Taking a cue from def disassemble, I added in an exception handler for this binary_type user_id validation in (keystone.identity.backends.ldap.core). This appears to resolve the LDAP access issues within horizon as far as I'm able to tell. Basically, this is handling any call to the ldap UserApi subclass call for self.user.get(*attribute), to check for byte-encoded values coming from the ldap backend and strip them.
Taking a cue from def disassemble, I added in an exception handler for this binary_type user_id validation in (keystone. identity. backends. ldap.core) . This appears to resolve the LDAP access issues within horizon as far as I'm able to tell. Basically, this is handling any call to the ldap UserApi subclass call for self.user. get(*attribute) , to check for byte-encoded values coming from the ldap backend and strip them.
/usr/lib/ python3/ dist-packages/ keystone/ identity/ backends/ ldap/core. py diff:
*** a/core.py 2019-06-11 20:29:23.148303839 +0000 common_ ldap.EnabledEmu MixI ldap_filter)
obj[ 'options' ] = {} # options always empty
--- b/core.py 2019-06-11 20:27:23.854658160 +0000
*************** class UserApi(
*** 308,313 ****
--- 308,318 ----
def get(self, user_id, ldap_filter=None):
obj = super(UserApi, self).get(user_id, ldap_filter=
+
+ # lp#1832265
+ if six.PY3 and isinstance(obj, six.binary_type):
+ obj = obj.decode('utf-8')
+
return obj
def get_filtered(self, user_id):