Keystone LDAP integration is is undefined for LDAP Referral Records

Solution Unverified - Updated -


  • Keystone LDAP integration does not cleanly handle LDAP Referral records. If a referral record is returned by the LDAP server then python encounters a type mismatch when it gets a string (the referral URL) where it is expecting an attribute array. Keystone should either handle referrals correctly or set the protocol option LDAP_OPT_REFERRALS to 0 when performing a BIND operation. In either case, Keystone should verify the type of the return record before attempting to decode it.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content