Skip to content

Commit

Permalink
Remove passwords from LDAP queries
Browse files Browse the repository at this point in the history 
Bug 1178032

Change-Id: Idca895b1d4d2e611fe834f49b436864a73f4006c
  • Loading branch information
Adam Young committed Jul 31, 2013
1 parent 5958691 commit cda7d16
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions keystone/identity/backends/ldap.py
View file
Expand Up @@ -77,7 +77,8 @@ def get_user(self, user_id):
return self.assignment_api._set_default_domain(ref)

def list_users(self):
return self.assignment_api._set_default_domain(self.user.get_all())
return (self.assignment_api._set_default_domain
(self.user.get_all_filtered()))

def get_user_by_name(self, user_name, domain_id):
self.assignment_api._validate_default_domain_id(domain_id)
Expand Down Expand Up @@ -181,7 +182,7 @@ def list_users_in_group(self, group_id):
for user_dn in self.group.list_group_users(group_id):
user_id = self.user._dn_to_id(user_dn)
try:
users.append(self.user.get(user_id))
users.append(self.user.get_filtered(user_id))
except exception.UserNotFound:
LOG.debug(_("Group member '%(user_dn)s' not found in"
" '%(group_id)s'. The user should be removed"
Expand Down Expand Up @@ -264,6 +265,9 @@ def get_filtered(self, user_id):
user = self.get(user_id)
return identity.filter_user(user)

def get_all_filtered(self):
return [identity.filter_user(user) for user in self.get_all()]


class GroupApi(common_ldap.BaseLdap):
DEFAULT_OU = 'ou=UserGroups'
Expand Down

0 comments on commit cda7d16

Please sign in to comment.