I have found a way to solve it and give access to users that have passwords with spaces at the beginning/end. The issue (not an issue per se, but it affects horizon [stein]) lies in django. Specifically on 'django/forms/fields.py' Horizon uses the fields and those by default remove spaces as stated, what I did is the following: On that file, the class CharField's constructor was removing leading/trailing spaces: Below is the diff between the original and the modified python script (one line modified, strip=False) --- fields.py.orig 2020-01-28 15:16:22.696047918 -0500 +++ fields.py 2020-01-28 15:16:45.520084974 -0500 @@ -220,7 +220,7 @@ class CharField(Field): - def __init__(self, max_length=None, min_length=None, strip=True, empty_value='', *args, **kwargs): + def __init__(self, max_length=None, min_length=None, strip=False, empty_value='', *args, **kwargs): self.max_length = max_length self.min_length = min_length self.strip = strip Now passwords are not altered by the underlying framework. Not sure the effect of not removing trailing/leading spaces from the textfields will have on the Horizon operations, though. Maybe horizon should redefine that django class to avoid this behavior. I'm also open to other solutions from the community. Have a great evening, Thanks. Orestes On 1/28/20, Orestes Leal RodrÃguez <olealrd1981@gmail.com> wrote:
From the dashboard openstack is removing the trailing spaces from our user's passwords. We have a modified sql.py backend, that does an ldap bind to an active directory data store. And that works almost always. I say almost because for some users it doesn't work at all. We figure out (and a co-worker also confirmed this) that openstack is removing trailing (also leading?) spaces from the password entered in the dashboard. Also, inside the dashboard trailing spaces are not accepted even when they are equal byte by byte (including the space, I get an error). So this is going on.
Do anybody knows where is this removal performed? (python script location, line) So I can remove that since I have users (me included, I have the issue since the very beginning of this deployment) that cannot login. And they can use their Active Directrory passwords from other apps without problem.
We are running 'stein' with the latest update for ubuntu 18.04-AMD64.