)]}'
{"id":"openstack%2Fkeystone~706791","triplet_id":"openstack%2Fkeystone~master~I390ae3e5e7227a1fbdd9686463246ab81d70ba0c","project":"openstack/keystone","branch":"master","topic":"bug/1798184","hashtags":[],"change_id":"I390ae3e5e7227a1fbdd9686463246ab81d70ba0c","subject":"Fixed support of UTF-8 DN when using LDAP connection pool.","status":"ABANDONED","created":"2020-02-10 10:52:29.000000000","updated":"2022-01-21 20:58:53.000000000","total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"cd31df17dafd811751e051d06b340f0ee3b7559c","_number":706791,"virtual_id_number":706791,"owner":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"actions":{},"labels":{"Verified":{"disliked":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"all":[{"tag":"autogenerated:zuul:check","value":-1,"date":"2020-02-19 17:42:15.000000000","permitted_voting_range":{"min":-2,"max":2},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},{"date":"2020-02-19 17:14:35.000000000","_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"}],"values":{"-2":"Fails","-1":"Doesn\u0027t seem to work"," 0":"No score","+1":"Works for me","+2":"Verified"},"description":"","value":-1,"default_value":0,"optional":true},"Code-Review":{"disliked":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"all":[{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"value":-1,"date":"2020-02-19 15:26:52.000000000","permitted_voting_range":{"min":-1,"max":1},"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"}],"values":{"-2":"Do not merge","-1":"This patch needs further work before it can be merged"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me (core reviewer)"},"description":"","value":-1,"default_value":0,"optional":true},"Workflow":{"all":[{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"}],"values":{"-1":"Work in progress"," 0":"Ready for reviews","+1":"Approved"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2020-02-11 16:07:59.000000000","updated_by":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"reviewer":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"state":"REVIEWER"},{"updated":"2020-02-19 15:26:52.000000000","updated_by":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"reviewer":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"state":"REVIEWER"},{"updated":"2020-02-19 17:14:35.000000000","updated_by":{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},"reviewer":{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},"state":"REVIEWER"},{"updated":"2020-02-19 17:42:15.000000000","updated_by":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"reviewer":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"state":"REVIEWER"}],"messages":[{"id":"217e5def7d6528fba15e2bad2d91d2168c1006c0","author":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"date":"2020-02-10 10:52:29.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"9279f277bd0db20739b126f50cd245c0c11dea92","author":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"date":"2020-02-10 10:55:22.000000000","message":"Uploaded patch set 2: Commit message was updated.","accounts_in_message":[],"_revision_number":2},{"id":"4259c35d2c6d92885eec117a576f49afd1e42b2a","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-02-10 12:24:34.000000000","message":"Patch Set 2: Verified+1\n\nBuild succeeded (check pipeline).\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/757416dcabf249798dadc187980b9004 : SUCCESS in 20m 11s\n- openstack-tox-lower-constraints https://zuul.opendev.org/t/openstack/build/d55ce5836d784936886a34722669ebfc : SUCCESS in 16m 10s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/e19f65e930154047a6204d1404c29ec2 : SUCCESS in 5m 52s\n- openstack-tox-py36 https://zuul.opendev.org/t/openstack/build/1f171ae3e1cc4687a983c4ccebd1df10 : SUCCESS in 12m 48s\n- openstack-tox-py37 https://zuul.opendev.org/t/openstack/build/7a9ef48bc6f24fb5b6911d0f8c4fdeea : SUCCESS in 14m 10s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/8b3ba2adcb9e4b3cac79df74ca2e09af : SUCCESS in 14m 59s (non-voting)\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/5bd6b14107e545e49c72f3888a2d339d : SUCCESS in 15m 47s\n- grenade-py3 https://zuul.opendev.org/t/openstack/build/0335b2fd88284196b9ce4156420a5e77 : SUCCESS in 55m 16s\n- tempest-full-py3 https://zuul.opendev.org/t/openstack/build/5dfb16463923451597c6fa870f979b8d : SUCCESS in 1h 17m 26s\n- keystone-dsvm-py3-functional https://zuul.opendev.org/t/openstack/build/394b0643649647f5b36bdd16c2cafb9f : SUCCESS in 29m 26s\n- keystone-dsvm-py3-functional-federation-opensuse15 https://zuul.opendev.org/t/openstack/build/fccf9eed7d254043a282c02454b53507 : SUCCESS in 40m 00s (non-voting)\n- keystone-dsvm-py3-functional-federation-opensuse15-k2k https://zuul.opendev.org/t/openstack/build/45a767cd9f7745378f40b7b9ab854f69 : SUCCESS in 35m 47s\n- keystoneclient-devstack-functional https://zuul.opendev.org/t/openstack/build/d5840b0b5a6848c9a952e20c8c7124d2 : SUCCESS in 19m 29s (non-voting)\n- keystone-dsvm-ldap-domain-specific-driver https://zuul.opendev.org/t/openstack/build/018b7141bf644d01a935e385d3fdadac : SUCCESS in 38m 43s (non-voting)\n- tempest-ipv6-only https://zuul.opendev.org/t/openstack/build/ceef6610fe7945dc8aa42536f5e850bd : SUCCESS in 1h 22m 49s\n- keystone-tox-protection https://zuul.opendev.org/t/openstack/build/467555909db446da915cf820b567bebb : SUCCESS in 43m 55s","accounts_in_message":[],"_revision_number":2},{"id":"6a3f4e06551b1a49396ecbca86b319520373e06c","author":{"_account_id":8482,"name":"Colleen Murphy","email":"colleen@gazlene.net","username":"krinkle"},"date":"2020-02-11 16:07:59.000000000","message":"Patch Set 2: Code-Review-1\n\nCan you add a unit test and release note?","accounts_in_message":[],"_revision_number":2},{"id":"b66b53d1842ac065cc6a7ce3e8c820c6c40e3592","author":{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},"date":"2020-02-12 10:03:11.000000000","message":"Patch Set 2:\n\n\u003e Can you add a unit test and release note?\n\nRegarding release note - sure.\n\nRegarding unit tests - it may be beyond my capabilities but I\u0027ll try and do my best. Should be tested if type of dn after convert_ldap_result() is unicode type or shoud test try to hit exception I\u0027ve mentioned in bug report?","accounts_in_message":[],"_revision_number":2},{"id":"237d9a39cfa13055fb86c758b52a585a022bb4df","author":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"date":"2020-02-12 17:08:10.000000000","message":"Patch Set 2: Code-Review-1\n\nThis doesn\u0027t look right to me.\n\nDNs, RDNs, attribute names, and queries  are represented as unicode text (str on Python 3, unicode on Python 2) in python-ldap. Therefore a DN shouldn\u0027t require encoding/decoding to/from UTF-8 when interacting with python-ldap.\n\nIs it possible that the bug (#1862606) was hit because of a mixture of old keystone + new keystone was used? ie. old keystone used bytes_mode\u003dTrue (DN was treated as UTF-8) and new keystone uses bytes_mode\u003dFalse (DN is treated as unicode). For more details see: http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode\n\n\"old keystone\" meaning prior to https://review.opendev.org/#/c/611190 (also cherry-picked to stable/rocky) which set bytes_mode\u003dfalse for py2.","accounts_in_message":[],"_revision_number":2},{"id":"c052006a9155031139f9b26e5a8fa9fd1d02c50d","author":{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},"date":"2020-02-13 15:03:10.000000000","message":"Patch Set 2:\n\n\u003e This doesn\u0027t look right to me.\n \u003e \n \u003e DNs, RDNs, attribute names, and queries  are represented as unicode\n \u003e text (str on Python 3, unicode on Python 2) in python-ldap.\n \u003e Therefore a DN shouldn\u0027t require encoding/decoding to/from UTF-8\n \u003e when interacting with python-ldap.\n\nWell... What type it have on python 3 but on python 2 it is \u0027str\u0027 before decoding. I\u0027ve added following debug message on my test side just before line I\u0027ve changed\n\nLOG.debug(\u0027Appending result with DN %s (type of dn is %s)\u0027, utf8_decode(dn), type(dn))\n\nIt logged: \n\nAppending result with DN cn\u003dRafał Ramocki,ou\u003dEmployee,ou\u003dUsers,dc\u003deo,dc\u003dpl (type of dn is \u003ctype \u0027str\u0027\u003e) convert_ldap_result /usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py:180\n\nWhen I\u0027ve tried to log it without decoding it thorwn exception regrding character byte range. \n\n \u003e Is it possible that the bug (#1862606) was hit because of a mixture\n \u003e of old keystone + new keystone was used?\n\nI don\u0027t think so. Whole installation is from CentOS packages.\n\n \u003e ie. old keystone used\n \u003e bytes_mode\u003dTrue (DN was treated as UTF-8) and new keystone uses\n \u003e bytes_mode\u003dFalse (DN is treated as unicode). For more details see:\n \u003e http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode\n \u003e \n \u003e \"old keystone\" meaning prior to https://review.opendev.org/#/c/611190\n \u003e (also cherry-picked to stable/rocky) which set bytes_mode\u003dfalse for\n \u003e py2.\n\nI\u0027ve installed totaly fresh test node. I\u0027ve got following packages regarding keystone:\n\npython-keystone-14.1.0-1.el7.noarch\npython2-keystoneauth1-3.10.0-1.el7.noarch\npython2-keystonemiddleware-5.2.1-1.el7.noarch\nopenstack-keystone-14.1.0-1.el7.noarch\npython2-keystoneclient-3.17.0-1.el7.noarch\n\nAnd fllowing pckages regarding ldap\n\npython2-ldap-3.1.0-1.el7.x86_64\npython2-ldappool-2.3.1-1.el7.noarch\n\nNo librares were installed from external sources souch as PIP.\n\nPS: Please note that in convert_ldap_results() all attributes are decoded in for loop by ldap2py() but dn is not.","accounts_in_message":[],"_revision_number":2},{"id":"96188c1f1dc5b64ece8620b43cfe8e6563a6a0fb","author":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"date":"2020-02-13 16:35:42.000000000","message":"Patch Set 2:\n\n\u003e \u003e This doesn\u0027t look right to me.\n \u003e \u003e\n \u003e \u003e DNs, RDNs, attribute names, and queries  are represented as\n \u003e unicode\n \u003e \u003e text (str on Python 3, unicode on Python 2) in python-ldap.\n \u003e \u003e Therefore a DN shouldn\u0027t require encoding/decoding to/from UTF-8\n \u003e \u003e when interacting with python-ldap.\n \u003e \n \u003e Well... What type it have on python 3 but on python 2 it is \u0027str\u0027\n \u003e before decoding. I\u0027ve added following debug message on my test side\n \u003e just before line I\u0027ve changed\n \u003e \n \u003e LOG.debug(\u0027Appending result with DN %s (type of dn is %s)\u0027,\n \u003e utf8_decode(dn), type(dn))\n \u003e \n \u003e It logged:\n \u003e \n \u003e Appending result with DN cn\u003dRafał Ramocki,ou\u003dEmployee,ou\u003dUsers,dc\u003deo,dc\u003dpl\n \u003e (type of dn is \u003ctype \u0027str\u0027\u003e) convert_ldap_result /usr/lib/python2.7/site-packages/keystone/identity/backends/ldap/common.py:180\n\nCan you double check bytes_mode is being set to false?\nIn PythonLDAPHandler.connect() it should be setting bytes_mode\u003dFalse\nie. self.conn \u003d ldap.initialize(url, bytes_mode\u003dFalse)\nso you should be able to access self.conn.bytes_mode to see what it\u0027s set to.\n\n\u003csnip\u003e\n\n \u003e \n \u003e PS: Please note that in convert_ldap_results() all attributes are\n \u003e decoded in for loop by ldap2py() but dn is not.\n\nThat\u0027s correct according to http://www.python-ldap.org/en/latest/bytes_mode.html#what-s-text-and-what-s-bytes. Attribute values are always treated as bytes and dn\u0027s are always unicode (assume bytes_mode\u003dFalse).","accounts_in_message":[],"_revision_number":2},{"id":"3a2a2f77a1b63deee644116beb7593d8f7902c7f","author":{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},"date":"2020-02-14 15:18:10.000000000","message":"Patch Set 2:\n\n\u003e Can you double check bytes_mode is being set to false?\n \u003e In PythonLDAPHandler.connect() it should be setting\n \u003e bytes_mode\u003dFalse\n \u003e ie. self.conn \u003d ldap.initialize(url, bytes_mode\u003dFalse)\n \u003e so you should be able to access self.conn.bytes_mode to see what\n \u003e it\u0027s set to.\n \n\n\nIn convert_ldap_result I have no direct access to connection details. But it is executed from search_s() from class KeystoneLDAPHandler. I\u0027ve investigated here a bit where I had access to self.conn but it was PooledLDAPHandler not PythonLDAPHandler. I\u0027ve dumped also data structure passed to convert_ldap_result and it was:\n\n[(\u0027cn\u003dRafa\\xc5\\x82 Ramocki,ou\u003dEmployee,ou\u003dUsers,dc\u003deo,dc\u003dpl\u0027, {\u0027mail\u0027: [\u0027_REDACTED_\u0027], \u0027ou\u0027: [\u0027TCC Tarnobrzeg\\xc3\\xb3\u0027], \u0027uid\u0027: [\u0027rafal.ramocki\u0027], \u0027isActive\u0027: [\u0027TRUE\u0027]})]\n\nSo it looked like both DN (key) and atributes (look at ou) are encoded same way. Then I\u0027ve changed use_pool to False (default is True) in both global keystone configuration and per domain configuration. Now I\u0027ve got:\n\n[(u\u0027cn\u003dRafa\\u0142 Ramocki,ou\u003dEmployee,ou\u003dUsers,dc\u003deo,dc\u003dpl\u0027, {u\u0027mail\u0027: [\u0027_REDACTED_\u0027], u\u0027ou\u0027: [\u0027TCC Tarnobrzeg\\xc3\\xb3\u0027], u\u0027uid\u0027: [\u0027rafal.ramocki\u0027], u\u0027isActive\u0027: [\u0027TRUE\u0027]})]\n\nSo in fact there is difference in format of DN and attributes but only for  PythonLDAPHandler and not for PooledLDAPHandler. I\u0027ve tried to figure out how to fix this but problem seems to be much more complicated. Initialization function of PooledLDAPHandler is not setting bytes_mode. I\u0027ve looked into ldappool nad it looks like list of arguments is hardcoded. Futhermore adding to hardcoded list bytes_mode parameter just for testing shows mismatched types in other in ldap library. So I believe that ldap connection pooling is currently broken and I do not see easy way to fix it. Do you have any ideas or other suggestions?","accounts_in_message":[],"_revision_number":2},{"id":"4d31f4adbb3765a42eaf54d9b0d10de07c7cd3d9","author":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"date":"2020-02-17 14:33:38.000000000","message":"Uploaded patch set 3.","accounts_in_message":[],"_revision_number":3},{"id":"5002b03ea78b0727ad99536f12b8b7e9668d2a72","author":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"date":"2020-02-17 14:34:57.000000000","message":"Uploaded patch set 4: Commit message was updated.","accounts_in_message":[],"_revision_number":4},{"id":"4a7e390aebb8ce748682e94ce8463d313e2254f5","author":{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},"date":"2020-02-17 14:38:21.000000000","message":"Patch Set 4:\n\nI\u0027ve just amended patch set. I\u0027m not sure if this solution is acceptable. I\u0027m counting on your opinion to work out something that will be ok. :)","accounts_in_message":[],"_revision_number":4},{"id":"83746b75dcf7ef5d828e00a3e00686fa251464ee","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-02-17 20:32:10.000000000","message":"Patch Set 4: Verified-1\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttp://docs.openstack.org/infra/manual/developers.html#automated-testing\n\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/f5b2e1e3adc84c3a9ebdf0256b14ee45 : FAILURE in 6m 24s\n- openstack-tox-lower-constraints https://zuul.opendev.org/t/openstack/build/ad39fd1c1b4c4cc5950ce6eb0b40c9a1 : FAILURE in 8m 23s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/dbc99d85b3554b11ac85bcc70d307522 : FAILURE in 11m 00s\n- openstack-tox-py36 https://zuul.opendev.org/t/openstack/build/be8809ee59de47dfb5ba945ae2c9a6c7 : FAILURE in 7m 46s\n- openstack-tox-py37 https://zuul.opendev.org/t/openstack/build/902cfca2eb324c14b686a94fe6ae43f8 : FAILURE in 7m 45s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/5042755399164c7187638b70bba5d0f5 : FAILURE in 7m 37s (non-voting)\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/8779e976d60349e7ad19c22947fbb85d : FAILURE in 10m 19s\n- grenade-py3 https://zuul.opendev.org/t/openstack/build/80ba7fa773e04ef2ae84b1a456bdd807 : SUCCESS in 1h 12m 13s\n- tempest-full-py3 https://zuul.opendev.org/t/openstack/build/9b7c5716464f4fd8873d43684e5d433a : FAILURE in 1h 04m 57s\n- keystone-dsvm-py3-functional https://zuul.opendev.org/t/openstack/build/045fbf3d4b4a4c2fabad8e45f4a11620 : SUCCESS in 31m 37s\n- keystone-dsvm-py3-functional-federation-opensuse15 https://zuul.opendev.org/t/openstack/build/fea4c4cce9034fccaf6647de7bc39675 : FAILURE in 44m 37s (non-voting)\n- keystone-dsvm-py3-functional-federation-opensuse15-k2k https://zuul.opendev.org/t/openstack/build/879e3580ac93430d9f404abc04d8699c : SUCCESS in 44m 55s\n- keystoneclient-devstack-functional https://zuul.opendev.org/t/openstack/build/c275370c5b20469e9d8b1d4572cf44a1 : SUCCESS in 20m 05s (non-voting)\n- keystone-dsvm-ldap-domain-specific-driver https://zuul.opendev.org/t/openstack/build/fe3e3a3522384019903955e73dc133b3 : FAILURE in 27m 03s (non-voting)\n- tempest-ipv6-only https://zuul.opendev.org/t/openstack/build/37738f0386e14e1f92f88339a610510c : SUCCESS in 1h 10m 55s\n- keystone-tox-protection https://zuul.opendev.org/t/openstack/build/10b8f18e1d6144c7a5a3e64b30a16000 : FAILURE in 9m 09s","accounts_in_message":[],"_revision_number":4},{"id":"926d4bcc7041f99d1a111cb778e3faec2cb9f8c7","author":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"date":"2020-02-18 13:27:31.000000000","message":"Uploaded patch set 5.","accounts_in_message":[],"_revision_number":5},{"id":"b174b98c794afa2d8a58b5c293ce00f542b2a0f7","author":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"date":"2020-02-18 15:30:04.000000000","message":"Patch Set 5:\n\nI think you are on to something here. I had previously provided this patch for ldappool but I have no idea what I was doing and it doesn\u0027t make sense to me now: https://review.opendev.org/#/c/611401\n\nPerhaps ReconnectLDAPObject in ldappool is where you want to fix this, and my patch above should be reverted?\n\nI\u0027m just a drive-by reviewer so I\u0027m hoping we can get a maintainer who knows the code better than me to review.","accounts_in_message":[],"_revision_number":5},{"id":"5c3f7a8940fa6a907dd3eacb24820d54099c8a02","author":{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},"date":"2020-02-18 16:47:16.000000000","message":"Patch Set 5:\n\n\u003e I think you are on to something here. I had previously provided\n \u003e this patch for ldappool but I have no idea what I was doing and it\n \u003e doesn\u0027t make sense to me now: https://review.opendev.org/#/c/611401\n\nWhen I was preparing my patch my first approach was to set login and password to unicode type during configuration parsing but something (probably in ldappool) changed just password back to non-unicode type and this caused exception. I\u0027ve also treated ldappool as external object.\n\n \u003e Perhaps ReconnectLDAPObject in ldappool is where you want to fix\n \u003e this, and my patch above should be reverted?\n\nMaybe it will be better not to revert it but change it. Maybe \u0027password\u0027 should be just converted to utf in initialization function of BaseLdap class (for PY2).\n\nI\u0027ll test it and if it will work i\u0027ll update patch.","accounts_in_message":[],"_revision_number":5},{"id":"ccbdf78501d8eac75aa7b233ee65de8ddee425de","author":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"date":"2020-02-18 17:25:36.000000000","message":"Patch Set 5:\n\nReconnectLDAPObject takes a bytes_mode and bytes_strictness argument so what I\u0027m thinking is it should be updated similar to: https://opendev.org/openstack/keystone/src/branch/stable/train/keystone/identity/backends/ldap/common.py#L523 [1]\n\nOne other issue here is that master no longer supports py2, and bytes_mode is only applicable to py2. What bytes_mode\u003dfalse does is it makes python-ldap behave the same way it does by default in py3 [2]. So there will likely be changes required for master, but since master of openstack is py3-only, the instantiation of ReconnectLDAPObject would only get bytes_mode\u003dfalse (in a PY2 path) on stable backports similar to how it was done in that review above.\n\n[1] From python-ldap\u0027s Lib/ldap/ldapobject.py\nclass ReconnectLDAPObject(SimpleLDAPObject)\n  ...\n  def __init__(\n    self,uri,\n    trace_level\u003d0,trace_file\u003dNone,trace_stack_limit\u003d5,bytes_mode\u003dNone,\n    bytes_strictness\u003dNone, retry_max\u003d1, retry_delay\u003d60.0\n  ):\n\n[2] http://www.python-ldap.org/en/latest/bytes_mode.html#the-bytes-mode","accounts_in_message":[],"_revision_number":5},{"id":"87286ae8463650b1a679b75e6f261cba9fb1f47a","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-02-18 18:57:41.000000000","message":"Patch Set 5: Verified-1\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttp://docs.openstack.org/infra/manual/developers.html#automated-testing\n\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/23920ad05b3242fc8f1327f37e3480df : SUCCESS in 28m 54s\n- openstack-tox-lower-constraints https://zuul.opendev.org/t/openstack/build/abdc9ccedc494c7aaf825f15df6b9da9 : SUCCESS in 27m 42s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/a869b0aae0ab4d909eb2f394ad581af8 : FAILURE in 9m 36s\n- openstack-tox-py36 https://zuul.opendev.org/t/openstack/build/917299d00f054523ad6e1d1798f1e4cd : SUCCESS in 21m 39s\n- openstack-tox-py37 https://zuul.opendev.org/t/openstack/build/9ea6ddda9ed942ebbc145e6840728e17 : SUCCESS in 20m 50s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/9427a626829a4ccb82cffdc652bb0c52 : SUCCESS in 16m 49s (non-voting)\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/779af689acfc4a82a429665c7f3728e6 : SUCCESS in 15m 33s\n- grenade-py3 https://zuul.opendev.org/t/openstack/build/ec7ff6c46ee243c59cf298410c794d4e : SUCCESS in 1h 03m 09s\n- tempest-full-py3 https://zuul.opendev.org/t/openstack/build/0293f029961f4432bc3e89bbdc666b56 : SUCCESS in 1h 23m 52s\n- keystone-dsvm-py3-functional https://zuul.opendev.org/t/openstack/build/9f0528e5d97a4322ae01c924f7b74921 : SUCCESS in 36m 39s\n- keystone-dsvm-py3-functional-federation-opensuse15 https://zuul.opendev.org/t/openstack/build/e51e7e8aafcf47b38f74c823c8da2909 : FAILURE in 39m 39s (non-voting)\n- keystone-dsvm-py3-functional-federation-opensuse15-k2k https://zuul.opendev.org/t/openstack/build/914e36dc94fd42feb992cb79e489f5bc : SUCCESS in 40m 41s\n- keystoneclient-devstack-functional https://zuul.opendev.org/t/openstack/build/e14aacb61ee141aeb27252b8ca4b5070 : SUCCESS in 17m 57s (non-voting)\n- keystone-dsvm-ldap-domain-specific-driver https://zuul.opendev.org/t/openstack/build/e192fbe92db74bcbbabce3502e0ba12e : SUCCESS in 41m 30s (non-voting)\n- tempest-ipv6-only https://zuul.opendev.org/t/openstack/build/f1ded5a7ecad4cd9982f6cb154ffa391 : SUCCESS in 1h 04m 04s\n- keystone-tox-protection https://zuul.opendev.org/t/openstack/build/697322f53a1648d589d5feb9e422711e : SUCCESS in 45m 19s","accounts_in_message":[],"_revision_number":5},{"id":"17685311aba7c510bcbdc810b30216e11c133591","author":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"date":"2020-02-19 13:51:23.000000000","message":"Uploaded patch set 6.","accounts_in_message":[],"_revision_number":6},{"id":"4c41c773e23df1678fe773f62032ef5612731893","author":{"_account_id":11805,"name":"Corey Bryant","email":"corey.bryant@canonical.com","username":"coreycb"},"date":"2020-02-19 15:26:52.000000000","message":"Patch Set 6: Code-Review-1\n\nI think this should be fixed in the ldappool source, in ldappool/__init__.py. The way you have it now is sort of a work-around that leaves ldappool broken.","accounts_in_message":[],"_revision_number":6},{"id":"3f3c169751ce5afdc477e14668ee026be9d2e101","author":{"_account_id":31585,"name":"Rafal Ramocki","email":"rafal.ramocki@eo.pl"},"date":"2020-02-19 17:14:35.000000000","message":"Patch Set 6:\n\n\u003e I think this should be fixed in the ldappool source, in\n \u003e ldappool/__init__.py. The way you have it now is sort of a\n \u003e work-around that leaves ldappool broken.\n\nyeah, I think so too.  I\u0027ve just worked out patch for ldappool. You may review it if you wish. https://review.opendev.org/708699","accounts_in_message":[],"_revision_number":6},{"id":"a337935047acc28c2db30d96a6fe7129b8c7ee31","tag":"autogenerated:zuul:check","author":{"_account_id":22348,"name":"Zuul","username":"zuul","tags":["SERVICE_USER"]},"date":"2020-02-19 17:42:15.000000000","message":"Patch Set 6: Verified-1\n\nBuild failed (check pipeline).  For information on how to proceed, see\nhttp://docs.openstack.org/infra/manual/developers.html#automated-testing\n\n\n- openstack-tox-cover https://zuul.opendev.org/t/openstack/build/de786ebcf9534ef38e4ba34f5b951dd2 : SUCCESS in 15m 48s\n- openstack-tox-lower-constraints https://zuul.opendev.org/t/openstack/build/1ef0ce1305a34ca58fcfd25481cca35f : SUCCESS in 27m 22s\n- openstack-tox-pep8 https://zuul.opendev.org/t/openstack/build/fe3b56a49b1a4d41a27e5e7e6e8edcc3 : FAILURE in 7m 22s\n- openstack-tox-py36 https://zuul.opendev.org/t/openstack/build/b045630c185748d7985d788e5d4cb3ca : SUCCESS in 16m 48s\n- openstack-tox-py37 https://zuul.opendev.org/t/openstack/build/d0d3184fc9174f2a8360681fcf41a347 : SUCCESS in 19m 07s\n- openstack-tox-py38 https://zuul.opendev.org/t/openstack/build/89aa04e9a2cf43419a2934cd1f3b3992 : SUCCESS in 15m 49s (non-voting)\n- openstack-tox-docs https://zuul.opendev.org/t/openstack/build/10fee686e1aa4e708bf39180475da36a : SUCCESS in 16m 56s\n- grenade-py3 https://zuul.opendev.org/t/openstack/build/0d7c718430a2421187b659538dba134f : SUCCESS in 1h 12m 18s\n- tempest-full-py3 https://zuul.opendev.org/t/openstack/build/dd8ca1ca2fb044a2bf1bfda5c4cf8b62 : SUCCESS in 1h 17m 36s\n- keystone-dsvm-py3-functional https://zuul.opendev.org/t/openstack/build/c8cccd3ab3ab46799bd042fc982ea932 : SUCCESS in 41m 11s\n- keystone-dsvm-py3-functional-federation-opensuse15 https://zuul.opendev.org/t/openstack/build/1f54441655c547bf849b6cd211e25ee3 : SUCCESS in 37m 18s (non-voting)\n- keystone-dsvm-py3-functional-federation-opensuse15-k2k https://zuul.opendev.org/t/openstack/build/bccf4ed375b54fb7bed9aaa92bc5815c : SUCCESS in 36m 55s\n- keystoneclient-devstack-functional https://zuul.opendev.org/t/openstack/build/b3805412664b4bbbbec3443187324422 : SUCCESS in 19m 49s (non-voting)\n- keystone-dsvm-ldap-domain-specific-driver https://zuul.opendev.org/t/openstack/build/b9d20f9cba5c46f3a25f96359da35d73 : SUCCESS in 45m 31s (non-voting)\n- tempest-ipv6-only https://zuul.opendev.org/t/openstack/build/289584bb43104c1380e64b9c8cc7e78b : SUCCESS in 1h 04m 16s\n- keystone-tox-protection https://zuul.opendev.org/t/openstack/build/9079fe9e39aa417db6a828bc751641aa : SUCCESS in 42m 49s","accounts_in_message":[],"_revision_number":6},{"id":"cd31df17dafd811751e051d06b340f0ee3b7559c","tag":"autogenerated:gerrit:abandon","author":{"_account_id":21420,"name":"Gage Hugo","email":"gagehugo@gmail.com","username":"ghugo"},"date":"2022-01-21 20:58:53.000000000","message":"Abandoned\n\nAbandoning since there hasn\u0027t been any recent activity, if anyone wants to continue this work, please feel free to restore this or create a new change.","accounts_in_message":[],"_revision_number":6}],"current_revision_number":6,"current_revision":"ffc3b4f844557446749101938b5bf190afc1b540","revisions":{"72ddf7f4cf145fa2d3665c2b6b91ec6d8424c0fb":{"kind":"REWORK","_number":1,"created":"2020-02-10 10:52:29.000000000","uploader":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"ref":"refs/changes/91/706791/1","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/91/706791/1","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/91/706791/1"}}},"commit":{"parents":[{"commit":"37aee24a01f6dcb636b06facd718ef7b628576cb","subject":"Merge \"Updating tox -e all-plugin command\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/37aee24a01f6dcb636b06facd718ef7b628576cb"}]}],"author":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-10 10:39:36.000000000","tz":60},"committer":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-10 10:39:36.000000000","tz":60},"subject":"Fixed support of ldap UTF8 encoded users DN","message":"Fixed support of ldap UTF8 encoded users DN\n\nRecently support of byte encoded attributes was dropped in python-ldap.\nChanges made in bug 1798184 addedd support of utf8. But after that changes\nkeystone during user login throws exception if that user have UTF-8 encoded\ncharacters in DN. Exception is thrown from _ldap_get_all during assembling query\ndue to fact that self.id_attr is ascii string and have bytes outside range(128).\nThis comes due to fact that in convert_ldap_result DN is not properly decoded.\n\nAdds UTF-8 decoding of DN in convert_ldap_result\n\nChange-Id: I390ae3e5e7227a1fbdd9686463246ab81d70ba0c\nCloses-Bug: #1862606\nRelated-Bug: #1798184\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/72ddf7f4cf145fa2d3665c2b6b91ec6d8424c0fb"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/72ddf7f4cf145fa2d3665c2b6b91ec6d8424c0fb"}]},"branch":"refs/heads/master"},"5366a336c03b0512be349ff28f04fd58e2d8444d":{"kind":"NO_CODE_CHANGE","_number":2,"created":"2020-02-10 10:55:22.000000000","uploader":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"ref":"refs/changes/91/706791/2","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/91/706791/2","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/91/706791/2"}}},"commit":{"parents":[{"commit":"37aee24a01f6dcb636b06facd718ef7b628576cb","subject":"Merge \"Updating tox -e all-plugin command\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/37aee24a01f6dcb636b06facd718ef7b628576cb"}]}],"author":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-10 10:39:36.000000000","tz":60},"committer":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-10 10:54:45.000000000","tz":60},"subject":"Fixed support of ldap UTF8 encoded users DN","message":"Fixed support of ldap UTF8 encoded users DN\n\nRecently support of byte encoded attributes was dropped in\npython-ldap. Changes made in bug 1798184 added support of utf8. But\nafter that changes keystone during user login throws exception if\nthat user have UTF-8 encoded characters in DN. Exception is thrown\nfrom _ldap_get_all during assembling query due to fact that\nself.id_attr is ascii string and have bytes outside range(128). This\ncomes due to fact that in convert_ldap_result DN is not properly\ndecoded.\n\nAdds UTF-8 decoding of DN in convert_ldap_result\n\nChange-Id: I390ae3e5e7227a1fbdd9686463246ab81d70ba0c\nCloses-Bug: #1862606\nRelated-Bug: #1798184\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/5366a336c03b0512be349ff28f04fd58e2d8444d"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/5366a336c03b0512be349ff28f04fd58e2d8444d"}]},"branch":"refs/heads/master"},"2d1f819aaf142daa4f91a37b30a7ae2c4685d560":{"kind":"REWORK","_number":3,"created":"2020-02-17 14:33:38.000000000","uploader":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"ref":"refs/changes/91/706791/3","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/91/706791/3","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/3 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/3 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/3 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/91/706791/3"}}},"commit":{"parents":[{"commit":"37aee24a01f6dcb636b06facd718ef7b628576cb","subject":"Merge \"Updating tox -e all-plugin command\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/37aee24a01f6dcb636b06facd718ef7b628576cb"}]}],"author":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-10 10:39:36.000000000","tz":60},"committer":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-17 14:29:56.000000000","tz":60},"subject":"Fixed support of UTF-8 encoded DN when using LDAP connection pool.","message":"Fixed support of UTF-8 encoded DN when using LDAP connection pool.\n\nRecently support of byte encoded attributes was dropped in\npython-ldap. Changes made in bug 1798184 added support of utf8. But\nafter that changes keystone during user login throws exception if\nthat user have UTF-8 encoded characters in DN and LDAP connection\npool is used. Exception is thrown from _ldap_get_all during\nassembling query due to fact that self.id_attr is ascii string and\nhave bytes outside range(128). This comes due to fact that in\nconvert_ldap_result DN is not properly decoded.\n\nAdds UTF-8 bytes_mode\u003dFalse support to PooledLDAPHandler.\n\nChange-Id: I390ae3e5e7227a1fbdd9686463246ab81d70ba0c\nCloses-Bug: #1862606\nRelated-Bug: #1798184\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/2d1f819aaf142daa4f91a37b30a7ae2c4685d560"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/2d1f819aaf142daa4f91a37b30a7ae2c4685d560"}]},"branch":"refs/heads/master"},"56c1797ecb58547db0e10845266b14901f96ff0f":{"kind":"NO_CODE_CHANGE","_number":4,"created":"2020-02-17 14:34:57.000000000","uploader":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"ref":"refs/changes/91/706791/4","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/91/706791/4","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/4 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/4 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/4 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/91/706791/4"}}},"commit":{"parents":[{"commit":"37aee24a01f6dcb636b06facd718ef7b628576cb","subject":"Merge \"Updating tox -e all-plugin command\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/37aee24a01f6dcb636b06facd718ef7b628576cb"}]}],"author":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-10 10:39:36.000000000","tz":60},"committer":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-17 14:34:06.000000000","tz":60},"subject":"Fixed support of UTF-8 DN when using LDAP connection pool.","message":"Fixed support of UTF-8 DN when using LDAP connection pool.\n\nRecently support of byte encoded attributes was dropped in\npython-ldap. Changes made in bug 1798184 added support of utf8. But\nafter that changes keystone during user login throws exception if\nthat user have UTF-8 encoded characters in DN and LDAP connection\npool is used. Exception is thrown from _ldap_get_all during\nassembling query due to fact that self.id_attr is ascii string and\nhave bytes outside range(128). This comes due to fact that in\nconvert_ldap_result DN is not properly decoded.\n\nAdds UTF-8 bytes_mode\u003dFalse support to PooledLDAPHandler.\n\nChange-Id: I390ae3e5e7227a1fbdd9686463246ab81d70ba0c\nCloses-Bug: #1862606\nRelated-Bug: #1798184\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/56c1797ecb58547db0e10845266b14901f96ff0f"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/56c1797ecb58547db0e10845266b14901f96ff0f"}]},"branch":"refs/heads/master"},"d983c9188518b1d2f8e89906bf2e3da11ca6aff9":{"kind":"REWORK","_number":5,"created":"2020-02-18 13:27:31.000000000","uploader":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"ref":"refs/changes/91/706791/5","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/91/706791/5","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/5 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/5 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/5 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/91/706791/5"}}},"commit":{"parents":[{"commit":"37aee24a01f6dcb636b06facd718ef7b628576cb","subject":"Merge \"Updating tox -e all-plugin command\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/37aee24a01f6dcb636b06facd718ef7b628576cb"}]}],"author":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-10 10:39:36.000000000","tz":60},"committer":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-18 09:38:31.000000000","tz":60},"subject":"Fixed support of UTF-8 DN when using LDAP connection pool.","message":"Fixed support of UTF-8 DN when using LDAP connection pool.\n\nRecently support of byte encoded attributes was dropped in\npython-ldap. Changes made in bug 1798184 added support of utf8. But\nafter that changes keystone during user login throws exception if\nthat user have UTF-8 encoded characters in DN and LDAP connection\npool is used. Exception is thrown from _ldap_get_all during\nassembling query due to fact that self.id_attr is ascii string and\nhave bytes outside range(128). This comes due to fact that in\nconvert_ldap_result DN is not properly decoded.\n\nAdds UTF-8 bytes_mode\u003dFalse support to PooledLDAPHandler.\n\nChange-Id: I390ae3e5e7227a1fbdd9686463246ab81d70ba0c\nCloses-Bug: #1862606\nRelated-Bug: #1798184\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/d983c9188518b1d2f8e89906bf2e3da11ca6aff9"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/d983c9188518b1d2f8e89906bf2e3da11ca6aff9"}]},"branch":"refs/heads/master"},"ffc3b4f844557446749101938b5bf190afc1b540":{"kind":"REWORK","_number":6,"created":"2020-02-19 13:51:23.000000000","uploader":{"_account_id":29058,"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","username":"maniac"},"ref":"refs/changes/91/706791/6","fetch":{"anonymous http":{"url":"https://review.opendev.org/openstack/keystone","ref":"refs/changes/91/706791/6","commands":{"Checkout":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/6 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/6 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://review.opendev.org/openstack/keystone refs/changes/91/706791/6 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://review.opendev.org/openstack/keystone refs/changes/91/706791/6"}}},"commit":{"parents":[{"commit":"37aee24a01f6dcb636b06facd718ef7b628576cb","subject":"Merge \"Updating tox -e all-plugin command\"","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/37aee24a01f6dcb636b06facd718ef7b628576cb"}]}],"author":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-10 10:39:36.000000000","tz":60},"committer":{"name":"Rafal Ramocki","email":"rafal.ramocki@gmail.com","date":"2020-02-19 13:50:49.000000000","tz":60},"subject":"Fixed support of UTF-8 DN when using LDAP connection pool.","message":"Fixed support of UTF-8 DN when using LDAP connection pool.\n\nRecently support of byte encoded attributes was dropped in\npython-ldap. Changes made in bug 1798184 added support of utf8. But\nafter that changes keystone during user login throws exception if\nthat user have UTF-8 encoded characters in DN and LDAP connection\npool is used. Exception is thrown from _ldap_get_all during\nassembling query due to fact that self.id_attr is ascii string and\nhave bytes outside range(128). This comes due to fact that in\nconvert_ldap_result DN is not properly decoded.\n\nAdds UTF-8 bytes_mode\u003dFalse support to PooledLDAPHandler.\n\nChange-Id: I390ae3e5e7227a1fbdd9686463246ab81d70ba0c\nCloses-Bug: #1862606\nRelated-Bug: #1798184\n","web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/ffc3b4f844557446749101938b5bf190afc1b540"}],"resolve_conflicts_web_links":[{"name":"gitea","tooltip":"Open in GitWeb","url":"https://opendev.org/openstack/keystone/commit/ffc3b4f844557446749101938b5bf190afc1b540"}]},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[],"submit_requirements":[]}