- Issued:
- 2016-11-14
- Updated:
- 2016-11-14
RHBA-2016:2711 - Bug Fix Advisory
Synopsis
openstack-keystone bug fix advisory
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated OpenStack Identity packages that resolve various issues are now
available for Red Hat OpenStack Platform 8.0 (Liberty) for RHEL 7.
Description
Red Hat OpenStack Platform provides the facilities for building a private
or public infrastructure-as-a-service (IaaS) cloud running on commonly
available physical hardware. This advisory includes packages for:
- OpenStack Identity service
The OpenStack Identity service (keystone) authenticates and authorizes
OpenStack users by keeping track of users and their permitted activities.
The Identity service supports multiple forms of authentication including
user name and password credentials, token-based systems, and AWS-style
logins.
This update addresses the following issue:
- In certain cases, directories use the concept of POSIX groups, where the entities of users in the groups are represented as UIDs, not full DNs such as:
dn: cn=group1, cn=groups,dc=domain,dc=com
....
memberUid: user1
memberUid: user2
....
The LDAP driver was previously hardcoded for full DN entities, for example:
dn: cn=group1, cn=groups,dc=domain,dc=com
....
memberUid: uid=user1,cn=users,dc=domain,dc=com
memberUid: uid=user2,cn=users,dc=domain,dc=com
....
This update adds support for LDAP backends using POSIX groups. (BZ#1375685)
Solution
Before applying this update, ensure all previously released errata relevant
to your system have been applied.
Red Hat OpenStack Platform 8 runs on Red Hat Enterprise Linux 7.2.
The Red Hat OpenStack Platform 8 Release Notes contain the following:
- An explanation of the way in which the provided components interact to
form a working cloud computing environment.
- Technology Previews, Recommended Practices, and Known Issues.
- The channels required for Red Hat OpenStack Platform 8, including which
channels need to be enabled and disabled.
The Release Notes are available at:
https://access.redhat.com/documentation/en/red-hat-openstack-platform/version-8/release-notes/
This update is available through 'yum update' on systems registered through
Red Hat Subscription Manager. For more information about Red Hat
Subscription Manager, see:
https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/index.html
Affected Products
- Red Hat OpenStack 8 x86_64
Fixes
- BZ - 1375685 - Need support for OpenDirectory in LDAP driver in RHOSP 8.0
CVEs
(none)
References
(none)
Red Hat OpenStack 8
| SRPM | |
|---|---|
| openstack-keystone-8.0.1-3.el7ost.src.rpm | SHA-256: b59a9171518c91c831be33931a11b1b54dc740150fbfc122eaca6aa9db5fcf56 |
| x86_64 | |
| openstack-keystone-8.0.1-3.el7ost.noarch.rpm | SHA-256: 8c7bad0165c9fab4c4cacb000e377a7dc0b34e3271b6cc4480d15d461f85baf3 |
| python-keystone-8.0.1-3.el7ost.noarch.rpm | SHA-256: 35590bf7f271d50059b9417f5e841ebc98e29e28446933daafdad965a9301b3d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
