Description of problem: If we have local rgw user and an LDAP user with the same name then RGW doesn't differentiate between them. so a bucket created by local user will be visible to ldap user. Not sure is this expected behaviour else it will be a security flaw. Version-Release number of selected component (if applicable): 10.2.2-24redhat1xenial How reproducible: Always Steps to Reproduce: 1.configure rgw , created a local user with name "user1" and create few buckets with keys 2.setup ldap and create an user with same name "user1" 3.from s3 api authenticate ldap user "user1" and try to list buckets Actual results: All the buckets of local rgw user "user1" will be listed even though we have userd ldap user's key
Pritha's fix has been pending upstream, looks like it can be merged by 4, not needed for 3.x.
I have closed this issue because it has been inactive for some time now. If you feel this still deserves attention feel free to reopen it.
Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. Regards, Giri
We've not fixed this issue in the last 4 years and several releases. No one complained thus far. I suggest close-deferred for the time being.
(In reply to Yaniv Kaul from comment #24) > We've not fixed this issue in the last 4 years and several releases. No one > complained thus far. I suggest close-deferred for the time being. Closing. Please re-open if relevant.