: RGW (Show other bugs)
2.0
x86_64 Unspecified
high Severity high
: rc
: 4.0
Assigned To: Pritha Srivastava
ceph-qe-bugs
Bara Ancincova
: Triaged
Depends On:
Blocks: 1322504 1383917 1412948 1494421
  Show dependency treegraph
 
Reported: 2016-07-30 01:06 EDT by shylesh
Modified: 2018-10-18 13:09 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
.An LDAP user can access buckets created by a local RGW user with the same name The RADOS Object Gateway (RGW) does not differentiate between a local RGW user and an LDAP user with the same name. As a consequence, the LDAP user can access the buckets created by the local RGW user. To work around this issue, use different names for RGW and LDAP users.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description shylesh 2016-07-30 01:06:03 EDT 
Description of problem:
If we have  local rgw user and an LDAP user with the same name then RGW doesn't differentiate between them. so a bucket created by local user will be visible to ldap user. Not sure is this expected behaviour else it will be a security flaw.

Version-Release number of selected component (if applicable):
10.2.2-24redhat1xenial

How reproducible:
Always


Steps to Reproduce:
1.configure rgw , created a local user with name "user1" and create few buckets with keys
2.setup ldap and create an user with same name "user1"
3.from s3 api authenticate ldap user "user1" and try to list buckets

Actual results:
All the buckets of local rgw user "user1" will be listed even though we have userd ldap user's key
Comment 14 Matt Benjamin (redhat) 2018-04-02 08:44:26 EDT 
Pritha's fix has been pending upstream, looks like it can be merged by 4, not needed for 3.x.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.